As pandemic triggers continuity plans, what RIAs and BDs should ask themselves

Compliance attorneys for large wealth managers outline which questions are critical in light of the substantial regulatory requirements.
Kate Hanniford and Tim Foley
Kate Hanniford and Tim Foley are compliance attorneys in the Alston & Bird law firm's Washington, D.C. office.
Alston & Bird

Broker-dealers and RIAs are increasingly being challenged as they strive to respond to the coronavirus pandemic while maintaining regulatory compliance. Fortunately for them, guidance from past epidemics may offer ample lessons.

By its very nature, the COVID-19 outbreak triggers SEC and FINRA requirements to carry out and adhere to appropriately designed procedures — specifically, business continuity plans (BCPs) — for dealing with unexpected emergencies, or “significant business disruptions.”

To help guide its members, FINRA has issued many recommendations on its website about how to manage the various risks and impacts of the coronavirus pandemic.

While the SEC has not provided comparable guidance specifically to RIAs on its coronavirus page, the regulator’s August 2013 OCIE risk alert — which was issued following Hurricane Sandy and described its review of RIAs’ BCPs — may be instructive. The SEC interpreted Rule 206(4)-7 of the Advisers Act as including BCPs, based on the advisor’s fiduciary obligations to its clients.

CORONAVIRUS IMPACT: ADDITIONAL COVERAGE
Coronavirus - social distance footprints
Roger Russell
November 3, 2020 9:00 AM

The coronavirus slowdown has hit the IRS and tax professionals,

6 Min Read
Sign in front of IRS building in Washington, D.C.
Michael Cohn
November 2, 2020 5:13 PM

The IRS is making some changes in its collection program to lessen the burden on taxpayers with outstanding tax debts who are trying to cope with the economic fallout of the COVID-19 pandemic.

4 Min Read
Institute of Internal Auditors headquarters in Florida
Michael Cohn
November 2, 2020 4:35 PM

Internal auditors are facing risks during the COVID-19 pandemic in business continuity, crisis management, cybersecurity and other areas, according to a new report.

3 Min Read

Under FINRA Rule 4370, BDs must create, maintain and regularly review a BCP that identifies procedures for operating during an emergency or significant business disruption. Importantly, a broker-dealer’s BCP can, and should, be tailored to the size and needs of the firm, which would include the environment where it operates.

FINRA has historically emphasized the need for BCPs to include pandemic preparedness, notably during the H1N1 epidemic in 2009. If BDs, or RIAs as well, find that their BCPs did not sufficiently address the demands necessitated by the COVID-19 pandemic, then the regulators point out that they should be evaluating their BCP procedures in response to current events.

Advertisement

Equally, or more importantly, firms are managing the impact and risks posed by factors such as remote work, telework and space-sharing arrangements, while ensuring continuity of communications with customers, counterparties and regulators. The 2013 risk alert spelled out the same obligations for RIAs.

In reviewing their current BCP against the COVID-19 outbreak, BDs and RIAs may ask themselves:

  • What are my procedures for monitoring current events to ensure timely activation of BCP procedures?
  • How adaptable are my technological and recordkeeping systems to telework or remote work arrangements?
  • How well can supervisors perform their required daily tasks when not in the same physical space as their reports?
  • Has my firm identified personnel necessary to maintain baseline operations, both remote and at the physical office; which vendors are responsible for critical processes?
  • How do these answers vary based on personnel, department, or location?

Given the reliance on information technology and security to support remote work arrangements, wealth management firms may also consider reviewing their BCPs in tandem with their cybersecurity incident response plans.

Tobias Salinger
April 7, 2020 4:12 PM

Organizations and firms are donating N95 masks, providing resources at no cost and taking steps to protect employees and practices nationwide from the spreading pandemic.

1 Min Read

FINRA’s guidance strongly emphasizes how pandemic-related responses could increase the risk of cyber events. Beyond the clear risks of increased use of remote-office and telework arrangements, elevated levels of anxiety and confusion about the pandemic among firm personnel could boost phishing attacks or other intrusions — some of which could leverage attack vectors such as home wireless networks, personal devices, or cloud storage.

Other attacks may focus on the sense of urgency, emotion and pressure associated with meeting critical business needs during a time of crisis. More training and tailored reminders to employees of the specific risks of remote access can provide positive reinforcement to prior cybersecurity preparedness activities.

Firms could also review their BCPs to make sure that backup personnel for critical roles or relationships have been identified should current personnel become incapacitated or unavailable.

The COVID-19 pandemic and related market turbulence show no signs of abating in the near-term. BDs and RIAs may consider examining their BCPs closely to determine each of their steps in reacting to the significant operational challenges of the pandemic. While the end of this crisis may not be in sight, regulators may look closely at how firms are adapting, and most importantly how well they are protecting their customers.

More Thought Leadership

The Fed has already eased certain capital requirements in response to the coronavirus pandemic. It should avoid making any further adjustments to the surcharge, which is meant to keep global banks from creating systemic risks.

By incentivizing businesses to rehire employees laid off or furloughed due to COVID-19, states will generate a faster economic recovery and provide valuable assistance for companies to get back on their feet.

The explosion in e-commerce since early March has resulted in a significant increase in online sales tax revenues in most states.