After five months of review, the SEC’s Office of Compliance Inspections and Examinations (OCIE) has released a Risk Alert regarding compliance and process protocols during the era of COVID-19. As the pandemic continues, investment management firms have been challenged to maintain the high-quality service and standards their clients and the SEC demand. The OCIE has identified six areas of concern that firms should take time to review: (1) protection of investors’ assets; (2) supervision of personnel; (3) practices relating to fees, expenses, and financial transactions; (4) investment fraud; (5) business continuity; and (6) the protection of investor and other sensitive information.
In this series, you’ll get a detailed breakdown of each of these six areas of concern. This article will focus on the protection of investor and other sensitive information.
With the move to remote working environments due to COVID 19, automated data systems as well as communications platforms have become critical tools for the continued functioning of asset management firms.
As part of the firm’s security measures, regular reviews and testing of technology systems should be incorporated. OpsCheck can support staff coordinate these efforts by tracking who or what is accessing software, files, and third-party vendors. Increased remote access to systems also leads to increased opportunity for unauthorized personnel and even malicious hackers to gain access to sensitive information or, worse, client accounts themselves.
In the current business environment, firms should consider heightening security measures, including frequent review of password integrity policies, the status of authorized persons, and stringent application of permissions tools. OpsCheck can be tailored to allow administrative access for specific individuals at a granular level in order to protect intrusion of private personal data, administration authority, or third-party applications that may cause vulnerabilities.
Firms should also remember that their third-party vendors and application support are also experiencing the challenge of increased remote work for their own staffs. The SEC and government regulations increasingly hold asset managers responsible for compliance-related issues of their third-party goods and services. Since the pandemic is a global phenomenon, firms must keep alert and apprised of issues that may be system critical in far-flung countries as well, both for their own business practice but for potential investment opportunities.
Looking to protect your data? OpsCheck brings the best parts of innovative software to a centralized product focused on security and risk management.
Watch our founder Frank Caccio break down the latest product offering in his demo: