Regulatory expectations for COVID-19

Response from FS regulators during the COVID-19 pandemic

Amy S. Matsuo

Amy S. Matsuo

Principal and National Leader, Regulatory Insights, KPMG US

+1 919-244-0266

FS Regulators are looking for financial services companies to demonstrate that they have pandemic preparedness plans in place and that the plans have been activated and are working. These plans must address resilience to market volatility, technology, operations (including products, third parties, and employees), customer/investor protections, and regulatory compliance.

KPMG is prepared to assist clients now and in the near term to respond to challenges from the current pandemic, including contingency planning and technology readiness; employee policies and procedures, including remote working; enterprise risk management; supply chain and third-party provider management; cybersecurity services, including fraud and data privacy; oversight/surveillance controls; financial impact analysis and capital management assistance; and services that support internal audit, tax efficiency, insurance claims, cost optimization, and new product development.

Key points

  • Federal financial services regulators are focused on the efforts of supervised entities to have and execute on business continuity and pandemic plans.
  • Key risks to financial services entities include constraints on staffing, technology, and operations/facilities as well as supervision of remote employees/locations, call center capacity, customer/investor forbearance, cybersecurity/fraud threats, and market volatility.
  • Congress and the Administration are focusing attention on the federal regulatory agencies to minimize adverse impacts to customers/investors through forbearance and disclosure.

Regulatory action

The World Health Organization has officially designated COVID-19 as a pandemic with broad scale health and economic impacts. Regulators are looking for financial services entities to demonstrate that they have pandemic preparedness plans in place and that the plans have been activated and are working. Key points include:

  • Board awareness and approval of the pandemic plan and its execution, including reporting and updates related to operational changes, business continuity, and market volatility.
  • Specific plans for and response, at the enterprise and legal entity level, to:
    • Technology, including increased demand for online banking, customer/investor complaints/inquiries, employee remote access (capacity constraints, available tools, authentication mechanisms, infrastructure limitations, surveillance), and cybersecurity threats
    • Operational capacity, including on- and off-site staffing, supervision/oversight/surveillance, facilities
    • Business continuity, including facilities, remote locations, shared locations, third-party providers, product and service offerings
    • Employee health and safety, including re-entering employees
    • Customer/investor protection and relief, including communication (direct and through social media), forbearance (e.g., interest rate reductions, payment relief)
  • Any need for regulatory relief regarding supervision, including examinations and reporting requirements.

Federal regulatory agencies are taking individual and collective action to provide guidance and regulatory relief to the financial services industry.

  • The Federal Financial Institutions Examination Council (FFIEC – comprised of the FRB, OCC, FDIC, NCUA, and CFPB):
    • Released an updated interagency Statement on Pandemic Planning. The guidance identifies actions financial institutions should take to minimize the potential adverse effects of a pandemic. The guidance states pandemics pose different challenges than more traditional business interruptions, which are typically limited in duration, scope, and/or geography.
    • Released a statement jointly with the Conference of State Bank Supervisors encouraging financial institutions to “work constructively” with borrowers and other customers in areas affected by COVID-19 to help meet the customers’ financial needs. The regulators stated they “will provide appropriate regulatory assistance to affected institutions subject to their supervision.” In addition, in cases in which operational challenges such as staffing constraints persist, they will expedite, as appropriate, any request to provide more convenient availability of services in affected communities and will schedule examinations or inspections to minimize disruption and burden.
  • FINRA:
    • Issued a Regulatory Notice outlining guidance for Pandemic-Related Business Continuity Planning.
    • Issued a Technical Notice to alert members to its efforts to maintain business continuity with respect to its Trade Reporting Facilities and its Alternative Display Facility as well as to remind members of their obligations with regard to OTC trading and reporting in the event the members experience systems issues in their own or their vendor’s systems.
  • The SEC:
    • Issued an order that provides publicly traded companies an additional 45 days to file certain disclosure reports that would have been due between March 1, 2020 and April 30, 2020. The relief is conditional on companies meeting certain requirements, including an explanation of why the relief is needed.
    • Issued a statement on the effects of Coronavirus on Financial Reporting that encouraged firms to work with their audit committee and auditors to disclose potential exposure to the effects of COVID-19, including how they plan for and will respond to unfolding events and disclosure of subsequent events. Disclosure of material risks to business and operations is intended to keep investors and markets informed of material developments.
    • Became the first federal agency to require all employees in DC to telecommute following an employee diagnosis.

Pandemic planning/Business continuity 

The pandemic planning guidance provided by the FFIEC and FINRA anticipates that financial services firms have business continuity plans that specifically address pandemics and provide:

  • Board approval and input from senior management across all functional, business, and products areas (administration, HR, Legal, IT, key product lines)
  • An ongoing program to monitor potential outbreaks, educate employees, and communicate and coordinate with critical service providers and suppliers
  • A documented strategy scaled to the stages of a pandemic outbreak, as identified by the Centers for Disease Control and Prevention (CDC), with flexibility to address ranging possible effects
  • A comprehensive framework of facilities, systems, and procedures to ensure the continuance of critical operations, including minimizing staff contact, providing telecommuting options, establishing visitor procedures, providing customer support (redirecting to electronic banking services, ATMs, call support). The framework should be incorporated in ongoing business impact analysis and the risk assessment process (including projections of employee absenteeism, third party disruptions, trigger events, remote controls)
  • A testing program that assesses the effectiveness of the planning practices, including roles and responsibilities, key assumptions, increased reliance on online banking, telephone banking/investor call center services, remote access and telecommuting, and supervision of remote employees and activities
  • An oversight program to ensure the plan is reviewed regularly and updated based on the monitoring program and direct experience.

Financial services firms should update their Pandemic Plan and other areas of their business continuity plan, as appropriate, for lessons learned following the end of the COVID-19 outbreak.

Congressional and administrative action

  • The House Financial Services Committee’s majority leaders addressed letters to Administration officials, prudential regulators, financial services organizations, and credit reporting agencies expressing concerns about risks related to COVID-19 and the steps they are taking to prevent harm to customers and the financial system. The letters directed to the financial services regulators (FRB, FDIC, OCC, NCUA, CFPB, and SEC) addressed efforts to provide flexibility to affected consumers, disclosure of risk exposures, and consumer/investor protection against fraud and financial exploitation.
  • During a hearing on the CFPB’s Semi-Annual Report to Congress, the Senate Banking Committee questioned the Bureau’s efforts to address the impacts of COVID-19 on customers, the financial services entities that it regulates, and its own employees and operations, including forbearance and preparedness planning. Some Senators questioned the role of the Financial Stability Oversight Council (FSOC) and the need for coordinated action.
  • The Administration met with the heads of multiple large banks to discuss preparedness for economic slowdown in the United States and globally due to COVID-19 and ways to support businesses.