The coronavirus (COVID-19) pandemic is changing the way financial firms operate, which is impacting their compliance processes. A recent ACA webcast, Best Practices and Strategies for Managing Business Risks Due to COVID-19 Pandemic, explored the current regulatory landscape, best compliance practices for working from home, and strategies for mitigating emerging risks. Seven important actions that compliance teams should be taking today, which emerged from the discussion, are:
Keep up-to-date with the most recent regulatory reliefs being offered
Regulators are providing relief to firms in various forms, so it’s important to check their websites at least daily. The U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Financial Conduct Authority (FCA), and the Federal Reserve are regularly updating information.
The regulators are clear that they want to support firms through this challenging period, and that taking advantage of a relief offered does not mean that the firm will be targeted for an exam once the crisis passes. Nevertheless, firms will have to carefully think through which reliefs they take up, and how they do so. For example, the SEC recently granted firms a temporary exemption in regulatory filing deadlines or delivery requirements for Form ADV and Form PF, but if firms take up these exemptions they need to be clear in their communications with clients as to why they are doing so.
Ensure employees are working from home in a compliant way
The majority of webcast attendees (55%) said their firms have implemented a fully remote (100% of staff) work environment with no capacity, license, or equipment issues. Other firms have encountered these issues (28%) or are still implementing remote working arrangements (17%). In fact, one-third said that their biggest Business Continuity Planning (BCP) challenge in addressing preparedness for COVID-19 was the ability to work from home.
Significant compliance program challenges while dealing with COVID-19 included technology (39%), monitoring and testing (30%), employee supervision (23%), and policy governance (8%).
Firms need to address these challenges as soon as possible. It’s impossible to know how long employees will need to work from home. This new normal could be in place for several months, so working from home must become business as usual. Compliance teams should avoid building up a backlog of issues and tasks to complete when back in the office. Once the current crisis has passed, there will likely be an enormous amount of work to come in the second half of this year, and into 2021.
Be mindful of key person risk
Some 22% of attendees said their biggest COVID-19 BCP challenge was unidentified key person risk and dependencies. Firms are concerned that if staff become ill, essential tasks will not be performed. In addition, firms looking to lower human resources costs may worry that they will let people go only to later discover they undertook tasks that no one else has the ability to do.
In the current operating environment, it’s important for firms to ensure they have two or three people with competency to perform essential activities. It might make sense to train more people in critical skills or to consider outsourcing certain processes temporarily.
Increase cybersecurity and cyber resilience
With employees working from home, firms’ cyber risk profile has increased significantly. Cybercriminals are stepping up their activity because they perceive controls are weaker at the moment. Seven out of 10 attendees said their firms have already warned staff about an uptick in COVID-19 cybercriminal activity, such as phishing scams. However, 30% had yet to take this step.
Provide online training for employees that updates them on the current cyber risks and teaches them how to work from home safely. Ensure employees are operating safely by using a virtual private network (VPN) or other secure technologies. Reinforce that employees should not be using private mobile phones or chat rooms to communicate with each other or clients. Consider implementing Microsoft Teams or Slack, both of which can be monitored by trade surveillance systems.
Keep good records
In the current operating environment, it can be tempting to cut corners, such as recordkeeping of decisions made by members of the compliance team, senior management, trading teams, etc. It’s essential to impress on the entire organization the importance now, more than ever, of keeping good records.
It’s likely that the current challenging pace will be with the industry for some time, and regulators will want to understand the reasoning behind the choices that firms are making. Employees should not rely on their memories – there is simply too much going on, and some employees may fall ill. Comprehensive recordkeeping is easy to do remotely, and this should be implemented as soon as possible.
Check in with third-party service providers
More than 32% of those polled said that their biggest challenges addressing preparedness for COVID-19 was third-party preparedness and dependencies. Firms should speak with critical third parties about how all of the above issues are being handled at their companies in light of the current situation. As well, firms should discuss ongoing operational resilience in light of the potential impact of COVID-19 over the next few months. Good communication with critical third parties is essential at this time.
Maintain a strong compliance culture
There are different ways firms can reinforce their existing compliance culture. Some of them are practical – refresh compliance knowledge through online training, and monitor employee engagement levels with compliance processes such as gift and entertainment requests and disclosures, political contributions, and outside activity reporting.
Others are more about inter-personal relations – managers should be encouraged to speak with employees working from home on a regular basis, to provide support, prevent employees from feeling isolated, and to help to maintain mental health. Sometimes isolation can lead directly to compliance difficulties, either through genuine error or through a build-up of negative feelings towards the organization. Actively supporting employees can reinforce the firm’s compliance culture.
In short, compliance teams need to be strategic and agile in the face of COVID-19, as change is likely to accelerate over the course of 2020 and into next year.
Missed Our Live Q&A Session? Listen to the Replay
ACA hosted a live webcast on March 18 featuring a Q&A with ACA’s Carlo di Florio, Chief Global Services Officer, Mike Pappacena, Partner, ACA Aponix and Laurin Blumenthal Kleiman, Partner, Sidley Austin LLP about the challenges firms are facing as they strive to adapt to the new normal.
ACA COVID-19 Resources
Visit our COVID-19 resources page to access all of ACA’s resources to help your firm manage the new and emerging risks created by the pandemic.
We Are Here For You
ACA is here to support your firm as you navigate this uncertain time. We offer a range of services designed to help firms address and mitigate the new and emerging risks resulting from the COVID-19 pandemic in order to maintain business operations and withstand the crisis. Our solutions include:
- Third-party risk management
- Surveillance (employee risk management)
- Compliance staffing and support solutions
- Cyber awareness training for staff
Please reach out if your firm needs support.