As if the COVID-19 pandemic isn’t enough of a headache for US fund managers working from home, dealing with market volatility spikes and fierce competition, the recent delays at the US Postal Service in processing and delivering mail has added a new layer of concerns to fund operations, especially for older investors who remain accustomed to sending in buy and sell orders the old-fashioned way: a paper form, a check and a stamp. We often forget that not everyone is yet enthralled by the digital revolution!
The SEC’s Office of Compliance and Examinations cited the mail issue and the potential risk to investor assets that could result as one of a number of areas it specifically intends to focus for the duration of inspections conducted while COVID-19 social distancing remains in a compliance and risk alert issued earlier this month. While the alert doesn’t go so far as to suggest the cited issues, including overcharging advisory fees, financial conflicts of interest, and business continuity concerns have all been major problems, the risk alert is a clear warning that the agency will be on the lookout for violations like these during its upcoming inspections.
The SEC issued its initial COVID-19 statement on March 23 with suggestions of how to achieve investor protection and continued operations. The SEC wants to ensure that asset managers’ continuity plans guard against new risks and compliance issues that have emerged and remain guarded against in the months ahead. The five most significant areas of concern raised by the SEC inspectors include:
1. Protection of Investor Assets
The SEC alert focuses on the special processes used in investor identity such as “wet ink” signatures on paper documents and tips on accommodating investors at a time when face-to-face meetings are no longer feasible. The OCIE calls on firms to review their policies around payments to investors and implement additional steps to validate investors’ identities and the veracity of payment instructions. Fraud attempts are proven to spike in uncertain circumstances and in instances where nonstandard processes must be implemented.
2. Supervision of Personnel
With US asset management staff continuing to work remotely, the OCIE recommended firms modify their supervisory and compliance practices now that supervisors don’t have the same level of oversight over employees, paying close attention to recommendations from advisors to investors in market sectors that have experienced extreme volatility. With Regulation Best Interest in mind, it has never been more important for US advisors to consider product suitability to their clients than now.
3. Fees, Expenses and Financial Transactions
The OCIE suggest that market volatility has increased pressure in firms to make up for lost revenue, possibly leading to advisory fee calculation errors and financial conflicts of interest. The report noted that the newly enacted Regulation Best Interest, which requires firms to act in the customer’s interest ahead of the financial interests of the firm, took effect June 30, 2020. Again, there are no explicit examples offered up, and while market valuations and transaction flow have been incredibly resilient through the pandemic, it is yet another sign that the US watchdog will be looking for inappropriate practices throughout this uncertain time.
A particular cited area of concern relates to provisions in the Coronavirus Aid, Relief, and Economic Security (CARES) Act which allows US savers affected by COVID-19 to take withdrawals of up to $100,000 from retirement accounts without paying the usual 10 percent penalty levied on people under 59 years old and allows them three years to pay the tax due. The SEC has concerns that a firm might have a conflict of interest and recommend retirement plan rollovers into IRAs to generate increased revenue for themselves. It is also worried that fraudsters might gain access to people’s personal data and try to withdraw money from their retirement accounts under the cover of CARES Act and with so much uncertainty and extra risk in operational processes, urges extra vigilance at managers, advisors, and broker-dealers.
Interestingly, American investors don’t appear to be using the withdrawal option in large numbers. Vanguard, the largest provider of 401(k) plans in the US, with $1.4 trillion AUM, said at the end of May that only 1.9% of its plan members had done a withdrawal related to COVID-19, and the average amount taken out was only $20,000.
4. Business Continuity
The agency states that compliance policies may need to be revised to include the unique risks of employees working remotely, such as when they take on new oversight and supervisory responsibilities to keep the business operating. Firms may also need to increase security around servers as well as vacated office buildings to protect customer information. This is a new type of emergency, most traditional BCP plans envisaged short-term disruptions and movement to a second location. No one really planned a medium to long term model where most people worked from their kitchen tops and sofas! The mindset has shifted and the SEC plans on checking whether this now normal is as robust as the traditional model.
5. Protection of Sensitive information
Remote work increases potential for lost personal information on web applications and personal cellphones, prompting the SEC to urge firms to increase encryption of data and training employees to fend off cyberattacks. While the United States doesn’t have such stringent personal data protection measures such as the General data Protection Regulation (GDPR) in the EU, it does have state level protections. The SEC prescribes a general duty of care to investors, so it is an area of huge importance and incorporates cybersecurity also as a safeguard of client information, an area the SEC previously addressed in another COVID alert.
More than five months into the pandemic, the SEC — and asset managers themselves — are beginning to look at the business continuity plans they put in place at the beginning of the pandemic — sending workers home to work remotely, using digital signatures instead of paper — no longer as stop-gap temporary measures, but as a new normal that may last months or years. People are starting to ask: can we have these special precautions in place for a much longer time or even forever? It is shaping the way both big fund managers and regulators are starting to think. This is the New Normal.