Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comKey Contacts
Back
Prior to re-opening your firm after COVID-19, now is the time for “after-action risk assessments” (“AARAs”)…
Most enterprises and institutions were caught flat-footed by the COVID-19 pandemic despite their Business Continuity or Disaster Recovery Plans (“BCPs” and “DRPs”). Now is the time for “after-action risk assessments” (“AARAs”), prior to re-opening, so that your firm’s step up to the “Next Normal” is not a step off the edge!
There are a variety of strategies and methodologies to implement your AARA, but all of them require prompt action right now. Firm management needs to seize the initiative and become the ‘tip of the spear’ for entering the Next Normal. Immediate action is especially critical for firms in the Financial Services industry—Broker-Dealers, Registered Investment Advisers, Funds and Insurance Companies should expect that their BCPs or DRPs and their Written Supervisory Procedures (“WSPs”) will be evaluated by the SEC, FINRA, or state agencies.
Management should first focus on whether it is currently prepared and equipped to conduct an AARA:
- Does your current BCP/DRP provide for an AARA? If not, why not?
- Do you have the human and technical resources needed to conduct an AARA and develop a remediation plan? Do you need consultants to assist you? Which ones, and how do you assess whether the potential benefits of hiring consultants will justify the costs?
- If your BCP/DRP did not provide for AARAs, can you assemble an AARA team “on the fly”? Who will be on the team? Who will lead it? How quickly can the team get up and running?
- Has your AARA team been instructed to prioritize go-forward measures and steps for prompt implementation?
- Does your BCP/DRP provide the AARA team with guidance on how to identify deficiencies that surfaced, how to develop and implement measures to remediate them, and who will be accountable for doing so?
- What process is in place to authorize and make the procedural, operational, and resource allocation changes recommended through the AARA process in order to prevent the recurrence of identified “failures”?
- Does your AARA process build in time for a second look and re-balancing?
- After completing the process, did you find that conducting the AARA and implementing recommendations materially exceeded BCP/DRP damage estimates? What provisions will you make for these higher-than-anticipated costs going forward?
Management’s focus in leading the AARA should be on determining how well management and the business coped with the “big picture” forces that have impacted your firm in recent weeks—(i) Macro-Economic Conditions, (ii) Regional, State and Local Economic Conditions, (iii) State and Local Health and Safety Requirements, and (iv) the Regulatory Environment—as well as the other factors unique to your firm that are currently impacting its condition and readiness to re-open. Management should now be (i) evaluating how you weathered the storm, (ii) identifying BCP/DRP failures that occurred and assessing whether these failures were timely and reasonably addressed during the crisis, and (iii) using the AARA process to produce a “gap analysis’’ that tracks failures and identifies solutions to prevent these failures from recurring, including policy and procedure and resource allocation changes.
What are the key questions that your AARA team should be asking now to identify and remediate big picture problems?
- Human Resources Issues:
- How were decisions regarding furloughs, reduction in forces, unpaid vacation leave, and salary or bonus cuts made? How were they announced? Were these changes effectively implemented? Is there a timeline for a restoration of cuts? Was there any ‘blowback’ from employees?
- Were remote workspaces secure and effective? Do you have metrics to gauge effectiveness?
- Could the firm or firm staff be subject to legal exposure pursuant to HIPPA or other privacy laws or regulations due to their handling of client personal confidential information or health data during the crisis?
- Has the staff followed up on accounting for and returning equipment no longer needed as a result of the crisis?
- Economic & Financial Issues:
- How was your firm’s budget and financial condition impacted by the crisis?
- Did you have Business Interruption Insurance coverage that applied under the circumstances?
- What was your firm’s plan for taking advantage of the government programs that emerged? Did you successfully apply for and receive Payroll Protection Program (“PPP) funds? What controls were put in place to ensure compliance with PPP guidelines and requirements?
- Labor Issues:
- What measures is the firm required to take to protect the health and safety of employees before they return to work?
- What measures should or must be taken by the firm’s landlord(s) to protect employees in building common areas? Has someone been assigned responsibility for coordinating with the landlord to ensure that appropriate precautions are being implemented?
- What health measures must your firm take before resuming business and then on a going-forward basis?
- What new policies or procedures have been or will be developed for staff returning to work? Do your policies adequately address COVID-19 testing (including steps employees should take if they positive test), wearing masks, social distancing, a preference or requirement for virtual meetings rather than in-person meetings, restrictions on office visits by visitors and clients, travel restrictions?
- Cybersecurity and Remote Working Arrangement Issues:
- Did the firm uncover or receive reports of access (e.g., phishing or malware) or personal privacy breach events? If so, did the firm’s cybersecurity procedures activate and how well did they perform?
- How effective were the measures taken by your firm to monitor your employees’ cybersecurity environments? Did the firm monitor employees’ home-use networks and the third-party vendor systems they accessed in order to ensure the confidentiality of client data and the firm’s proprietary information?
- Were firm business records copied and saved to appropriate locations in accordance with firm policy? To the extent that data retention procedures were not followed, were irregularities identified and addressed to restore or retrieve information?
- How effective were the firm’s remote access measures from a productivity and security standpoint?
- Regulatory Issues for Broker-Dealers, Registered Investment Advisors, Funds and Insurance Companies:
- Were compliance efforts allocated effectively amongst the firm’s remote workforce and was adequate supervision maintained?
- Did transaction surveillance function adequately? Was there any evidence of misuse of nonpublic confidential information? Did the firm identify any suspicious employee or customer activity and were appropriate follow-up measures taken?
- What compliance “gaps” emerged? Were the gaps documented appropriately and in real-time? Have you implemented a documented remediation plan?
- Were the firm’s regular reports and analyses produced, issued and reviewed in accordance with firm policy? Was compliance with firm’s record retention policy maintained?
- Did the firm receive any regulatory requests during this period? How were they assigned, managed, and completed? Were all requests for extensions of time documented and placed in a regulatory matrix so that the timeliness of all regulatory responses could be assured?
- Was compliance with WSPs maintained? Did your WSPs include training and testing requirements, including “tabletop” exercises? Do such exercises need to be updated to include elements and mock exams that ensure preparedness for a global pandemic scenario?
There is an emerging consensus among the experts that COVID-19 is a problem that we may be coping with for months or even years. Now is the time to make sure your firm is ready for that “Next Normal” future.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Paul Lieberman, Stan Barrett, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
- Practices: Corporate Transactions & Business, Corporate Governance and Regulatory Compliance, Corporate Compliance
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Related Posts
See all
Business Journal NJBIZ Names Ronald S. Bienstock and William C. Sullivan, Jr. Leaders in Law
Ronald S. Bienstock and William C. Sullivan, Jr. of Scarinci Hollenbeck Recognized as 2025 Leaders in Law by NJBIZ Little Falls, NJ – March 6, 2025 – One of New Jersey’s leading business journals, NJBIZ, has recognized Ronald S. Bienstock, Partner and Chair of the Intellectual Property Group, and William C. Sullivan, Jr., Partner and […]
Author: Scarinci Hollenbeck, LLC
Scarinci Hollenbeck Named Among 2025 Best Companies to Work For
Scarinci Hollenbeck Named in U.S. News & World Report’s 2025 Best Companies to Work For Law Firms Little Falls, NJ – March 4, 2025 − U.S. News & World Report, the global authority in rankings and consumer advice, has named Scarinci & Hollenbeck, LLC one of the best law firms to work for in its […]
Author: Scarinci Hollenbeck, LLC
Donald M. Pepe and Donald Scarinci Named to 2025 ROI-NJ Influencers: Law List
ROI-NJ Continues to Feature Donald Scarinci and Donald M. Pepe on Annual Influencers in Law List Little Falls, NJ – February 26, 2025 – Partner and Chair of Scarinci & Hollenbeck, LLC’s Commercial Real Estate Department Donald M. Pepe and Founding & Managing Partner Donald Scarinci have once again been named to ROI-NJ’s Influencers: Law […]
Author: Scarinci Hollenbeck, LLC
Scarinci Hollenbeck Attorneys Recognized as 2025 Best Lawyers in America®
U.S. News & World Report Includes Eleven Scarinci Hollenbeck Attorneys in 2025 Edition of Best Lawyers in America© Little Falls NJ – August 15, 2024 – Scarinci Hollenbeck, LLC is pleased to announce that eleven attorneys have been included in the 2025 edition of The Best Lawyers in America®. First published in 1983, Best Lawyers is […]
Author: Scarinci Hollenbeck, LLC
Don Pepe and Donald Scarinci in 2024 NJBIZ Power 50 in Law
Congratulations to Partners Don Pepe and Donald Scarinci for Inclusion in NJBIZ’s 2024 Power 50 in Law List Little Falls, NJ – July 23, 2024 – New Jersey’s leading business journal NJBIZ included Scarinci Hollenbeck, LLC Founding & Managing Partner Donald Scarinci and Partner & Chair of the firm’s Commercial Real Estate department Donald M. […]
Author: Scarinci Hollenbeck, LLC
Scarinci Hollenbeck Transforms Real Estate Practice to Meet Evolving Client Needs
Reinforcing Commitment to Excellence, Scarinci Adds Six in Strategic Real Estate Law Practice Expansion Little Falls, NJ – June 20, 2024 – Scarinci Hollenbeck, LLC has strategically added six attorneys in its commercial real estate group, significantly enhancing the firm’s already renowned practice in an effort to better service our clients’ needs throughout the New […]
Author: Scarinci Hollenbeck, LLC
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Planning for Compliance’s “Next Normal”
Author: Scarinci Hollenbeck, LLC
Prior to re-opening your firm after COVID-19, now is the time for “after-action risk assessments” (“AARAs”)…
Most enterprises and institutions were caught flat-footed by the COVID-19 pandemic despite their Business Continuity or Disaster Recovery Plans (“BCPs” and “DRPs”). Now is the time for “after-action risk assessments” (“AARAs”), prior to re-opening, so that your firm’s step up to the “Next Normal” is not a step off the edge!
There are a variety of strategies and methodologies to implement your AARA, but all of them require prompt action right now. Firm management needs to seize the initiative and become the ‘tip of the spear’ for entering the Next Normal. Immediate action is especially critical for firms in the Financial Services industry—Broker-Dealers, Registered Investment Advisers, Funds and Insurance Companies should expect that their BCPs or DRPs and their Written Supervisory Procedures (“WSPs”) will be evaluated by the SEC, FINRA, or state agencies.
Management should first focus on whether it is currently prepared and equipped to conduct an AARA:
- Does your current BCP/DRP provide for an AARA? If not, why not?
- Do you have the human and technical resources needed to conduct an AARA and develop a remediation plan? Do you need consultants to assist you? Which ones, and how do you assess whether the potential benefits of hiring consultants will justify the costs?
- If your BCP/DRP did not provide for AARAs, can you assemble an AARA team “on the fly”? Who will be on the team? Who will lead it? How quickly can the team get up and running?
- Has your AARA team been instructed to prioritize go-forward measures and steps for prompt implementation?
- Does your BCP/DRP provide the AARA team with guidance on how to identify deficiencies that surfaced, how to develop and implement measures to remediate them, and who will be accountable for doing so?
- What process is in place to authorize and make the procedural, operational, and resource allocation changes recommended through the AARA process in order to prevent the recurrence of identified “failures”?
- Does your AARA process build in time for a second look and re-balancing?
- After completing the process, did you find that conducting the AARA and implementing recommendations materially exceeded BCP/DRP damage estimates? What provisions will you make for these higher-than-anticipated costs going forward?
Management’s focus in leading the AARA should be on determining how well management and the business coped with the “big picture” forces that have impacted your firm in recent weeks—(i) Macro-Economic Conditions, (ii) Regional, State and Local Economic Conditions, (iii) State and Local Health and Safety Requirements, and (iv) the Regulatory Environment—as well as the other factors unique to your firm that are currently impacting its condition and readiness to re-open. Management should now be (i) evaluating how you weathered the storm, (ii) identifying BCP/DRP failures that occurred and assessing whether these failures were timely and reasonably addressed during the crisis, and (iii) using the AARA process to produce a “gap analysis’’ that tracks failures and identifies solutions to prevent these failures from recurring, including policy and procedure and resource allocation changes.
What are the key questions that your AARA team should be asking now to identify and remediate big picture problems?
- Human Resources Issues:
- How were decisions regarding furloughs, reduction in forces, unpaid vacation leave, and salary or bonus cuts made? How were they announced? Were these changes effectively implemented? Is there a timeline for a restoration of cuts? Was there any ‘blowback’ from employees?
- Were remote workspaces secure and effective? Do you have metrics to gauge effectiveness?
- Could the firm or firm staff be subject to legal exposure pursuant to HIPPA or other privacy laws or regulations due to their handling of client personal confidential information or health data during the crisis?
- Has the staff followed up on accounting for and returning equipment no longer needed as a result of the crisis?
- Economic & Financial Issues:
- How was your firm’s budget and financial condition impacted by the crisis?
- Did you have Business Interruption Insurance coverage that applied under the circumstances?
- What was your firm’s plan for taking advantage of the government programs that emerged? Did you successfully apply for and receive Payroll Protection Program (“PPP) funds? What controls were put in place to ensure compliance with PPP guidelines and requirements?
- Labor Issues:
- What measures is the firm required to take to protect the health and safety of employees before they return to work?
- What measures should or must be taken by the firm’s landlord(s) to protect employees in building common areas? Has someone been assigned responsibility for coordinating with the landlord to ensure that appropriate precautions are being implemented?
- What health measures must your firm take before resuming business and then on a going-forward basis?
- What new policies or procedures have been or will be developed for staff returning to work? Do your policies adequately address COVID-19 testing (including steps employees should take if they positive test), wearing masks, social distancing, a preference or requirement for virtual meetings rather than in-person meetings, restrictions on office visits by visitors and clients, travel restrictions?
- Cybersecurity and Remote Working Arrangement Issues:
- Did the firm uncover or receive reports of access (e.g., phishing or malware) or personal privacy breach events? If so, did the firm’s cybersecurity procedures activate and how well did they perform?
- How effective were the measures taken by your firm to monitor your employees’ cybersecurity environments? Did the firm monitor employees’ home-use networks and the third-party vendor systems they accessed in order to ensure the confidentiality of client data and the firm’s proprietary information?
- Were firm business records copied and saved to appropriate locations in accordance with firm policy? To the extent that data retention procedures were not followed, were irregularities identified and addressed to restore or retrieve information?
- How effective were the firm’s remote access measures from a productivity and security standpoint?
- Regulatory Issues for Broker-Dealers, Registered Investment Advisors, Funds and Insurance Companies:
- Were compliance efforts allocated effectively amongst the firm’s remote workforce and was adequate supervision maintained?
- Did transaction surveillance function adequately? Was there any evidence of misuse of nonpublic confidential information? Did the firm identify any suspicious employee or customer activity and were appropriate follow-up measures taken?
- What compliance “gaps” emerged? Were the gaps documented appropriately and in real-time? Have you implemented a documented remediation plan?
- Were the firm’s regular reports and analyses produced, issued and reviewed in accordance with firm policy? Was compliance with firm’s record retention policy maintained?
- Did the firm receive any regulatory requests during this period? How were they assigned, managed, and completed? Were all requests for extensions of time documented and placed in a regulatory matrix so that the timeliness of all regulatory responses could be assured?
- Was compliance with WSPs maintained? Did your WSPs include training and testing requirements, including “tabletop” exercises? Do such exercises need to be updated to include elements and mock exams that ensure preparedness for a global pandemic scenario?
There is an emerging consensus among the experts that COVID-19 is a problem that we may be coping with for months or even years. Now is the time to make sure your firm is ready for that “Next Normal” future.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Paul Lieberman, Stan Barrett, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.