Now that most companies are firmly on lockdown and supporting a remote workforce, there are a number of things you should be thinking about if you are a Risk or Compliance Officer.
Since we don’t know how long this period is going to last, we must assume that this is the status quo for the foreseeable future. Thankfully, modern technology means that most firms should be able to continue operating without business disruption. Of course, the firms that have already deployed some of the more modern solutions will be better off, however, there are things all firms can and should be doing to ensure they stay on top of their regulatory responsibilities and strategic operations.
With so much chaos happening in the markets right now, we have pulled together a quick top 10 checklist of areas you should focus on. We hope that this might provide some insight and potentially some useful rest bite and direction.
This is the time to do a ‘stock take’ of your compliance solutions. Make sure you and the relevant people in your team have the correct access to all systems. Obviously, the more platforms you use the more difficult this will be to manage remotely.
Coordinate the list of monitored users and platforms to ensure that you are capturing all relevant data and activity channels. It is quite possible that this list will have changed with the move to remote working. People and systems may have changed, along with how you capture and review the relevant data points. Make sure you are up to speed and have adapted your compliance processes so that you remain compliant.
Now more than ever you will need to ensure you can effectively catch up with your team. Zoom’s free accounts can no longer guarantee airtime as licenced accounts are prioritised. Microsoft Teams, Skype and Slack provide other good alternatives. Ensure any of the channels you are using have the correct quality and access controls in place to communicate effectively and securely.
In this period of dynamic environmental change, regular amendments to regulatory rules will lead to additional pressures to keep up to date with how this may impact your business and activity. Communicate any changes regularly and effectivity to your team, and where possible set up alerts for these activities so that you can monitor and detect them as they are rolled out.
There is an increased risk that people will be using their private mobiles during this time. Are you capturing mobile communications? Do you have a BYOD policy? In the market we have seen some lenience from ESMA who will, for a limited period, grant forbearance to firms that cannot ensure that all recordable communications are recorded due to the “exceptional circumstances” as long as:
a) the relevant firm has taken steps to try to ensure compliance;
b) firms have in place “alternative steps” to mitigate the risks related to the lack of recording;
c) firms “deploy all possible efforts to ensure” that the loss of ability to record comms remains “temporary and that recording of telephone conversations is restored as soon as possible”; and
d) firms ensure that they have “enhanced monitoring and ex-post review of relevant orders and transaction” in place.
To be clear, this does not mean that you don’t have to capture communications anymore, but if you have a technical issue, you will not be penalised.
Does the movement or location of employees impact any open investigations? Perhaps the conditions in which monitoring is being captured needs refining or revisiting?
This is the time to ensure that everything is being achieved correctly, especially since data will be flowing from an increased number of channels and locations, including from private Wi-Fi connections, VOIP and conference calling facilities, etc.
The idea of remote working is to reduce the risk of employees and much of the society falling ill at the same time. However, firms still need to prepare for the eventuality that home working will reduce efficiencies and productivity. So, what backups do you have in place if your resources are reduced? Fine-tuned automated alerts, new relevant flags and streamlined processes will be key here. Human and manual surveillance might struggle with increased data being driven through the systems, but machine learning will always operate and learn quickly from the vast amounts of data.
If the ability to refine and retune your compliance and regulatory operating platforms is not practical, perhaps now is a perfect time to increase your consideration of random sampling. All firms who are recording compliant voice calls should already be practicing random sampling, but often this is a manual process with little underlying thought. Perhaps this is a quick and efficient way to increase and enhance your practices in this area.
Take this opportunity to refresh your knowledge and understanding of your underlying systems, and of the different data sources you interact with. Make it a personal goal to learn more about how they are being used, but to also ensure you are satisfied that everything is working properly. Perhaps spend the time you would otherwise be commuting learning more about the technology you use and how it works.
Being in these roles requires the individuals to be personally responsible for a multitude of activity and due diligence for their firms. These are some top things all compliance officers or heads of risk should be thinking about.
SteelEye can help CCOs manage the increased workload imposed by remote working
Since SteelEye is completely cloud-based, it is accessible from anywhere in the world via a private web-app.
SteelEye unifies a range of compliance requirements on one platform, meaning that you only need to log in to one system for anything from your surveillance and reporting to best execution, record keeping and more. This means that all your data is in one place from an archiving perspective and it is also easy to check that all underlying data feeds are working correctly.
In SteelEye you get an overview of all your monitored users which can easily be reconciled against HR reports. Based on your SMCR rules in SteelEye, you can quickly identify if your decision makers are being proactive. If there is a sudden drop in communications for a particular person, this might be a signal that they are using non-corporate channels or devices and you may need to step in. SteelEye has also partnered with many key vendors and service providers who offer voice, mobile and WhatsApp capture solutions to enable firms to easily monitor and capture this data. In addition, you can actively monitor and set up extra flags and alerts for people who are in open investigations. This means that if someone hasn’t had any activity for a few weeks, it can alert you to check with HR if they are still an active employee.
SteelEye is built with a high degree of artificial intelligence (AI) and machine learning (ML) which enables processes to be largely automated. This spans from market abuse detection, conduct risk monitoring, regulatory reporting, best execution. As a result, it is easy for compliance officers to stay on top of their obligations when if human resources are reduced.
Finally, SteelEye’s platform is agile enough to adapt and cater for a fast-moving regulatory landscape. Our team of regulatory experts also actively monitor news and regulatory updates to advise and educate clients.
Stay safe and remember that SteelEye are there to help you through your compliance challenges.
How seriously should you be taking your compliance obligations during this lockdown period? Arguably it is now more important than ever!
STEELEYE LIMITED, A COMPANY REGISTERED IN ENGLAND AND WALES WITH COMPANY NUMBER: 10581067, VAT NUMBER: 260818307 AND REGISTERED ADDRESS AT 55 STRAND, LONDON, WC2N 5LR.