The rapid spread of coronavirus (COVID-19) has already had a broad range of impacts, and the situation appears likely to grow more challenging in the weeks ahead. ACA is monitoring the situation and providing updates about how our clients can prepare for and manage disruptions caused by COVID-19. Regulators are continuing to exercise robust oversight, including through remote exams and automated market surveillance, while at the same time providing thoughtful and targeted relief.
We are here for you.
We are taking steps to preserve our ability to support you in the weeks to come across consulting, outsourcing and technology solutions. Many of our staff are working from home, and we are working with clients through videoconferencing and digital collaboration. The ACA cyber and risk team is helping clients review and enhance business continuity plans (BCP) and assess critical vendors, and the regulatory consulting and performance verification groups are working with clients on desktop procedures and internal controls. If your firm’s compliance staff fall ill, we can provide advice and operational support to help mitigate business disruptions.
There is work left to do.
On March 4 we surveyed clients about BCP preparedness. Across over 300 respondents, almost half of firms had not conducted a pandemic-focused BCP walk-through or reached out to critical vendors. These preparatory steps are important ways to reduce business impacts as COVID-19 infections grow in the coming weeks.
It isn’t too late.
If you haven’t already done so, now is the time to review and test your BCP, provide a refresher to staff, and seek support where needed. A strong compliance program, clear policies and procedures, and robust internal controls can minimize the impact of disruptions. We encourage you to review ACA’s resources for guidance and best practices:
- Checklist: Business Continuity Plan Activation Checklist
- On-Demand Webcast: Coronavirus Preparedness: Re-Visit Your Business Continuity Plans
- Compliance Alert: Guidance on Business Continuity and Disaster Recovery Planning for Coronavirus Disease 2019 (COVID-19)
- More resources on Business Continuity: Business Continuity Resources
We will continue to publish relevant guidance to help our clients prepare for and minimize potential business disruptions, and our staff will be in touch with clients to provide any support needed.
Please take a moment to introduce your primary ACA contact to a colleague in case you fall ill or are otherwise unavailable. Our staff will do the same to ensure that each client has at least two points of contact at ACA.
What You Need to Know
Regulators Remain Active
The SEC has begun conducting examinations remotely, and we expect other regulators to follow suit. We are mirroring that approach to protect our clients and our staff while keeping compliance initiatives on track.
The SEC released a memo on March 4 addressing the potential impact from the coronavirus, “The impacts of the coronavirus may present challenges for certain companies that are required to provide information to trading markets, shareholders, and the SEC.” Firms are to ensure that “their financial reporting, auditing and review processes are as robust as practicable in light of the circumstances in meeting the applicable requirements.”
The SEC announced on March 9 that it has asked the employees in its Washington DC headquarters to work from home due to potential exposure to COVID-19. The SEC said in a statement, “Even with increased telework, the SEC remains able and committed to fully executing its mission on behalf of investors, including monitoring market function and working closely with other regulators and market participants.”
Guidance from the SEC has so far been focused primarily on publicly traded companies and mutual funds, but we expect the same principles will be applied to financial services firms.
On March 9 FINRA issued a regulatory notice that provides pandemic-related guidance and some regulatory relief to member firms. FINRA encouraged member firms to review their business continuity plans, remain vigilant against potentially heightened cybersecurity threats, and consider telework arrangements.
The FCA released a statement on March 4 that said, “We expect firms to take all reasonable steps to meet their regulatory obligations…If firms are able to meet these standards and undertake these activities from backup sites or with staff working from home, we have no objection to this.” The FCA is also working with firms to resolve any issues they may have and said it will keep its “guidance under review as necessary.”
In a notice to members published on March 4, the NFA stated, “In the event that regulatory relief is necessary, NFA and CFTC staff intend to take a practical approach that will give Members appropriate flexibility in implementing contingency plans needed to continue to conduct business.”
We are Here to Help
Please reach out to your regular ACA team member or contact us here if you have any further questions about your business continuity plan, or if your firm needs support to meet its regulatory obligations during this uncertain time.