Despite the COVID-19 global pandemic, regulatory examinations continue as normal.
There’s one caveat though: the scope of examinations have increased.
Regulators are trying to understand how firms manage business and core compliance programs within this environment.
Below are 3 specific ways to test your compliance program and prepare for these regulatory exams:
Office controls for compliance
The SEC is increasing its traditional focus on data protection, cybersecurity, electronic communications, and business continuity. For example, recent SEC inquiries have included questions such as:
- Does your firm’s network require employees to “remote in” on a common platform? If not, does the network employ local firewall validation or other protection?
- Can sensitive information be printed from remote machines? If so, has a means of confidential disposal been established and communicated?
- Has your firm updated its inventory of devices being used to support business activities and client communications?
If your firm is utilizing new technologies, such as video conferencing, make sure these apps with chat features are reviewed and archived as required.
Designate business changes
The SEC can also be expected to ask questions about how, if at all, you changed your investment or business strategy or adjusted your exposure to market volatility.
Also remember to update your Business Continuity Plan (BCP). Document any additional oversight implemented, coverage for key functions and process for authorizations if key employees are ill and unavailable. It is my understanding that the SEC is asking for this additional information.
Disclosures
The SEC has provided recent guidance for advisors. It’s important to review your product documents and Form ADV for risk factors such as a pandemic.
Additionally, confirm you are familiar with applicable SEC priorities. Review recent guidance about valuation; confirm you are in good faith compliance with Reg BI and Form CRS requirements and focus on the 2020 NEP priorities including AML and retirement investments.
Here’s a 7-step compliance checklist to help ensure that you stay on top of the important requirements of these regulatory exams.
7 step compliance checklist
At Warburton Advisers, we use this list to help Chief Compliance Officers complete SEC-required annual reviews and prepare for examination. We have found it effective to address both objectives with one review.
- Know the regulatory developments and risks. Start by reviewing your primary regulator’s website. Look for guidance that you may have missed or ask your compliance advisor(s) for a list of what is most relevant to your company and what they believe are your top 3 risks.
- Review the compliance manual. Confirm the table of contents and section headers include topics on regulatory priorities lists. SEC, FINRA and other regulators announce priorities at least annually. Review the content with the priorities in mind and make sure your procedures align with the policies.
- Look for negative trends. Review any independent or internal audits, trade errors, client complaints, AML/KYC or sanctions issues, data incidents or breaches, whistleblower complaints or investigations. Create a tracker and risk-rank findings to note priority trends.
- Review your website(s) and social media accounts. Review your public brand, so you see what the regulators, prospects and litigants see. Confirm the terms of use, copyright and privacy policy posted online are current and have a recent date evidencing information is current.
- Know your sales and marketing procedures. Meet with your marketing and client and business development teams to understand current and anticipated plans. Then reconcile plans with your product disclosures, privacy policy, compliance program and regulatory filings.
- Understand regulatory relationships. Review the last regulatory exam and/or review inquiries, requests and filings to discern trends and lessons learned and confirm you have remediated any gaps.
- Be strategic. Make your work sustainable and show your peers you are strategic by updating training, compliance policies and procedures, risk assessments, issue tracking and data maps to account for the above items and create a summary report to share with others in your company.
Are you taking the proper steps to remain compliant? Feel free to reach out if you have any questions.