Compliance Supervisory - Assessing the Impact of Remote Working
As a result of the outbreak of Coronavirus disease (COVID-19) and unprecedented periods of potential business disruption, FINRA recently released guidance related to Rule 4370 business continuity planning.
The guidance suggests that FINRA-registered broker-dealers should evaluate the current supervisory control framework and determine if it’s “reasonably designed to supervise the activities of each associated person while working from an alternative or remote location during the pandemic.”
The following table outlines selected examples of controls areas within the FINRA Supervisory Framework that should be tested, updated and monitored to support remote working activities:
Supervision: FINRA-registered supervisors that typically sit on a trading desk or within close proximity of associated person should determine if the required level of oversight can be maintained electronically while working from an alternative location. Supervisors may consider increased monitoring of group chats or video conferences conducted by associated persons.
Customers: Verify that supervisory control policies and procedures are able to mitigate risks that may arise due to the inability to communicate with customers.
Internal: Confirm that front, middle, and back-office communication channels are established to effectively escalate compliance issues to the compliance team. Supervisors may consider defining and distributing phone trees to ensure proper coverage and communications.
FINRA: Update contact information. Member firms are encouraged to review their emergency contacts to ensure that FINRA has a reliable means of contacting each member.
Regulatory Filings: Determine if the firm can continue FOCUS filings, Supplemental FOCUS Information, Form Custody filings, etc.
Personal and Private Data: Determine if client and employee PII is secure. Supervisors may consider protecting client data by prohibiting remote printing or storing.
Client Statements: Confirm that the custodian has the required information/is able to provide customer statements.
New Cyber Threats: Identify new vulnerabilities based upon remote working environments and provide training to encourage heightened awareness of possible threats during remote working.
Technology Controls: Verify that (1) virtual private networks (VPN) and other remote access systems are properly patched with available security updates; (2) system entitlements are current; (3) multi-factor authentication is in use for associated persons who access systems remotely; and (4) associated persons are aware of best practices to protect the firm.
Louis Bruno in Regulatory and Compliance Services has over 15 years of experience in assisting hedge funds, broker-dealers, private wealth managers and multinational corporate banks with strategic and regulatory change management initiatives.
“EisnerAmper” is the brand name under which EisnerAmper LLP and Eisner Advisory Group LLC, independently owned entities, provide professional services in an alternative practice structure in accordance with applicable professional standards. EisnerAmper LLP is a licensed CPA firm that provides attest services, and Eisner Advisory Group LLC and its subsidiary entities provide tax and business consulting services.
“EisnerAmper” is the brand name under which EisnerAmper LLP and Eisner Advisory Group LLC provide professional services. EisnerAmper LLP and Eisner Advisory Group LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. EisnerAmper LLP is a licensed independent CPA firm that provides attest services to its clients, and Eisner Advisory Group LLC and its subsidiary entities provide tax and business consulting services to their clients. Eisner Advisory Group LLC and its subsidiary entities are not licensed CPA firms. The entities falling under the EisnerAmper brand are independently owned and are not liable for the services provided by any other entity providing services under the EisnerAmper brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by EisnerAmper LLP and Eisner Advisory Group LLC.