Because the impact of the coronavirus pandemic on businesses is unprecedented and changing daily, asset managers are facing new legal and compliance challenges. To help asset managers navigate these uncharted waters, law firm Shearman & Sterling has identified several COVID-19 related compliance and legal issues for firms to consider.
“These volatile and unsettled times have presented, and will continue to present, novel legal and compliance considerations for asset managers,” Shearman & Sterling said in a perspective. “Whatever the source of guidance, measured and thoughtful attention by legal and compliance personnel should be central to an asset management firm’s COVID-19 response.”
The firm said that with many companies having closed their offices to stem the spread of the virus, many asset management firms have adopted new work from home policies.
“How these policies affect individual firms will vary,” said Shearman & Sterling, “but firms with significant client or customer interaction or complicated operational processes (whether trading, operations, or other functions) are more likely to be at risk of disruption.”
The law firm conducted an informal survey of asset management firms affected by the pandemic and found they have formally activated their business continuity policies. It also said that in the few weeks since many companies moved to remote operations, there already have been some “lessons learned.”
For example, the firm said compliance officers are realizing that a dramatic rise in remote operations also means evaluating whether they must adapt normal surveillance and supervision tools to the current environment. They also found that coordination between senior executives and line managers is necessary for all personnel to understand that daily compliance monitoring and supervision needs to continue, despite the significant changes in the workplace.
Additionally, compliance officers are coordinating with information technology (IT) security teams to make sure an asset manager’s cyber-preparedness isn’t compromised by the sharp increase in employees working remotely and the increased demands on network functionality. The firm cited a US Department of Homeland Security alert recommending that companies adopt “a heightened state of cybersecurity” when using a virtual private network (VPN) to connect employees to an organization’s IT network.
The alert said companies are less likely to keep VPNs updated with the latest security updates and patches. It also warned that malicious cyber actors may increase phishing emails targeting remote workers to steal their usernames and passwords.
“Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks,” the alert said. “Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.”
Shearman & Sterling also said asset management firms need to consider when it is appropriate to deviate from an account’s “normal” investment approach in favor of a defensive strategy.
For US registered investment companies, the SEC’s so-called “fund names rule” requires that any fund that suggests a focus on a particular type of investment, industry, or geographic region must invest at least 80% of the value of its assets in the suggested type of investments “under normal circumstances.” However, the pandemic is not a normal circumstance, and the rule allows an asset manager to depart from the 80% requirement to take a “temporary defensive position” to avoid losses in response to adverse market, economic, political, or other conditions.
“Of course, a firm should review the fund’s prospectus to confirm any defensive approach taken matches its disclosures,” Shearman & Sterling said. “Funds should consider recording the basis for invoking their defensive strategy and closely monitor the circumstances moving forward so that they are able to timely revert to their normal investment program once adverse conditions have been mitigated.”
However, the firm added, because the SEC has yet to provide additional guidance on the nature or length of “adverse” conditions, it is necessary for asset managers to carefully analyze client or customer expectations and related disclosures and contract terms.
“It will not always be clear that a defensive approach is warranted, and it may be reasonable (or even required) to stay fully invested in the relevant strategy,” the firm said.