It’s fair to say 2020 has been littered with new challenges, changes to working practices, and economic pressures for businesses around the world. Business operations have had to adapt swiftly; no mean feat for a compliance department to keep up with. As the year draws to a close, we’re taking the opportunity to look back, reflecting upon how these changes may, in some cases, represent permanent changes for working practices and, consequently, compliance. Here are Fulcrum’s compliance lessons of 2020:
1. Flexible working practices
As governments around the world advised businesses to adopt remote working practices and restrict international travel, companies had to adopt alternative ways of working with an increased use of technology within their business operations.
For compliance functions, as with many others, such measures have seen a shift in their staff training and assessments from in-person to online platforms. This has necessitated a greater focus on, and improvement of, internal communication to ensure compliance remains an ever present issue in employees’ minds. During periods of rapid change, maintaining effective compliance practices can all too easily fall by the wayside, leaving companies open to a litany of future problems. As regulators have warned, their expectations for compliance remain the same, and companies have been working to ensure compliance is not overlooked during the pandemic. There will be no coronavirus defence for non-compliance.
As we move forward and lockdowns around the world begin to lift, many businesses are likely to continue to adopt some element of remote working within their business practices. It is therefore imperative that compliance officers update policies and procedures to reflect this new way of working, update their risk assessments and refresh any training needed as a result of these changes.
2. Innovation and technology
The use of innovation and technology in compliance (e.g. KYC and transaction monitoring) has been in development for several years to ensure compliance with regulatory standards, but also to ensure cost efficiency. The physical restrictions and budgetary constraints during the pandemic have only accelerated the adoption of compliance technologies. For example, some businesses have shifted customer due diligence away from face-to-face meetings for customer verification purposes and are now implementing online identification and verification tools to onboard new customers. Other aspects, such as data storage and reporting have also, in some cases, been brought online and onto cloud-based systems.
The trend towards greater use of technology is likely to continue as compliance professionals review their processes and the availability of previously overlooked technological solutions to facilitate compliance procedures. In addition, compliance professionals will also need to review their data security measures to protect against the growing risks of cyber attacks and breaches of data protection.
3. Purposeful culture
A healthy business culture that embraces compliance processes and effective governance can drive the right behaviour within an organisation. This was noted by the Financial Conduct Authority earlier this year, when it published a paper on the subject of driving purposeful culture within businesses.[1]
This issue has become even more pertinent to the current situation as the public, investors, employees, and customers emphasise their expectations for social responsibility and ethical business conduct. Building such a culture can, however, become more difficult when working remotely, since the psychological distance of “out of sight, out of mind” can lead to increased conduct risks. Effective compliance communications therefore become even more important during such times.
Cultivating a compliant and ethical culture takes time to develop. A significant foothold in establishing this is ensuring your senior leadership are on board and engaged to help drive the message, both in terms of their own communications with employees, but also through their own business conduct. If businesses continue to adopt some element of remote working once lockdown lifts, maintaining connection through both formal and informal communications are crucial to cultivating an ethical and compliant dynamic within a team.
4. Regulatory changes
Despite the financial uncertainty and disruption faced by businesses as both a direct and indirect result of the pandemic, there has been no relaxation of compliance standards by the authorities.
Simply put, regulators expect compliant business practices, and there will be no room for complacency. Whilst there is no “one size fits all” approach to compliance measures, regulators expect companies to re-evaluate internal controls and adjust these to respond to new regulations and new business risks.
That being said, the regulators have given some flexibility by extending deadlines for the implementation of certain measures: for example, the FCA extended the deadline for the full implementation of the Senior Manager and Certification Regime (“SMCR”), however, in doing so, the FCA made clear that compliance controls should not be weakened.
In addition, new regulatory plans continue to be rolled out. Anti-money laundering and economic crime policies are still a priority for the UK government and the EU, with EU finance ministers discussing plans to reform the EU’s AML framework with more detailed regulatory plans expected in early 2021. Compliance professionals will therefore need to continue to keep pace with these changes if they are to stay out of hot water with the authorities.
5. New risks
The pandemic has created an opportunity for fraudsters to exploit weaknesses in supply chains, and to trick customers with consumer scams. On top of that, cyber attacks and the risk of data breaches are on the rise, with 62% of financial services firms stating that they have suffered cyber attacks in the last year.[2]
Such risks highlight the need for technological improvements and training and we have seen companies refocus their approach to training to ensure that their staff remain vigilant and are equipped to identify potential threats to the company. Internally, compliance officers may also wish to conduct regular analytical reviews of their data to help detect new risk typologies for the prevention of loss.
6. Engagement with stakeholders
During the pandemic, the importance of two-way communication with stakeholders has become vitally important, so that whilst the company maintains its message to staff about the importance of compliance, it also spends time listening to stakeholders and responding to their concerns. This will help enable the compliance function to continue to be seen as a trusted adviser to the business.
So what does all this mean?
The pandemic has changed the way that businesses operate and has also led to the acceleration of developments introduced in the pre-COVID-19 world. Whilst it is still uncertain whether businesses will fully resume their pre-COVID-19 working practices, it is evident that some changes are likely to be here for the long haul, transforming business operations forever.
Whilst the pandemic has brought significant challenges for companies, it has also led them to reassess risks and consider new ways to improve and innovate compliance processes and procedures. By continuing to adapt to all the compliance lessons of 2020, the compliance function can ensure protection for the whole organisation, employees and other stakeholders.
For a reminder of all the industry insights and regulatory updates from Fulcrum this year, please click here.
[1] Financial Conduct Authority, ‘FCA encourages firms to develop purposeful cultures, 5 March 2020 (https://www.fca.org.uk/news/news-stories/fca-encourages-firms-develop-purposeful-cultures)
[2] Security Boulevard, ‘62% of Financial Services Firms in the UK have Suffered a Cyber-attack in the Last 12 Months’, 6 November 2020 (https://securityboulevard.com/2020/11/62-of-financial-services-firms-in-the-uk-have-suffered-a-cyber-attack-in-the-last-12-months/)
