6 compliance risks for SEC-regulated financial institutions amplified by COVID-19

Marcy Ramirez, Middle Market Underwriting Officer, West region
Mark Reilly, SVP, Professional Lines, Ironshore
Tom Pickhardt, Industry Director, Financial Institutions
6 compliance risks for SEC-regulated financial institutions amplified by COVID-19

Over the past year, the COVID-19 pandemic has caused major disruptions for financial institutions, requiring many to make significant changes to how they operate and interact with clients and consumers. And while these changes were necessary, they also amplified compliance-related risks – many of which are likely to remain even as COVID-19 vaccine rollouts continue and the economy begins to normalize.

Protecting investors’ personally identifiable information (PII) has become more difficult, thanks to reliance on remote network access, videoconferencing, and other communication methods.

To spotlight several areas of concern, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examination recently issued guidance highlighting compliance areas that require special attention from investment and brokerage organizations in today’s circumstances.

Some observations included in the risk alert reflect best practices that financial institutions likely already follow as part of their regular processes and procedures. But the recommendations also serve as a current summary of top-of-mind issues related to COVID-19 that will be directly in the SEC’s focus – and therefore provide a good cue for risk managers. Here are six key issues, how they may create new exposures, and ways financial institutions may need to adjust business operations moving forward.

1. Protecting investor assets

Every SEC-registered firm has a responsibility to ensure the safety of its investors’ assets – guarding against theft, loss, and misappropriation. COVID-19 conditions have complicated this obligation, the commission says, because some firms have had to change their routines. For example, mail delivery delays or less frequent mail collection and processing could affect prompt action with investors’ mailed-in checks. And COVID-19 relief laws that allowed early withdrawals from retirement accounts could make verification of unscheduled disbursements even more important.

Key takeaways:

  • Notify customers that mailed checks or assets may experience processing delays and establish a process so that staff can routinely access deliveries at all office locations.
  • Take additional steps to verify customer identity and authenticity of disbursement instructions – plus recommend investors have a trusted contact person in place (especially for seniors and others who may be targets of fraud).

2. Supervising personnel

Market volatility and the continued shift to remote work have limited on-site due diligence – meaning less direct oversight and interaction with advisers making investment recommendations, initiating trades, and reviewing third-party managers or portfolio-holding companies.

Key takeaways:

  • Review current policies to reflect current challenges – including increased supervision of staff making securities recommendations in market sectors experiencing greater volatility or higher fraud risk.
  • Strengthen communications and update transaction policies occurring outside of company systems due to working remotely and using personal devices.

The risk alert also emphasizes fee and expense issues – another long-time focus of the SEC. The guidance acknowledges, for instance, an increased chance of misconduct arising from market volatility experienced during the pandemic.

Key takeaways:

  • Be aware of financial conflicts of interest, such as recommending retirement plan rollovers or transfers into advised accounts or products sold by the company – or recommending products that come with higher costs for investors but higher compensation to the firm.
  • Recognize the potential for increased risks related to fee calculation mistakes that could result in overbilling or failing to refund fees.

4. Staying alert to investment fraud risk

Any national crisis or global uncertainty can create a heightened risk of investment fraud through bogus offerings, but the current situation reaches an unprecedented scale. Firms should stay abreast of investment fraud alerts and ensure that all personnel are aware of possible threats.

Key takeaways:

  • Conduct appropriate investment due diligence in order to provide advice in the best interest of investors.
  • Report suspected fraud (by firms and investors) by contacting the SEC promptly.

5. Enhancing business continuity measures

While financial firms have maintained business continuity plans, COVID-19 has likely shifted certain elements. From long-term remote work sites to built-in redundancies for key operations, many critical customer services were weakened due to shifting responsibilities or lack of resources.  

Key takeaways:

  • Enhance supervisory policies and compliance procedures to address the unique risks and conflicts of interest present in remote operations. For example, staff may have taken on new or expanded roles to maintain business operations –which can create new risks.
  • Evaluate whether security and support for facilities and remote sites need to be beefed up, such as stepped-up resources for securing servers and systems, or added protection for remote data.

6. Safeguarding sensitive information

Firms must protect investors’ PII, but the widespread use of remote network access, videoconferencing, and other virtual communication methods has made PII protection more difficult. As a result, paying attention to cybersecurity and data protection in the current environment takes on new importance.

Key takeaways:

  • Ensure additional personnel training for addressing remote cybersecurity risks.
  • Use validated encryption technologies, including on personally owned devices, and require multifactor authentication as a part of system access security.

Managing emerging risk in the financial institutions sector

Given the nature of their businesses, financial institutions must continue to assess risks introduced and/or exacerbated by the COVID-19 pandemic, especially as practices like remote work and video conferencing are likely here to stay. Liberty Mutual has custom programs that provide specialized protections tailored to your unique industry exposures. Learn more about our focused expertise for financial institutions here.

This website is general in nature, and is provided as a courtesy to you. Information is accurate to the best of Liberty Mutual’s knowledge, but companies and individuals should not rely on it to prevent and mitigate all risks as an explanation of coverage or benefits under an insurance policy. Consult your professional advisor regarding your particular facts and circumstance. By citing external authorities or linking to other websites, Liberty Mutual is not endorsing them.