02 June 2020
We have settled into work from home life and found a (somewhat) new normal of work during the pandemic. When the dust settles, we expect the SEC to focus on areas such as business continuity and supervision of employees during the pandemic. We also wouldn’t be surprised if the SEC conducts sweep exams of pandemic responses. For compliance professionals there are some important elements of your compliance program to review, document, and possibly change. While you should still be conducting your normally scheduled annual review testing and documentation, we suggest a few areas of focus to ensure you are prepared to demonstrate how your firm responded during the pandemic.
Here are some things to think about and prepare when documenting your firm’s experiences during the pandemic and preparing for a possible exam.
Paycheck Protection Loan (“PPP”)
On April 27, 2020 the SEC issued Frequent Asked Questions (“FAQs”) about pandemic related issues, including one question about the disclosure obligations if in receipt of the PPP loan.
Q. I am a small advisory firm that meets the requirements of the Paycheck Protection Program (PPP) established by the U.S. Small Business Administration in connection with COVID-19. If I receive or have received a PPP loan, what are my regulatory reporting obligations under the Investment Advisers Act of 1940 to my firm’s clients?
A. As a fiduciary under federal law, you must make full and fair disclosure to your clients of all material facts relating to the advisory relationship. If the circumstances leading you to seek a PPP loan or other type of financial assistance constitute material facts relating to your advisory relationship with clients, it is the staff’s view that your firm should provide disclosure of, for example, the nature, amounts and effects of such assistance. If, for instance, you require such assistance to pay the salaries of your employees who are primarily responsible for performing advisory functions for your clients, it is the staff’s view that you would need to disclose this fact. In addition, if your firm is experiencing conditions that are reasonably likely to impair its ability to meet contractual commitments to its clients, you may be required to disclose this financial condition in response to Item 18 (Financial Information) of Part 2A of Form ADV (brochure), or as part of Part 2A, Appendix 1 of Form ADV (wrap fee program brochure). (Posted April 27, 2020)
Before we dissect this FAQ, we want to point out that SEC indicates on the FAQ page that these answers “…represent the view of the staff of the Division.”, and they are not “…a rule, regulation or statement of the Securities and Exchange Commission (SEC).”
Given the fact that the answer includes , “…if the circumstances leading you to seek a PPP Loan or other type of financial assistance constitute material facts relating to your advisory relationship with clients, it is the staff’s view that your firm should provide disclosure of, for example, the nature, amounts and effects of such assistance.”, (emphasis added by SCS) makes the requirement to disclose a “facts and circumstances” test. Some might interpret this to mean disclosure is required if you take the PPP Loan. Others would say only if the loan is material to business continuation. You should take into consideration the facts related to your firm, your clients and materiality to determine whether the disclosure is warranted.
Also, the FAQ doesn’t say the receipt of the PPP must be disclosed in your Firm’s ADV. It says “…if your firm is experiencing conditions that are reasonably likely to impair its ability to meet contractual commitments to its clients, you may be required to disclose this financial condition in response to Item 18 (Financial Information) of Part 2A of Form ADV (brochure), or as part of Part 2A, Appendix 1 of Form ADV (wrap fee program brochure),” (emphasis added by SCS).
If your firm received the PPP to pay for payroll expenses, review the conditions in which you received the loan, your firm’s financial situation and its ability to contractually meet your commitments to your clients to determine whether or not disclosures are warranted. Naturally the most conservative approach would be to disclose in your ADV, but like we mentioned before we believe this to a “facts and circumstances” review and not a hard line in the sand. Regardless of your decision to disclose or not it is of the utmost importance to document your review to demonstrate your professional judgement. Evidence in your review that your firm reviewed the FAQs and made an informed and well thought-through decision based on your unique facts and circumstances. If your firm received a PPP Loan, you should evaluate the facts and circumstances surrounding your decision to apply and obtain the loan.
Option 1: Regardless of why you took the loan (insurance plan or necessity) you could opt to disclose to your clients. The FAQ indicates disclosure in ADV Part 2A, Item 18 is warranted if your firm cannot meet its contractual obligations to the client. If that is not the case, one could argue disclosure in another fashion could be acceptable. The benefit to disclosing is you opt for complete transparency with your clients and you take the conservative approach that the SEC will expect all PPP Loan recipients to disclose the loan. The downside is you could alarm your clients and cause unwanted inquiries into the financial strength of your firm. If you disclose, document in your annual review why you chose to disclose. Pay close attention to the FAQ which suggests the SEC wants the, “nature, amount and effects of such assistance.”
Option 2: If you took the loan and after a thorough analysis decide to not disclose that fact on your ADV, you must document your rationale. Take language from the FAQ and explain how it does not apply to your circumstances. For example, if you did not need the loan to “pay the salaries of your employees who are primarily responsible for performing advisory functions for your clients,” use this fact to substantiate why you are not disclosing the loan. If you are not experiencing “conditions that are reasonably likely to impair its ability to meet contractual commitments to its clients” document this fact to support your decision. Document your rationale and evidence your thought process to support your decision so you are prepared in the event you are examined and the SEC questions your decision.
Ultimately, this is a business decision that your firm should take time to discuss and document with professional judgement. Consider the facts and circumstances pertinent to a client in their evaluation of you, their advisor.
Business Continuity Plan Implementation and Review
Chances are you implemented your Business Continuity Plan (BCP) and employees are working from home. You may have changed some procedures, such as delivering documents electronically instead of hard copy because of the inability to process mail delivery services. While the changes and implementation are still fresh in your mind, take the time to document how your BCP worked.
For documentation, we suggest laying out a simple timeline of how you responded to the pandemic. Some of the areas we suggest you cover, where applicable, are:
- If employees had to work from home, how systems and controls were implemented.
- If your firm had to change policies, either temporarily or permanently, document the rationale.
- If your plan or elements of the plan were not found to be effective, document how your firm responded and corrected.
- Note any new technology or process implemented to assist the firm and its employees.
Use of New Technology
Many firms have taken this time to implement new technology in order to continue collaborating while working in a remote situation. The use of new technology should be reviewed by compliance to determine if additional procedures and/or training are warranted. Some areas of concern are a) whether or not the use of this technology generates records that need to be retained b) whether the technology has the proper safeguards to protect the firm and clients against cyber threats and c) whether use of this technology requires supervision of staff to reduce the risk of compliance violations.
We suggest documenting the review of any new technology taking into consideration the aforementioned areas to determine if additional policies need implementation, new safeguards with the assistance of IT need to be added, and/or employee training conducted. If it’s cost effective for your firm, we recommend archiving technology used for chatting internally and with clients, as is currently expected for e-mails. Adjust your electronic use policies if you are going to limit how the technology can be used and train employees on these requirements. Finally, have employee attest to their understanding.
With a majority of firms having employees working remotely it is important for compliance to adjust how they “supervise” the compliance functions and activities of its employees.
Communication and training are important during this time. Here are our suggestions:
If you have not already, make sure to send email reminders, train employees or schedule 1×1 check-ins to remind employees of best practices like:
- shredding documents with sensitive client information,
- not opening attachments from suspicious email addresses or clicking links from unknown email addresses,
- proper use of technology such as Zoom and Microsoft Teams,
- encrypting sensitive emails,
- updating virus and malware software (if not centralized by your firm), and
- documenting client conversations in your CRM.
Document any training with a list of attendees, copies of materials used or a summary of the training topics to show supervision of employees during the pandemic. Additionally, you can ramp up email and chat reviews.
As firms have been adapting and adjusting operations due to the pandemic, its just as important for compliance to adapt and adjust. The SEC hasn’t slowed down their efforts and will continue its mission of protecting the investor. Please don’t panic or feel the need to do “extra”. We just want to remind you to be diligent and with operations being slightly different adjust your risks and reviews. And most importantly document it all!