[ad_1]
For financial services workers, lockdowns have brought freedom from commuting and office dress codes. But the basic protocols of finance work have remained unchanged.
So, in March 2020, when employees began to handle sensitive transactions, client data and communications outside company premises, financial institutions suddenly had to adapt their oversight systems. They had to ensure that market abuse, anti-fraud, data privacy and conduct regulations were all adhered to, under remote working.
Regulators said there would be no easing of the rules. Days before the first UK lockdown, the Financial Conduct Authority set out its guidelines for companies, highlighting the need for operational resilience and information security. It suggested using “enhanced monitoring†to prevent market abuse.
“We now expect you to record all relevant communications (including voice calls) when working outside the office . . . We will continue to monitor for market abuse and, if necessary, take action,†the FCA warned.
Subsequent guidance stressed that increased primary market activity — as businesses sought to raise more capital during the pandemic — together with new working arrangements “will make it as important as ever that the right controls . . . are in place†to prevent insider trading and other misbehaviour.
Same rules, different setting
In October, Julia Hoggett, then the FCA’s director of market oversight, said office and working-from-home arrangements should be equivalent. “We expect firms to have updated their policies, refreshed their training and put in place rigorous oversight reflecting the new environment — particularly regarding the risk of use of privately owned devices.â€
Regulators in other big markets have taken a similar line. The European Securities and Markets Authority reminded publicly traded companies of their market disclosure duties, while the US’s Securities and Exchange Commission emphasised that people privy to non-public information “should be mindful of their obligations to keep this information confidential and comply with the prohibitions on illegal securities tradingâ€.
Jim Ewing, chief risk officer at Dutch pensions company Aegon, says the principle it has adopted is simply to replicate the control environment of an office for staff working from home.
But he admits this is not always straightforward. “In some instances, technology has allowed stronger controls, many of which will be kept. Others, where change is likely to be temporary, or where additional risk has been created, are being more intensively monitored,†Ewing says.
Monique Melis, managing director and global head of compliance and regulatory consulting at financial consultancy Duff & Phelps, believes that many people, particularly at smaller companies, are still “a bit lax†and may be caught out in due course. “It might take a few years . . . but I think if [the regulators] are successful in taking real action against insider dealing and market manipulation, then the tone in the City will change very quickly.â€
In other areas, notably efforts to combat fraud and money laundering, the FCA seemed initially to offer more leeway, issuing guidance on client identity verification that highlighted “flexibility within existing requirementsâ€.
With lockdowns making non-essential travel impossible, companies could accept scanned documentation via email, seek third-party verification of identity, or ask clients to submit photos digitally, among other types of check — all of which created new risks, according to compliance specialists. The FCA, which insisted that its advice was “not intended to represent a relaxation of requirementsâ€, has since reverted to its standard guidelines.
High and low tech
In many jurisdictions, banks have turned to technology to ensure compliance. At a recent US banking conference, delegates from the Financial Industry Regulatory Authority said Wall Street was making greater use of artificial intelligence, machine learning, and other emerging technologies to enhance customer ID verification during the pandemic.
Sometimes less tech-intensive measures are called for. The UK’s Information Commissioner’s Office urges workers to protect personal data by storing printouts safely until they can be disposed of securely, to lock away devices that contain personal data, and to keep screens out of sight of others.
Yet the problems faced by companies must not be underestimated, says Neil Swift, partner in the business crime department at law firm Peters & Peters. The priority has to be ensuring that access to information is strictly “need to knowâ€, he says. “That way, compliance can keep tabs on who has access to what and when.â€
And while it is one thing to manage data flows remotely, managing staff, and ensuring their conduct poses no risk, is another. David Rundle, a counsel specialising in financial crime and regulatory enforcement at law firm WilmerHale, thinks companies will steadily improve their understanding of where risks lie, and develop controls accordingly — though this may cause further problems.
“Given the onus on the UK regulated sector to certify the fitness of their employees, [it may mean] that firms perform more extensive due diligence on their staff and consider any risks presented by their domestic lives,†Rundle says. “That may raise many legal issues, especially around privacy.â€
Some believe supporting staff through the strain of homeworking is the best defence against the risks it poses.
Wealth management firm Quilter has introduced greater flexibility to the working day in the hope of helping staff juggle demands on their time. Matt Burton, chief risk officer, says the pressures of working at home can potentially lead to costly mistakes.
“This is where our corporate approach to flexibility has been very valuable from a regulatory standpoint,†he says. “Giving our people the breathing space and time . . . and therefore helping to reduce overall stretch, stress and anxiety . . . in turn reduces the risk of things going wrong.â€
[ad_2]
Source link
