COVID Throws a Curveball at Regulatory Surveillance
December 1, 2020
Companies seem to be hitting the “pause” button on compliance surveillance activity, and the culprit is a familiar one in 2020: COVID-19.
U.S. companies falling behind with their internal testing and surveillance activities point to several key logistical issues – with the shift to remote workplaces at the top of the list.
“At the height of the pandemic as the markets were rapidly fluctuating, U.S. trading firms were having to both manage a remote workforce, as well as manage new types of compliance risks,” notes a report from Waters Technology. “When compared to their European counterparts, U.S. regulators have not been as prescriptive when it comes to procedures to ensure surveillance for working remotely, thus firms were flying blind while managing their coronavirus response. As a result, it might cause a rethink at some of the US regulatory bodies.”
Remote work and the accompanying onboarding issues that come with a full-on shift to telecommuting have caused problems with internal company compliance oversight in high-risk industries.
“When COVID-19 hit, financial service firms suddenly encountered a perfect storm of compliance challenges,” said Danielle Tierney, senior advisor for Greenwich Associates Market Structure and Technology, which tracks regulatory and compliance issues for the financial services industry. “Some firms were simply unable to maintain compliance and surveillance monitoring while continuing operations during the crisis.”
According to Greenwich, financial services firms faced numerous challenges when the pandemic hit, and government-mandated lockdowns hit the industry.
“Companies faced difficulties monitoring and securing system access, with alert backlogs mounting at firms with insufficient surveillance resources,” the company stated in a recent research report. “Companies also struggled to adjust monitoring capabilities and holistic surveillance integration as communication channel usage transformed overnight.”
Getting Oversight Back up to Speed
For companies looking to refocus on internal compliance monitoring, the challenge is to shift gears toward now dominant remote workplaces. The amount of change will depend on the level of customer engagements, with disruption risk high for companies with heavy interaction activity with customers.
Industry analysts have begun tracking company efforts to get a grip on compliance and regulatory issues during the pandemic. Here are some top-tier challenges compliance officers are already experiencing.
Same strategies and tools. Company compliance specialists are noting the rise in telecommuting means that firms have to adjust their internal compliance oversight operations accordingly. A big trend on that front is companies are using their regular compliance supervision practices and toolsets even as they shift their oversight focus to a remote workplace.
Mindset discipline. Compliance officers are also finding that staffers tend to get distracted working remotely – especially during a pandemic.
“Thus, the need to reinforce the mindset that internal compliance remains a daily priority with all managers and employees,” said financial services strategic advisor, Kelvin Dickenson. “One way that companies are ensuring this mindset takes hold is to coordinate messaging and monitoring with senior managers and line managers, with the goal being compliance remains a top-tier priority even in an era of substantial change.”
Adhering to U.S. government guidelines. Compliance teams are also scrambling to accommodate new regulatory guidelines on cybersecurity from the U.S. Department of Homeland Security.
The COVID-19 alert from DHS focuses on cybersecurity risks linked to remote workplaces. Of particular concern are enterprise virtual private networks (VPN’s) that connect employees to an organization’s information technology network.
According to the DHS, organizations that use VPNs for telework are increasingly being targeted by “malicious cyber actors” who understand that as VPNs are a 24/7 proposition, “organizations are less likely to keep them updated with the latest security updates and patches.”
The DHS advises company IT and compliance officers to update their VPNs, along with network infrastructure devices, and devices being used to remote into work environments, with the latest software patches and security configurations. Companies are also advised that they can expect to see a rise in phishing attempts and IT teams should ramp key cybersecurity tasks such as log review, attack detection, and incident response and recovery.
Keep your compliance vendor close. Companies with abundant data and operational risk issues relying on third-party compliance vendors should also understand that even experienced compliance specialists are under duress, too, during the pandemic.
Consequently, keeping close tabs on regulatory and compliance services provided by outside vendors – especially in testing and assessing their performance – is vitally important as companies grapple with COVID-related compliance issues.
Evolution to RegTech picking up speed. As companies cope with COVID-related workplace issues, it’s becoming apparent that firms are now aggressively investing in RegTech tools and technologies.
According to FIS Global’s most recent Readiness Report, 53% of survey respondents expected to spend more on RegTech in the next year. “Expected spend was broadly distributed across a range of RegTech – transaction monitoring such as trade and eComms surveillance, identity management and control, risk management, regulatory reporting, compliance process monitoring and, of course, accounting and tax changes,” the report said.
Additionally, 46% of companies surveyed by FIS say they’re “more likely to invest in outsourced IT systems, and 43% are more interested in managed services.”“Increasingly, company decision makers view RegTech as a valuable resource to better handle compliance issues in a post-COVID world,” said Mr. Dickenson. “With regulatory demands stacking up during COVID-19, companies are going to need all the compliance help they can get.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.