Despite the COVID-19 global pandemic, regulatory examinations continue as normal.
There’s one caveat though: the scope of examinations have increased.
Regulators are trying to understand how firms manage business and core compliance programs within this environment.
Below are 3 specific ways to test your compliance program and prepare for these regulatory exams:
Office controls for compliance
The SEC is increasing its traditional focus on data protection, cybersecurity, electronic communications, and business continuity. For example, recent SEC inquiries have included questions such as:
- Does your firm’s network require employees to “remote in” on a common platform? If not, does the network employ local firewall validation or other protection?
- Can sensitive information be printed from remote machines? If so, has a means of confidential disposal been established and communicated?
- Has your firm updated its inventory of devices being used to support business activities and client communications?
If your firm is utilizing new technologies, such as video conferencing, make sure these apps with chat features are reviewed and archived as required.
Designate business changes
The SEC can also be expected to ask questions about how, if at all, you changed your investment or business strategy or adjusted your exposure to market volatility.
Also remember to update your Business Continuity Plan (BCP). Document any additional oversight implemented, coverage for key functions and process for authorizations if key employees are ill and unavailable. It is my understanding that the SEC is asking for this additional information.
The SEC has provided recent guidance for advisors. It’s important to review your product documents and Form ADV for risk factors such as a pandemic.
Additionally, confirm you are familiar with applicable SEC priorities. Review recent guidance about valuation; confirm you are in good faith compliance with Reg BI and Form CRS requirements and focus on the 2020 NEP priorities including AML and retirement investments.
Here’s a 7-step compliance checklist to help ensure that you stay on top of the important requirements of these regulatory exams.
7 step compliance checklist
At Warburton Advisers, we use this list to help Chief Compliance Officers complete SEC-required annual reviews and prepare for examination. We have found it effective to address both objectives with one review.
- Know the regulatory developments and risks. Start by reviewing your primary regulator’s website. Look for guidance that you may have missed or ask your compliance advisor(s) for a list of what is most relevant to your company and what they believe are your top 3 risks.
- Review the compliance manual. Confirm the table of contents and section headers include topics on regulatory priorities lists. SEC, FINRA and other regulators announce priorities at least annually. Review the content with the priorities in mind and make sure your procedures align with the policies.
- Look for negative trends. Review any independent or internal audits, trade errors, client complaints, AML/KYC or sanctions issues, data incidents or breaches, whistleblower complaints or investigations. Create a tracker and risk-rank findings to note priority trends.
- Understand regulatory relationships. Review the last regulatory exam and/or review inquiries, requests and filings to discern trends and lessons learned and confirm you have remediated any gaps.
- Be strategic. Make your work sustainable and show your peers you are strategic by updating training, compliance policies and procedures, risk assessments, issue tracking and data maps to account for the above items and create a summary report to share with others in your company.
Are you taking the proper steps to remain compliant? Feel free to reach out if you have any questions.
This blog is sponsored by AdvisorEngine Inc. and CRM Software LLC. (“AdvisorEngine”) The information, data and opinions in this commentary are as of the publication date, unless otherwise noted, and subject to change. This material is provided for informational purposes only and should not be considered a recommendation to use AdvisorEngine or deemed to be a specific offer to sell or provide, or a specific invitation to apply for, any financial product, instrument or service that may be mentioned. Information does not constitute a recommendation of any investment strategy, is not intended as investment advice and does not take into account all the circumstances of each investor. Opinions and forecasts discussed are those of the author, do not necessarily reflect the views of AdvisorEngine and are subject to change without notice. AdvisorEngine makes no representations as to the accuracy, completeness and validity of any statements made and will not be liable for any errors, omissions or representations. As a technology company, AdvisorEngine provides access to award-winning tools and will be compensated for providing such access. AdvisorEngine does not provide broker-dealer, custodian, investment advice or related investment services. AdvisorEngine and Junxure are registered trademarks of AdvisorEngine Inc.