Financial firms have the technology fairly well solved for working remotely and carrying out transactions during the COVID-19 pandemic, but the remote set-ups make it harder for their compliance officers to locate workers who want to stay off the grid or who wish to work without oversight.
Firms need to find them when questions arise about their behavior or decisions are made that pose potential risks in the midst of the crisis. Compliance officers casual style of drop-ins no longer work, and more assertiveness has been required in to reach across firms whose workplace has sprawled to homes and remote work sites.
Other businesses can put a “closed for now” sign in the window. But finance has been designated as “critical infrastructure” just a notch or two below health and public safety sectors and firms know that locking down risky operations would only make matters worse and even pose existential threats to firms and financial devastation to the clients they serve.
“You don’t have the same kind of office proximity and you can’t just walk around or talk to employee committees. You need to create the communications. You can’t wait for the problems to occur,” said Amy Lynch, president of FrontLine Compliance LLC, which tracked workplace changes in the remote world.
Firms have followed business continuity plans in shifting to up to 99% of workers off-site, but compliance has needed to refine and respond to make sure the plans work. The cloud made the technology shift the least of the problem. Compliance has used secure private networks for monitoring trading and sales practices and only the most data-intensive operations require office presence. But “people are more of a problem,” said Lynch.
“Biggest challenge for CCOs in remote work? My vote is: Not being visible and available as you would normally be in a typical office environment,” Jaqueline M. Hummel, managing director and partner at Hardin Compliance Consulting LLC said. “Out of sight means out of mind.”
Disappearing acts raise red flags about rogue behavior. Violations or questionable acts need quick responses. The hard-to-reach actor poses risks to the firm and personal liability for chief compliance officer called later to document problems.
“You don’t have the same kind of office proximity and you can’t just walk around or talk to employee committees. You need to create the communications. You can’t wait for the problems to occur.”
“You cannot sit back and wait for them to contact you,” said Hummel. Compliance officers need to keep the lines open, even before problems have surfaced. “If people don’t see you, they may not take the extra effort to pick up the phone — if you are old school — or type out an IM (instant message) to ask a question or voice a concern,” Hummel explained, adding that being proactive in a remote world means “to reach out to other areas of the firm, like traders, operations, portfolio managers, admins, to find out whether there are any problems.”
Compliance experts may need err on the side of being “really aggressive” and nimble right now, Lynch said, in vetting new products, business relationships and strategies in a time of rapid change. The plunge in oil futures in March showed the kind of “black swan,” unexpected and large magnitude change unfolding. It means compliance and risk professionals must be part of extreme, high-stakes decision making firms are facing.
To be sure regulators say that they will be more lenient in letting firms improvise in the crisis. But compliance and legal experts said the lack of rules requires a heightened, not lessened, focus on top risks. What is more, compliance professionals’ guidance on how to stay inside legal and ethical boundaries in seizing the out-sized risk and reward in the crisis will prove their value more than ever before.
The pressure of survive and prosper “adds to the need for compliance to stay in the loop, and not just to stop bad things. A really good compliance officer will be skilled in compromise and allowing businesses to do things within the confines of regulation, and that can be very valuable.”
Fraud will remain a concern on all levels, even as regulators have promised to go easy on some due diligence or prudential concerns in providing emergency funding. Compliance officers can still face liability later in such cases if fraud could have been prevented, said Lynch.
Compliance should “document all of those dropped calls and disappearing acts,” said Lynch, who advises using email messages to provide a record. While “video conferencing adds more of a human touch, to a degree, it also has its own tech concerns,” said Lynch. The use of an unfamiliar technology might complicate communications, especially for the person trying to avoid a call, and anonymous messaging services are no-go zones for regulated firms. The go-to conferencing application of the COVID-19 pandemic, Zoom Technologies, has posed privacy concerns and led to breaches.
“Not everyone is good at using it — with sound issues, PC/web cam and so forth, and it takes a few practice runs to get it right,” she said. Its best use may be in large meetings with visual presentations, she said. “A meeting with just a few people is probably not worth it and a conference call will do.”
“This is a time when some people are feeling resentful, and whatever the situation they face it is a challenge. It almost invites the ‘fat-fingered trade’ or the unethical behavior, and you have to think about how you treat employees,” Lynch said. She added, “It’s a time when a good culture of compliance is most important and knowing compliance is always a part of the activity at the firm is essential. In those places where it is ingrained in the process, the firm will be successful and get through this fine.”