Episode 81: Preparing for Year-End

On this month's episode of the CCO Buzz, Core Compliance’s Managing Director of Consultation Services, Tina Mitchell, discusses Year-End Prep for Investment Advisers.

 

(GUITAR INTRO)  

CCO Buzz: Hello and welcome back to the CCO Buzz. Can you believe it’s already November? 2020 sure is flying by in a blink. I can’t believe that we’re already talking about Year-End Prep with today’s guest Tina Mitchell. Ms. Mitchell is Core Compliance’s Managing Director of Consultation Services and today she brings along some great starting points for firms to take into consideration when it comes to closing out the year strong in compliance.

Her Risk Management Update titled “Preparing for Year-End – Investment Adviser Compliance Checklist,” will be out in the coming days, and in it, she provides readers with ample compliance tips that will enhance any compliance program aiming or striving for success in 2021.

With that, lets dive in…

Ms. Mitchell, because we’re in the midst of a worldwide pandemic that has changed almost every aspect of the way people live and work, do you think it’s also altered the focus of regulators and changed the way they perform exams?

Tina Mitchell: Most definitely. Due to COVID-19, much of the U.S workforce have been working from home, including financial firms. And this has actually caused the SEC (Securities and Exchange Commission) and state regulators to perform a detailed analysis of the compliance risks that have been and continue to be created due to this activity. In the beginning when this happened, senior management was surprised at how easy [the] transition was for offices to switch to remote working. The problem was that the swiftness with which the switch had to be made, prevented compliance and IT personnel from being proactive in their thinking on what additional procedures and controls were necessary. And this is especially true surrounding cybersecurity, privacy, business continuity, and of course, supervision.

CCO Buzz: That is quite the shift. Has there been other guidance provided to firms regarding these focus areas?

Tina Mitchell: Yes, in August, the SEC issued a Risk Alert on the compliance risks due to COVID-19, and it outlined compliance considerations covering certain areas. They included protection of investor assets, which is an area of continued focus by examiners, supervision of personnel, fees and expenses, security of client transactions, investment fraud, business continuity, and last but not least, protection of sensitive information.

The SEC actually in the Risk Alert reminded firms that they need to remain aware and alert for fraudulent activities, and they provided links to various resources.

Given the fact that many firms continue to work remotely, our November Risk Management Update includes a focus on these higher risk areas.

CCO Buzz: Well that’s extremely fortunate for our readers and our listeners, but where to begin? I know, how about the hot topic of the year… Privacy and Cybersecurity considerations? How would you recommend firms prepare or strengthen these areas of their compliance program?

Tina Mitchell: Well the important focus for these areas should be on protocols and controls surrounding the use of personal devices and ensuring that client information is protected from access by family members – or even worse – hackers. You want to look at the strength of remote access protocols and the security levels of personal computers and home wireless connections. It’s way too easy these days for hackers to obtain access via home wireless connections that [are] not secured by strong passwords that are changed frequently.

And to the extent possible, firms should ensure that their IT provider has performed vulnerability assessments and penetration testing on all home networks and electronic systems that are being used by employees for business purposes.

CCO Buzz: That’s some great insight, Tina. Understanding that 2020 has changed and heavily impacted how we all do business, what are some methods firms can use to assess the overall strength and comprehensiveness of their own compliance programs?

Tina Mitchell: Well it’s always important to perform a risk assessment. This, in addition to a firm’s Annual Review, will help identify vulnerable areas and material risks at any firm. So importantly, you want to map each risk to applicable policies and procedures to ensure appropriate elimination or mitigation steps are being taken. Also review Form ADV and standard investment advisory agreements, because you want to make sure all material risks and conflicts are being disclosed.

With all the changes that happened this year, taking additional time to confirm that applicable policies and procedures address remote working is essential.

CCO Buzz: Now I don’t want you to give away everything from your Risk Management Update, but can you let us know what other areas you discuss in your checklist?

Tina Mitchell: Of course. In the article not only do I cover best practices for assessing the strength of your privacy and cybersecurity programs and how to determine whether your compliance program is adequate, but I also discuss that firms should:

  • review their financial, custody, and billing processes;
  • analyze service provider and solicitor arrangements;
  • provide compliance training to all employees;
  • make sure that your year-end regulatory filings [are] completed; and then
  • determine whether firm documents require any updating.

There are additional areas that I cover in the article, so be sure to review it. In the meantime, if you or your firm needs any additional assistance with an Annual Review, a Risk Assessment or guidance on how to best prepare for 2021, please reach out to us at (619) 278-0020 or by visiting our website at www.corecls.com

CCO Buzz: Thank you so much for joining us, Tina.

Tina Mitchell: Thanks for having me. I wish all listeners a Happy Thanksgiving!

CCO Buzz: Well that’s it for this week’s episode. If you’d like additional information, please check out our website at www.corecls.com. You can also follow us on Facebook, LinkedIn, or Twitter @CoreCls. Thank you, and we hope you tune-in to next week's episode of the CCO Buzz.

(GUITAR OUTRO)