June 5, 2020
Stroock Special Bulletin
By: Richard G. Madris, Howard S. Lavin, Elizabeth E. DiMichele, Trevor T. Adler, Kim Pagotto
“Reopening” for asset managers is a bit of a misnomer, as asset management businesses for the most part never closed, they merely moved primarily to a remote workforce. It may therefore be more accurate to call it a “reentry” or “return” to the office.
As public officials in many states and localities look to reopen the economy, employers should be planning to begin bringing employees and invitees back into their offices. Prudent employers are preparing detailed reentry plans for their office space in conjunction with their landlords’ overall building reentry plan. These plans will not only provide guidance for personnel and invitees, but will also minimize the likelihood of exposure to claims, liability and disputes. It is essential to monitor federal, state and local guidelines, including those from the Centers for Disease Control and Prevention (CDC) and state and local authorities, when implementing reentry plans.
It is also important to keep in mind that there will be an evolution of “reentry” within each building and within each jurisdiction, depending on the size of the workforce in question, the size of the workspace, and the culture that has been established in your company.
Some asset managers may believe it is too early to return to the office, especially in locations hardest hit by the pandemic. This strongly suggests a phased-in reopening, with a percentage of staff gradually returning over a prescribed period. We expect a number of asset managers to continue to work remotely for an extended period of time. Another way to proceed would be to make reporting to work voluntary for all employees able to continue to work from home, including for those who are at-risk.
This bulletin, and our prior bulletins referred to herein, highlight many issues that a business needs to review and plan for as an employer, such as continued teleworking issues, management training, employee benefits and compensation, leave and sick policies, health and wellness reporting, employee morale and Occupational Safety Health Act (OSHA) compliance.
Below are some high-level topics to consider as you begin to work through what a return to the workplace means for your company. These topics include building reentry, employee issues, cybersecurity and operations.
Building Reentry
The health and safety of every person entering the building(s) in which your company has office space – including employees, visitors, delivery vendors, contractors and other workers – is of the utmost importance, and is a shared goal with your landlord. Coordinating your company’s reentry with your landlord – which may include phased-in reentry by employees and staggered operating hours to facilitate social distancing – benefits all occupants of the building. In doing so, parties must balance all the other factors that need to be considered in a commercial space, such as security and access control, building code and Americans with Disabilities Act (ADA) compliance, environmental considerations and operating costs.
If you have not already seen plans prepared by your landlord to address phased-in reentry by employees and staggered operating hours to facilitate social distancing, speak with your landlord about these concerns. Traffic flow patterns should be planned, and any area where employees, tenants and guests may gather or queue should be clearly marked for appropriate physical distancing.
Specific Practices and Procedures
To minimize the risks of transmission, consider implementing procedures to maintain social distancing and safety in your offices, which may include staggered entry/exit schedules, the use of personal protective equipment (PPE) (discussed in further detail below), identifying appropriate physical distances using visible markers, and regular disinfecting of touchpoints.
Common areas in your offices should be assessed for exposure risk and included in the plan to address appropriate social distancing, contact tracing capabilities and cleaning procedures. You should consider modifying the layouts of spaces to ensure appropriate physical distancing of tables, chairs, equipment and other movable items. You should also limit the number of people who can be in a common area at a single time. Where feasible and safe (subject to fire and access codes), you may prop open frequently used doors. Cleaning and sanitizing should be increased in all your common spaces, especially frequent-contact surfaces, on a daily basis. Procedures for mail, package, food and freight deliveries should be created and coordinated with your landlord in accordance with federal, state and local guidelines, including those from the CDC and state and local health authorities.
Updated EEOC Guidance
The Equal Employment Opportunity Commission (EEOC) has provided updates to its ongoing guidance about employer obligations under federal laws prohibiting discrimination during the Coronavirus pandemic, most recently on May 7, 2020. As state and local governments lift stay at home orders and employers begin planning for employees to resume onsite work, the EEOC has provided answers to some of the more pressing questions that employers will face as they seek to balance the desire to reopen with the safety of their workforce and the concerns of individual employees. The EEOC Guidance makes clear that employers must also keep up to date with information from the CDC and other public health agencies as they hone their medical guidance about the nature of COVID-19.
Permitted Actions for Protecting the Workforce
Screening, Temperature Checks and Testing. While the ADA generally prohibits employers from asking disability-related inquiries or conducting medical exams of employees, they may do so when the questions or exams are job related and consistent with business necessity, including when there is a direct threat to the health of others. Although typically a difficult standard to meet, the EEOC has determined that community spread of COVID-19 satisfies the direct threat standard. Accordingly, during this pandemic, an employer is permitted to screen for COVID-19 symptoms, body temperature, and even require employees to undergo tests for COVID-19 when necessary to exclude infected employees from the workplace. As with all medical information, this information is subject to ADA confidentiality requirements. To date, the EEOC has not addressed the use of antibody testing.
Personal Protective Equipment and Infection Control Practices. Employers may require employees to wear PPE, such as a mask and gloves, and observe infection control practices. The EEOC advises, however, that the pandemic does not relieve employers of a duty to provide a reasonable accommodation under the ADA for employees with disabilities or a religious accommodation under Title VII of the Civil Rights Act of 1964.
High-Risk Individuals and Reasonable Accommodations. The EEOC has reminded employers to be mindful that certain employees may need additional or different accommodations due to the pandemic. The CDC has identified certain individuals as being at greater risk from COVID-19 than the general public, including individuals over the age of 65 and pregnant women. In this regard, the EEOC has advised that employers may initiate the interactive process prior to reopening by asking employees with disabilities to request reasonable accommodations that they believe they may need when the workplace reopens in the future.
Significantly, if an employer is concerned about the employee’s health being jeopardized upon returning to the workplace, the ADA does not allow the employer to exclude the employee – or take any other adverse action – solely because the employee has a disability that the CDC identifies as potentially placing him or her at “higher risk for severe illness” if he or she contracts COVID-19. Rather, an employer may only do so after making an individualized assessment based on a reasonable medical judgment about the particular employee’s disability – not the disability in general – using the most current medical knowledge and/or the best available objective evidence.
OSHA Reporting. Effective May 26, 2020, updated OSHA guidance about recording COVID-19 cases became effective. Going forward, COVID-19 is a recordable illness, and thus employers are responsible for recording cases of COVID-19, if (among other things) the case is work-related. Although in many instances it is difficult to determine whether a COVID-19 illness is work-related, especially when an employee has experienced potential exposure both in and out of the workplace, employers must investigate and make a reasonable and good faith determination of work-relatedness.
Cybersecurity Concerns
Whether in the case of a full or partial return-to-work, or continued work-from-home, asset managers must continue to be vigilant about cybersecurity and data privacy. The current work-from-home environment and potential return-to-work scenarios have exacerbated many concerns and highlighted much of regulators’ prior guidance regarding cybersecurity and data privacy. In short, asset managers should be focused on assessing and monitoring risks and updating policies and procedures to account for changed workflows, covering both return-to-work and work-from-home.
To address COVID-19 related operational issues, asset managers implemented new systems and procedures. As such new systems and procedures often have involved new access points to technology infrastructure and the collection of additional sensitive data, asset managers should consider updating cybersecurity, data security and privacy practices and policies to reflect such changes. Revisiting these practices and related policies is of paramount importance to the protection of both client data and managers’ own proprietary information.
For example, prior to the COVID-19 pandemic, the SEC had identified access rights and controls and mobile security as important practices in maintaining cybersecurity and data protection. Whereas third-party vendors and their systems were previously highlighted as key risks, providing potential vulnerabilities for unauthorized access and data loss, widespread remote employees and their use of home systems should also be the focus of risk assessment and mitigation.
Additionally, return-to-work scenarios may include the capture of new data. As noted above, employers may be collecting additional sensitive personal information, such as health risk factors and preexisting illnesses. This information and, more to the point, its security and accessibility in light of relevant privacy laws, should be reflected in data security and privacy policies.
Finally, given the possibility of future work-from-home situations, asset managers should use this time to strengthen their work-from-home capabilities and security. This could include upgrading systems, cloud and other vendor technology, and home office equipment available to employees.
Stroock addressed these issues in its webinar, “Cybersecurity, Data Privacy and Workplace Risks in the New Normal,” on May 13.
Asset Manager Operations
As asset managers return to the office, there will be a lot of pressure on compliance and operational personnel to ensure a smooth transition. These professionals need to continue to focus on privacy and cybersecurity concerns as employees transition from home to office environment.
Any files that were reviewed or worked on outside of the office environment, whether hard-copy or electronically, need to be securely returned. Compliance personnel need to focus individually with all employees to ensure any document considered to be part of books and records of the asset manager are properly restored or updated.
In addition, policies should be established for offices where going forward only a percentage of personnel will be onsite. A combination of in office and remote employees will need to be appropriately managed and supervised to ensure all aspects of the Compliance Manual continue to be followed.
All personnel also need to review their own procedures to determine what needs to be amended due to physical or space limitations or new office arrangements. Anything that affects the Compliance Manual, operational procedures or regulatory filings must be amended going forward.
Asset managers will continue to work with numerous vendors for accounting, trading, operations, compliance and technology, and need to understand in detail the return to work processes that each of those companies are experiencing so they can continue to receive the appropriate servicing to meet their own obligations.
This process of returning to the office and new normal operations need to be evaluated by senior management to ensure asset managers can fulfill their continuing obligation to clients. This includes fully documenting this process, disclosing the material changes to the organization to investors and updating governing documents, advisory contracts and regulatory filings, including Form ADV.
For many years to come, asset managers will be defending every step in this process, from going remote to returning to work to the new normal, and the more documentation on decisions and testing of processes that is done now will make that much easier. Investors need to continue to be aware of the status of the asset manager’s operations. It is important to make material and necessary disclosure to investors and clients and to do so on a fair basis where no individual client is receiving significantly more information than others.
Another important step to consider is how the asset raising and investment process will be amended going forward. Many factors such as appropriate levels of diligence, the ability to travel, access to information, presentation ability to potential investors and the firm’s governance process all have to be evaluated against past procedures, investor and client disclosures and regulatory filings. Many of these activities will be changing in form, and it is important to the asset manager to adjust appropriate supervision to make sure the ability to manage assets is maintained effectively.
Paramount to all of this is documentation and communication. Just as it was so important to connect employees when everyone went remote, it is even more critical as an asset manager returns to its new form of operations. The more diligent that senior management and compliance personnel are during this process, the less chance that unnecessary risk will be introduced into the firm.
An asset manager should also be aware that SIFMA has put out a bulletin of general consideration for return to the office by financial institutions which may be of interest.
Conclusion
Reopening business in the midst of the Coronavirus pandemic raises myriad issues for asset managers, not the least of which involve returning employees to onsite work while protecting the health and safety of their workforce, clients, customers and business associates, and complying with applicable labor and employment laws.
This task is further complicated by the ever-evolving information provided by the CDC and other public health authorities.
Against this background, asset managers should strive to anticipate issues, stay abreast of the most current information, and seek legal counsel when making decisions that impact the workplace and their employees.
______________________________
For More Information
Ian G. DiBernardo
This Stroock publication offers general information and should not be taken or used as legal advice for specific situations, which depend on the evaluation of precise factual circumstances. Please note that Stroock does not undertake to update its publications after their publication date to reflect subsequent developments. This Stroock publication may contain attorney advertising. Prior results do not guarantee a similar outcome.
June 5, 2020
Stroock Special Bulletin
By: Richard G. Madris, Howard S. Lavin, Elizabeth E. DiMichele, Trevor T. Adler, Kim Pagotto
“Reopening” for asset managers is a bit of a misnomer, as asset management businesses for the most part never closed, they merely moved primarily to a remote workforce. It may therefore be more accurate to call it a “reentry” or “return” to the office.
As public officials in many states and localities look to reopen the economy, employers should be planning to begin bringing employees and invitees back into their offices. Prudent employers are preparing detailed reentry plans for their office space in conjunction with their landlords’ overall building reentry plan. These plans will not only provide guidance for personnel and invitees, but will also minimize the likelihood of exposure to claims, liability and disputes. It is essential to monitor federal, state and local guidelines, including those from the Centers for Disease Control and Prevention (CDC) and state and local authorities, when implementing reentry plans.
It is also important to keep in mind that there will be an evolution of “reentry” within each building and within each jurisdiction, depending on the size of the workforce in question, the size of the workspace, and the culture that has been established in your company.
Some asset managers may believe it is too early to return to the office, especially in locations hardest hit by the pandemic. This strongly suggests a phased-in reopening, with a percentage of staff gradually returning over a prescribed period. We expect a number of asset managers to continue to work remotely for an extended period of time. Another way to proceed would be to make reporting to work voluntary for all employees able to continue to work from home, including for those who are at-risk.
This bulletin, and our prior bulletins referred to herein, highlight many issues that a business needs to review and plan for as an employer, such as continued teleworking issues, management training, employee benefits and compensation, leave and sick policies, health and wellness reporting, employee morale and Occupational Safety Health Act (OSHA) compliance.
Below are some high-level topics to consider as you begin to work through what a return to the workplace means for your company. These topics include building reentry, employee issues, cybersecurity and operations.
Building Reentry
The health and safety of every person entering the building(s) in which your company has office space – including employees, visitors, delivery vendors, contractors and other workers – is of the utmost importance, and is a shared goal with your landlord. Coordinating your company’s reentry with your landlord – which may include phased-in reentry by employees and staggered operating hours to facilitate social distancing – benefits all occupants of the building. In doing so, parties must balance all the other factors that need to be considered in a commercial space, such as security and access control, building code and Americans with Disabilities Act (ADA) compliance, environmental considerations and operating costs.
If you have not already seen plans prepared by your landlord to address phased-in reentry by employees and staggered operating hours to facilitate social distancing, speak with your landlord about these concerns. Traffic flow patterns should be planned, and any area where employees, tenants and guests may gather or queue should be clearly marked for appropriate physical distancing.
Specific Practices and Procedures
To minimize the risks of transmission, consider implementing procedures to maintain social distancing and safety in your offices, which may include staggered entry/exit schedules, the use of personal protective equipment (PPE) (discussed in further detail below), identifying appropriate physical distances using visible markers, and regular disinfecting of touchpoints.
Common areas in your offices should be assessed for exposure risk and included in the plan to address appropriate social distancing, contact tracing capabilities and cleaning procedures. You should consider modifying the layouts of spaces to ensure appropriate physical distancing of tables, chairs, equipment and other movable items. You should also limit the number of people who can be in a common area at a single time. Where feasible and safe (subject to fire and access codes), you may prop open frequently used doors. Cleaning and sanitizing should be increased in all your common spaces, especially frequent-contact surfaces, on a daily basis. Procedures for mail, package, food and freight deliveries should be created and coordinated with your landlord in accordance with federal, state and local guidelines, including those from the CDC and state and local health authorities.
Updated EEOC Guidance
The Equal Employment Opportunity Commission (EEOC) has provided updates to its ongoing guidance about employer obligations under federal laws prohibiting discrimination during the Coronavirus pandemic, most recently on May 7, 2020. As state and local governments lift stay at home orders and employers begin planning for employees to resume onsite work, the EEOC has provided answers to some of the more pressing questions that employers will face as they seek to balance the desire to reopen with the safety of their workforce and the concerns of individual employees. The EEOC Guidance makes clear that employers must also keep up to date with information from the CDC and other public health agencies as they hone their medical guidance about the nature of COVID-19.
Permitted Actions for Protecting the Workforce
Screening, Temperature Checks and Testing. While the ADA generally prohibits employers from asking disability-related inquiries or conducting medical exams of employees, they may do so when the questions or exams are job related and consistent with business necessity, including when there is a direct threat to the health of others. Although typically a difficult standard to meet, the EEOC has determined that community spread of COVID-19 satisfies the direct threat standard. Accordingly, during this pandemic, an employer is permitted to screen for COVID-19 symptoms, body temperature, and even require employees to undergo tests for COVID-19 when necessary to exclude infected employees from the workplace. As with all medical information, this information is subject to ADA confidentiality requirements. To date, the EEOC has not addressed the use of antibody testing.
Personal Protective Equipment and Infection Control Practices. Employers may require employees to wear PPE, such as a mask and gloves, and observe infection control practices. The EEOC advises, however, that the pandemic does not relieve employers of a duty to provide a reasonable accommodation under the ADA for employees with disabilities or a religious accommodation under Title VII of the Civil Rights Act of 1964.
High-Risk Individuals and Reasonable Accommodations. The EEOC has reminded employers to be mindful that certain employees may need additional or different accommodations due to the pandemic. The CDC has identified certain individuals as being at greater risk from COVID-19 than the general public, including individuals over the age of 65 and pregnant women. In this regard, the EEOC has advised that employers may initiate the interactive process prior to reopening by asking employees with disabilities to request reasonable accommodations that they believe they may need when the workplace reopens in the future.
Significantly, if an employer is concerned about the employee’s health being jeopardized upon returning to the workplace, the ADA does not allow the employer to exclude the employee – or take any other adverse action – solely because the employee has a disability that the CDC identifies as potentially placing him or her at “higher risk for severe illness” if he or she contracts COVID-19. Rather, an employer may only do so after making an individualized assessment based on a reasonable medical judgment about the particular employee’s disability – not the disability in general – using the most current medical knowledge and/or the best available objective evidence.
OSHA Reporting. Effective May 26, 2020, updated OSHA guidance about recording COVID-19 cases became effective. Going forward, COVID-19 is a recordable illness, and thus employers are responsible for recording cases of COVID-19, if (among other things) the case is work-related. Although in many instances it is difficult to determine whether a COVID-19 illness is work-related, especially when an employee has experienced potential exposure both in and out of the workplace, employers must investigate and make a reasonable and good faith determination of work-relatedness.
Cybersecurity Concerns
Whether in the case of a full or partial return-to-work, or continued work-from-home, asset managers must continue to be vigilant about cybersecurity and data privacy. The current work-from-home environment and potential return-to-work scenarios have exacerbated many concerns and highlighted much of regulators’ prior guidance regarding cybersecurity and data privacy. In short, asset managers should be focused on assessing and monitoring risks and updating policies and procedures to account for changed workflows, covering both return-to-work and work-from-home.
To address COVID-19 related operational issues, asset managers implemented new systems and procedures. As such new systems and procedures often have involved new access points to technology infrastructure and the collection of additional sensitive data, asset managers should consider updating cybersecurity, data security and privacy practices and policies to reflect such changes. Revisiting these practices and related policies is of paramount importance to the protection of both client data and managers’ own proprietary information.
For example, prior to the COVID-19 pandemic, the SEC had identified access rights and controls and mobile security as important practices in maintaining cybersecurity and data protection. Whereas third-party vendors and their systems were previously highlighted as key risks, providing potential vulnerabilities for unauthorized access and data loss, widespread remote employees and their use of home systems should also be the focus of risk assessment and mitigation.
Additionally, return-to-work scenarios may include the capture of new data. As noted above, employers may be collecting additional sensitive personal information, such as health risk factors and preexisting illnesses. This information and, more to the point, its security and accessibility in light of relevant privacy laws, should be reflected in data security and privacy policies.
Finally, given the possibility of future work-from-home situations, asset managers should use this time to strengthen their work-from-home capabilities and security. This could include upgrading systems, cloud and other vendor technology, and home office equipment available to employees.
Stroock addressed these issues in its webinar, “Cybersecurity, Data Privacy and Workplace Risks in the New Normal,” on May 13.
Asset Manager Operations
As asset managers return to the office, there will be a lot of pressure on compliance and operational personnel to ensure a smooth transition. These professionals need to continue to focus on privacy and cybersecurity concerns as employees transition from home to office environment.
Any files that were reviewed or worked on outside of the office environment, whether hard-copy or electronically, need to be securely returned. Compliance personnel need to focus individually with all employees to ensure any document considered to be part of books and records of the asset manager are properly restored or updated.
In addition, policies should be established for offices where going forward only a percentage of personnel will be onsite. A combination of in office and remote employees will need to be appropriately managed and supervised to ensure all aspects of the Compliance Manual continue to be followed.
All personnel also need to review their own procedures to determine what needs to be amended due to physical or space limitations or new office arrangements. Anything that affects the Compliance Manual, operational procedures or regulatory filings must be amended going forward.
Asset managers will continue to work with numerous vendors for accounting, trading, operations, compliance and technology, and need to understand in detail the return to work processes that each of those companies are experiencing so they can continue to receive the appropriate servicing to meet their own obligations.
This process of returning to the office and new normal operations need to be evaluated by senior management to ensure asset managers can fulfill their continuing obligation to clients. This includes fully documenting this process, disclosing the material changes to the organization to investors and updating governing documents, advisory contracts and regulatory filings, including Form ADV.
For many years to come, asset managers will be defending every step in this process, from going remote to returning to work to the new normal, and the more documentation on decisions and testing of processes that is done now will make that much easier. Investors need to continue to be aware of the status of the asset manager’s operations. It is important to make material and necessary disclosure to investors and clients and to do so on a fair basis where no individual client is receiving significantly more information than others.
Another important step to consider is how the asset raising and investment process will be amended going forward. Many factors such as appropriate levels of diligence, the ability to travel, access to information, presentation ability to potential investors and the firm’s governance process all have to be evaluated against past procedures, investor and client disclosures and regulatory filings. Many of these activities will be changing in form, and it is important to the asset manager to adjust appropriate supervision to make sure the ability to manage assets is maintained effectively.
Paramount to all of this is documentation and communication. Just as it was so important to connect employees when everyone went remote, it is even more critical as an asset manager returns to its new form of operations. The more diligent that senior management and compliance personnel are during this process, the less chance that unnecessary risk will be introduced into the firm.
An asset manager should also be aware that SIFMA has put out a bulletin of general consideration for return to the office by financial institutions which may be of interest.
Conclusion
Reopening business in the midst of the Coronavirus pandemic raises myriad issues for asset managers, not the least of which involve returning employees to onsite work while protecting the health and safety of their workforce, clients, customers and business associates, and complying with applicable labor and employment laws.
This task is further complicated by the ever-evolving information provided by the CDC and other public health authorities.
Against this background, asset managers should strive to anticipate issues, stay abreast of the most current information, and seek legal counsel when making decisions that impact the workplace and their employees.
______________________________
For More Information
Ian G. DiBernardo
This Stroock publication offers general information and should not be taken or used as legal advice for specific situations, which depend on the evaluation of precise factual circumstances. Please note that Stroock does not undertake to update its publications after their publication date to reflect subsequent developments. This Stroock publication may contain attorney advertising. Prior results do not guarantee a similar outcome.
