The Securities and Exchange Commission’s OCIE or Office of Compliance Inspections and Examinations issued a Risk Alert that warns investment advisors and broker-dealers of the challenges brought by COVID-19 related risks. The OCIE felt that it was necessary to share their observations and recommendations with the public.
The Risk Alert the SEC released identified the following broad categories of challenges that investment advisors and broker-dealers face:
- Protection of investors’ assets
- Supervision of personnel
- Practices related to fees, expenses, and financial transactions
- Investment fraud
- Business continuity
- Protection of investor and other sensitive information
The Risk Alert’s purpose is to protect the investors from COVID-19 related issues.
Protection of Investor Assets
Firms are encouraged to update their supervisory and compliance policies and procedures to reflect the changes or delays brought by COVID-19 related restrictions. There may be delays in processing mail, checks, and notices. The customers must be given a message regarding the changes mentioned above.
The firms are also encouraged to update their policies on disbursements to investors. They should also pay attention to unusual or unscheduled withdrawals from accounts, especially COVID-19 related distributions from retirement accounts. The OCIE encourages firms to take additional steps to validate the investor’s identity when they make withdrawals or distributions.
Supervising Personnel
Firms need to amend their practices to respond to both the health and economic effects of COVID-19. Shifting to a firm-wide telework setup conducted from diverse remote locations is one adequate response to COVID-19. The OCIE encourages firms to adjust their supervisory and compliance policies to address the following issues:
- Supervisors’ limited level of oversight on supervised persons while teleworking
- Limited on-site due diligence reviews in regards with reviewing third-party managers
- Communications or transactions occurring outside the firms’ systems, including the use of personal devices when teleworking
- Inability to perform the same level of due diligence when conducting background checks when onboarding people
When firms can record mobile messages and monitor phone calls, their supervisors can have a higher oversight level on teleworking setups.
Fees, Expenses, and Financial Transactions
The OCIE states that the coronavirus pandemic “increased the potential for misconduct” thanks to the “increased financial pressures on firms and their personnel to compensate for lost revenue.” The firms are still obliged to inform the investors of the following:
- Financial Conflicts of Interest – making recommendations on the purchase or sale of financial products that lead to higher costs to the investor. Some investors may be pressed to purchase new investments with high up-front fees or mutual fund share classes with higher costs, even when they can recommend lower-cost options.
- Fees and Expenses Charged to Investors – improper valuation leading to over-billing advisory fees, failures in providing breakpoints or aggregate household accounts, and failures to refund terminated accounts’ prepaid fees.
Firms can do the following to address the obligations mentioned above:
- Validate their fee and expense disclosures’ accuracy
- Identify the transactions that result in significant fees and expenses to investors to evaluate if the particular transaction is in the investor’s best interest
- Evaluate the risks associated with possible conflicts of interest that can impair the impartiality of the firms’ recommendations
Investment Fraud
The Office of Compliance Inspections and Examinations encourages firms to have heightened scrutiny when conducting due diligence on investments and determining whether the investments are in the investors’ best interests. The pandemic created “a heightened risk of investment fraud through fraudulent offerings,” making it necessary for firms to be aware of the risks of fraud.
OCIE points out that the SEC suspended trading in several stocks thanks to false and misleading claims of having curative items for COVID-19. Firms that suspect fraud should immediately report it to the Securities and Exchange Commission.
Business Continuity
Firms should ensure that their policies are “reasonably designed to prevent violation of the federal securities laws.” Many firms are now teleworking, and there are far more significant non-compliance risks with the current setup. Text messaging compliance with different regulations is essential to mitigate risk when traders send text messages for official work purposes.
The firms must review their current supervisory and compliance procedures to address the risks present in remote work environments. Firms are encouraged to do the following:
- Secure computer servers and systems
- Maintain the integrity of vacated facilities
- Support the relocation infrastructure and personnel working from remote locations
- Maintain protection of remote location data
Protecting Sensitive Information
Firms primarily use electronic means to communicate with their clients. Among the communication channels include text messaging, videoconferencing, and WhatsApp chats. Such means of communication allow financial institutions to continue functioning regardless of the pandemic, but this creates issues regarding data protection.
The potential loss of confidential information may be caused by the following:
- Remote access to networks and the use of web-based applications that can potentially lead to improper access to the firms’ systems and client accounts
- Increased use of the employees’ personal devices
- Changes in control over records, including confidential documents printed remotely
The OCIE encourages firms to focus on access to systems, protecting investor data, and overall cybersecurity. Accomplishing these include providing additional training to employees regarding cyberattacks, encrypting documents, using password-protected systems, and destroying copies printed in remote areas. Firms must also conduct heightened reviews of their personnel’s access rights to systems, use encryption technologies on all devices used for work, including personal devices, require multi-factor authentication for access, and ensure that remote computer servers are secure.
Thanks to WhatsApp’s popularity, firms must also invest in robust WhatsApp archiving solutions to ensure that employee communications held in the app can be monitored. Using archiving solutions on all personally-owned mobile phones can also reduce risks.
The TeleMessage Mobile Archiver effectively addresses compliance, regulatory, and eDiscovery response requirements and reduces risk across various industries. TeleMessage captures mobile content, including SMS, MMS, Calls, WhatsApp, and WeChat calls and chats from multiple ownership models, including corporate and BYOD mobile phones. Firms will be able to monitor text messages and mobile phone calls using the Mobile Archiver. The records are securely and reliably retained within TeleMessage servers or forwarded to a choice archiving data storage vendor.
With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Contact us to learn more about how our mobile archiving products can help your company or agency record mobile messages for a timely response to eDiscovery requests.
