The COVID-19 crisis has caused a great deal of uncertainty, confusion, and challenges across sectors. Some states in the U.S. are beginning to reopen their economies even though COVID-19 cases continue to climb. With a vaccine unlikely to hit the market until 2021 and healthcare experts warning of new waves of infections if states open too soon, the situation continues to evolve and introduce new challenges.
Given the unprecedented nature of the current situation, there is no playbook for risk and compliance management. However, based on ACA’s expertise, discussions with our clients, and polling results from various ACA webcasts, we have significant insight into how financial firms’ CCOs are navigating today's challenges, evolving regulatory expectations, and looming economic realities.
In this blog post, we share peer insights and discuss what CCOs can do now to adjust and position compliance programs for long-term success.
The state of regulatory compliance
“Compliance and risk professionals are adjusting to the practical realities of remote work and the mandate in this challenging economy to do more with less,” says Carlo di Florio, Global Chief Services Officer at ACA. “Regulators are continuing to protect investors and market integrity with robust market surveillance and remote enforcement and exams prioritizing COVID-19-related risks.” For example, heightened scrutiny and focus on insider trading and market manipulation is driven by regulatory concerns around the perfect storm of market disruption and volatility. The exposure of MNPI risk is increased due to remote working and delayed public disclosures and filings.
In addition, regulators are focused on monitoring how firms are surveilling their employees’ personal trading, electronic communications, telephone conversations, and other conduct to detect potential compliance and conduct-related issues and help validate the effectiveness of the compliance program.
Another regulatory focus area is the operational resilience of firms and how they are incorporating lessons learned from this crisis into their business continuity plans (BCP) and third-party risk programs. Regulators are also concerned about and keenly focused on a spike in cybersecurity attacks and have issued alerts and guidance about heightened cyber risk management.
Maintaining compliance while working apart
Many CCOs are struggling with the best way to approach compliance in a time when employees are working remotely, feeling overwhelmed, and morale is low. In this environment, it is critical to maintain your firm’s culture of compliance. But what is the best way to do this, especially now?
“When people say or hear ‘culture of compliance,’ I don't think anyone really thinks about what that means or how to actually implement that in their firm,” says Leigh Emery, Senior Principal Consultant at ACA.
The key is to empower your employees and educate them so they are your firm’s first line of defense. Make it easy for them to remember policies and procedures and to report things to you.
“When I was a CCO, I was very focused on how I could make compliance easy for my employees, particularly those that don't work in compliance,” says Emery. “How do I make it easy for them to remember policies and procedures?”
Adjusting your compliance program
Given the challenges of the current environment are here to stay for the near future, what can CCOs do now to adjust their compliance program and ensure their firm is protected in the long term? Key areas to consider include:
Maintaining a culture of compliance and meeting regulatory expectations in a remote world
Remote and distributed workplaces are creating new employee-related risks for compliance and risk teams to address. To effectively tune your compliance program to the current environment, take an inventory of your risks and prioritize them so you are spending time on what is most critical. Make sure these risks are front and center with employees. Get buy-in from senior management before implementing any changes so they can help reinforce the program from the top down.
“Engaging senior folks in the firm and making sure that they're reinforcing the program at this moment when everyone is isolated and distributed and working from home is so critical,” says di Florio. “Particularly with the people on the front lines of the business – hearing from their leaders, their supervisors, their managers that no time is more important than now and how we are managing our risks in this environment.”
Transitioning traditional on-site tasks to off-site
Functions typically performed on-site, in person, and manually (non-digitized) are now having to be done off-site, with little oversight, and digitally. CCOs will need to adjust their compliance policies and procedures to address these new challenges and risks. Key areas to consider include recordkeeping, due diligence, trading and communications, and surveillance.
Controlling costs while remaining compliant
Employees are being pulled in more directions than ever before, and despite being well-intentioned, they may be using risky methods to get the job done (non-approved electronic communications channels, for example).
Technology is one way to drive efficiencies and help close compliance gaps resulting from remote work. If you don’t have the capacity to implement new technology right now, consider what you already have and ensure you’re using it correctly and effectively. “Look at what you have in your toolkit right now to assess whether those tools can be used for additional use cases that might ease the burden of the remote work environment and enhance collaboration and controls,” says Jack Rader, Partner at ACA.
Outsourcing is another way to stay on top of compliance tasks while saving on costs. For example, tasks that are low priority or low value but still need to get done are great candidates for outsourcing to free up bandwidth.
When considering whether outsourcing can help, start by reviewing current processes – what is inefficient, where is the bottleneck, what are the pain points? Is it possible to easily engage a third-party expert that can do the job quickly or even come in to just review the function and tell you how to do it better and more efficiently?
“We see a lot of interest from our clients in outsourcing marketing and advertising reviews, electronic communications, vendor due diligence, and cybersecurity due diligence,” says di Florio. “Each firm will have its own different pressure points, but we continue to see more and more clients being asked by their firms to think creatively about how to help the firm cut costs and save money. This is an opportunity for compliance functions and CCOs to be strategic and part of solving the problem.”
Compliance is a team effort
The whole firm, from senior management to employees, needs to play a part in the successful implementation of any changes you make to the compliance program. But collaboration across the compliance, risk, and legal functions is critical, says di Florio: “Teaming and collaborating to make sure that everyone on the second line of defense is working closely together to help educate, monitor, and provide oversight around critical compliance and ethics policies and procedures in this remote environment is really effective.”
To hear more insights from Carlo di Florio, Jack Rader, and Leigh Emery, listen to their conversation from our recent webcast, Adjusting and Positioning Your Compliance Program for Success in the Age of COVID-19.
For more peer insights into how firms are responding to risk and compliance challenges in the age of COVID-19, download our infographic containing polling results from previous ACA webcasts.
ACA’s COVID-19 Resources
ACA is actively monitoring the developments related to COVID-19 and producing resources to help your firm address the risks and challenges created by this crisis. Visit our COVID-19 Resources page to access our resources.
How We Help
ACA provides a range of solutions designed to help financial services firms achieve operational resilience, meet regulatory obligations, adhere to industry best practices, and increase efficiencies. From outsourced managed services to regulatory technology, to cybersecurity and technology risk management and online training for employees, we can help your firm reduce the burden of day-to-day compliance management. To learn more about how we can assist your firm, contact us below.