Sat, May 30, 2020

Compliance Challenges in a Remote Working World

A number of our clients have contacted us to discuss the challenges their firms are facing with staff working from home during the COVID-19 pandemic.  We expect these challenges to continue once the lockdown is lifted as working from home is likely to become the norm in the future.

Here are some of the key issues that firms are facing:

Remote Monitoring
Firms may need to increase their remote monitoring activities to address the potential increased risks of individuals engaging in market abuse behaviors. The arrangements may include:

  • Increased post-transaction monitoring

    • Buy-side firms currently using manual monitoring solutions may consider investing in automated monitoring systems to increase the efficiency of the monitoring and the volumes of trades monitored.
  • Increased electronic communications monitoring

    • Firms may consider looking at outsourced providers or automated systems to increase the volumes of communications being monitored.
  • Increased monitoring of telephone calls

    • Compliance teams are increasingly chaperoning investment teams in calls with research analysts, companies and expert networks.
    • They may also consider investing in automated monitoring solutions using new technology to increase the volumes of calls monitored.
    • Firms also have to ensure that remote lines used for transmission and execution of orders are being recorded.
    • Where recordings are not available, Compliance will need to push for written accounts, minutes and record keeping by the investment team.
  • General compliance monitoring.

    • The use of automated compliance software for attestations, personal account dealing, and gifts and entertainment approval is likely to increase.
  • Increased scope and frequency of attestations.

    • Since people are not physically in the office, Compliance teams may be looking to increase the scope and frequency of compliance attestations required from staff members to ensure they are reminded on a regular basis of their obligations.

Confidentiality and Handling of Inside Information

  • Extra care should be paid by staff when handling confidential and inside information at home.
  • Firms must ensure that staff are aware of their obligations and know how to handle and destroy sensitive documents and notes.
  • Particular care should be taken by staff sharing their home with other people or with their partners. The risk increases if those are also employed by other financial services firms.

Cyber Risk

  • In a working from home environment there are increased cyber risks and staff need to be aware of those risks, receive appropriate training and robust controls should be in place.

Evolution of Market Practices in Relation to Inducements

  • With employees working remotely, industry and market practice may evolve to accommodate the new working environment. For example, brokers are unable to offer tickets to the theatre, opera or concerts so they are starting to offer streaming of performances instead. We have also seen brokers offering virtual wine tasting sessions.
  • These new types of gifts and entertainment may require a new form of assessment under the FCA inducements rules and require Compliance to apply discretion in the absence of formal FCA guidance.

Training

  • Classroom compliance training is not currently possible whilst staff are working remotely.
  • Remote training via an online system or pre-recorded sessions may be more effective ways for firms to deliver relevant compliance training to staff at the moment, allowing them to complete these in their own time.
  • Shorter, tailored and focused sessions may also be more effective.
  • Firms will need systems or mechanisms allowing the Compliance team to track completion of the training remotely during the current situation.

SM&CR Considerations

  • Senior Managers are subject to the Senior Manager Conduct Rules and the Duty of Responsibility.
  • In a remote working situation, they need to be able to demonstrate how they have taken reasonable steps to ensure compliance with the relevant requirements.
  • There could be heightened risk, deviations from the usual control environment, key decisions made and changes in delegation arrangements or in the allocation of responsibilities during the pandemic, all of which should be clearly documented
  • Increased focused on record-keeping, management information and remote monitoring (as described above) would help Senior Managers to demonstrate how they have taken reasonable steps in line with the FCA’s expectations.

 

Scam E-mails Purporting to Come From the FCA and the CIMA

Phishing e-mails have been sent to regulated firms from fraudsters pretending to be the FCA and the Cayman Islands Monetary Authority (CIMA). 

The e-mail  that appears to come from the FCA uses the e-mail address [email protected], asking firms to complete a due diligence questionnaire which isn’t attached, prompting firms to respond for the attachment.

The e-mail that appears from CIMA is similar, asks for firms to complete a questionnaire and is from "Cayman Islands Monetary Authority <[email protected]>" .

COVID-19 Financial Resilience Survey

In early June the FCA sent a Financial Resilience Survey to around 13,000 firms. The aim of the survey is to help the FCA obtain a more accurate view of firms’ financial resilience as a result of COVID-19. The Regulator said that it will use the data to support its ongoing work.



Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

Retained Compliance Support and Managed Services

With expertise in diverse regulatory frameworks, including the FCA, the SEC, AMF, SFC, MAS and more, Kroll offers practical support, from initial authorization to ongoing compliance support.

Global Regulatory Licensing Services

Kroll's expert compliance consulting team provides regulatory registration and licensing services taking the burden of regulatory requirements off business operators.