Compliance in the second half of 2020

The coronavirus pandemic has been a significant event, bringing lots of uncertainty to organizations across the globe. Without question there are emerging concerns among compliance officers regarding staff training, resources, controls and the need to keep up with regulatory change. With that in mind, we invited compliance experts to answer three questions and give their views on upcoming regulatory enforcements and compliance in the second half of 2020.

Global financial stability has been shaken, and regulated firms are facing several regulatory challenges. Regulators had to quickly adapt and modify their rules to maintain business continuity, causing difficulties for firms who had to modify their modus operandi.

Thanks to RegTech, tracking all coronavirus related publications was made easier. Firms can keep track of these changes and updates in real-time. According to Thomson Reuters, more than 1,300 regulatory changes and announcements were made across the world in March. All updates contained specific guidelines and/or relaxation of rules to help companies through the pandemic.

At the same time, the pandemic has forced regulators and firms to stop and promptly look at the impact of the crisis, review the way they operate and what it means for the future of regulations. As a result of this, more changes are imminent.

Consequently, regulators have thrown a spotlight on firms’ capabilities to detect market abuse and its inherent risks during the pandemic. Firms and regulators realized that there is a lack of efficiency with regard to monitoring employees and their activities. These recent events question how well firms can monitor employee compliance and manage conduct risk during a period of crisis.

While there is no doubt that changes, enforcement actions and more regulatory updates are coming, there are lots of questions regarding what these enforcement actions will be. How regulators will look at firms that slowly responded to the crisis and did not adapt their operations in accordance with the rules and regulations will also be brought into question.

To get a better understanding on what is on the horizon for compliance, we asked three questions to our global partners, specialists in regulation and regulatory services, about their thoughts and expectations for the second half of 2020. Here are the different topics they covered and their insights:

1. Compliance and Reg BI - SEC & FINRA

2. FCA enforcement under the Senior Managers and Certification Regime (SMCR)

3. Focus on Market Conduct, Insider Dealing and Financial Crime

4. Managing Conduct Risk and the outcome of the new “work culture revolution”

5. Conduct breaches scandals and how to tackle the issue

6. Collaboration among regulators to fight financial crime

Reg BI - SEC & FINRA 

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

In the U.S. Reg BI has been in the works for several years and has been a monumental challenge for compliance departments, especially broker-dealers and dual registrants as RIAs and BDs. The SEC and FINRA have been incredibly proactive and helpful to firms in their preparatory efforts and have signaled they don't intend to "play gotcha" right from the start as long as firms can evidence good faith efforts to comply. However, I expect at least one significant enforcement action related to Reg BI where an enforcement action is brought as a result of a complete lack of preparation or egregious failure to even attempt to comply.

Additionally, look for regulators to undergo a thorough retrospective review of firm's enaction of business continuity plans related to the Coronavirus pandemic and mandated work-from-home orders. Although all signs point to a very smooth transition and very few problems, I would not be surprised to see a significant enforcement action somehow related to failures in continuity planning and working from home.

What will be most important to keep compliant in 2020?

Compliance departments will continue with all the challenges they are currently facing. Regulatory change and technology challenges are persistent top concerns. Retaining staff and training will be a secondary concern as the job market is very tight and talented available employees are easily accessible. Therefore, current employees are motivated and enthusiastic simply out of a desire to hold onto their current positions in fear of possible cuts.

What is on the horizon to help compliance officers and firms to comply?

One of the greatest challenges faced by compliance departments is the budgeting and training necessary for large-scale technology changes associated with compliance and risk. There is a constant need to upgrade legacy systems and deploy new, or better, technology. Doing so is necessary but also time and resource consuming as employees must also be trained or already have the necessary skill-sets to accomplish these projects. Regulators know if compliance departments are working from a dinosaur of a platform which further emphasizes the need to retire legacy systems. At Thomson Reuters Regulatory Intelligence we monitor and track more than 1000 global regulatory bodies throwing off more than 200 alerts daily. We also provide practical and actional news and analysis of such regulatory events.

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

For FINRA, it is all about the implementation of Regulation Best Interest (“Reg BI”) during the second half of 2020. FINRA will contact member firms to ensure they have policies and procedures in place, and Form CRS is properly updated and disseminated. 

With the volatility in the securities markets during the first half of 2020 and FINRA’s focus on investor protection in particular to senior investors, we anticipate potential actions related to customer complaints. We expect with Reg BI and the additional obligations due to the new regulation, we may find some test cases being brought by Regulators, particularly FINRA.

What will be most important to keep compliant in 2020?

We believe with “stay at home” orders and remote working, we expect to have more staff training related to regulations and overall firm policies. Several clients are thinking about more efficient technology solutions to appropriately monitor their business. Clients are also upgrading software tools to enhance their current monitoring tools.

Our clients are also revisiting current Business Continuity Plans (“BCP”), to enhance the remote working experience. With the potential of a second wave and potential second closures are now the time to think strategically about more long-term plans.

What is on the horizon to help compliance officers and firms to comply?

We expect to see an increase spend in technology to help with compliance monitoring. Increasingly our clients have been inquiring about the latest technology solutions in the marketplace to enhance remote supervisions. Clients are also using the paradigm shift to evaluate their current systems for future enhancements. As a professional services firm, MCG Consulting assist clients with vendor evaluations and implementation of software solutions.

FCA enforcement on SMCR

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

My guess would be a high profile FCA enforcement under the Senior Managers and Certification Regime (SMCR). I have to admit that this answer is driven, to some extent, by wishful thinking on my part. We are now four years on from the first SMCR roll-out and we have still had no enforcement actions (other than the Barclays whistleblowing case that was based on very specific facts) and very little regulatory guidance on where the bar is set by the regulators. As someone who specialises on conduct and culture training, it would be helpful to have enforcement cases and guidance on a number of aspects of the SMCR, such as the “reasonable steps” test for Senior Managers, the materiality test for Individual Conduct Rule breaches and the interaction between the SMCR and non-financial misconduct, such as harassment and discrimination.

What will be most important to keep compliant in 2020?

I would look to aspects of conduct and culture in the ‘new normal’ environment due to COVID 19. As the new normal becomes business as usual, the regulators will be looking at how firms responded to the crisis in the early days and have since adapted across their operations. The ability to demonstrate that ‘reasonable steps’ were taken across every aspect of the firm will be paramount. Key areas for the regulators are likely to be matters related to working from home, such as information security and data protection, and key conduct issues-driven directly by the current market conditions, such as market conduct, treating customers fairly and working with vulnerable customers. An important part of a firm’s ‘reasonable steps’ defence is going to be timely training interventions targeting these key areas.

What is on the horizon to help compliance officers and firms to comply?

In the current working environment, it is vital that firms have the ability to train employees at distance. Our clients' firms are looking for new, interactive and effective ways of delivering external and internal GRC training remotely. Some are relying on more traditional types of e-learning, while others are exploring new options, such as virtual classrooms and social learning. Distance learning is evolving to meet the challenges of the current working environment and this is the ideal time to experiment with something new.

Eukleia is a specialist Governance, Risk and Compliance training company and well-placed to assist firms meet the training challenges presented by the current environment. As part of Learning Technologies Group plc (LTG), Eukleia is able to utilise the expertise of its sister companies, which are at the forefront of innovation and best-practice in the learning technology and talent management sectors. As well as working with clients to deliver ‘best in class’ bespoke digital courses, we have a range of ‘ready to go’ digital courses that can be delivered at speed and to a budget. We also have in-house experts who can develop and deliver virtual classroom and webinar learning on a range of regulatory topics.

Focus on Market Conduct, Insider Dealing and Financial Crime

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

While it is difficult to predict what the biggest regulatory enforcement case will be in the second half of 2020, we are expecting that there will be significant outcomes in relation to financial crime and insider dealing. The FCA's Enforcement Annual Performance Report for 2018/19 highlighted that there were 88 open financial crime cases and 96 insider dealing cases which were open as at 31 March 2019, representing significant increases since 2018.  The FCA is also investigating more market manipulation cases, these represent around 40% of market abuse investigations. While we expect the FCA to conclude some cases in these areas, they may not be finalised this year given other priorities which they may be facing in light of COVID-19. We expect the FCA to be particularly vigilant during the current pandemic, for example for market abuse, given the heightened risk as a result of homeworking, as well as for firms which are failing to treat customers fairly in line with guidance issued by the FCA over recent months. Firms which are not focusing on outcomes for customers and markets in line with regulatory expectations are at risk of facing enforcement action.

What will be most important to keep compliant in 2020?

As many firms continue to adhere to Government guidance in responding to COVID19 and staff continue to work from home, it is imperative that firms ensure their systems and controls are adequate to mitigate any associated risks, for example, risks of market abuse, hacking from cyber criminals, not being able to meet changing customer needs and demands and generally not meeting core regulatory obligations. Firms should ensure that appropriate training is given to staff to remind them of their regulatory obligations during this time and using any lessons learned to improve on contingency plans for the future. Given changing customer needs and demands and an increased reliance on digital services, it is imperative that firms invest in technology to ensure they can not only continue to meet their regulatory obligations but also to remain competitive with their peers. The FCA has also emphasised the importance of operational resilience for firms during COVID-19.

What is on the horizon to help compliance officers and firms to comply?

In the immediate term, compliance officers and firms should be ensuring they continue to mitigate the impact of COVID19 on their businesses. Longer-term, the COVID19 crisis has put a renewed spotlight on environmental, societal and governance ("ESG") issues. Regulators have started to formulate new policies and rules and firms should be ensuring they keep up to date with regulatory developments in this area. Gowling WLG's Financial Services Regulatory Team regularly produce key updates for financial services firms which you can subscribe to through this link.  Sushil Kuner and Ian Mason, Partner and Head of Financial Services Regulation at Gowling WLG will be hosting two webinars in September, where senior stakeholders from the FCA will be presenting on current topical issues, including FCA observations on good and poor practices arising out of COVID19, and an update on Brexit and the FCA's international approach. Please get in touch directly with Sushil or Ian to register your interest in these events. They have also published a must-read article which explores the key regulatory developments in respect of ESG and how these impact on financial firms across a variety of sectors.

Managing Conduct Risk and the outcome of the “work culture revolution”

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

In my opinion, the biggest regulatory enforcement in 2020/21 will likely be US or European action on the German fintech, Wirecard. The consequences of Wirecard’s insolvency on banks, investors, audit firms as well as supervisory authorities cannot be understated. The BaFin in Germany has been lambasted for inaction and is under intense political and public pressure. With US DoJ, EU, German, Philippines and other European prosecutors investigating Wirecard, it’s just a matter of time.

I also think COVID-related fraud will lead to some noteworthy actions. Misconduct proliferates in a crisis and human nature being what it is, the current pandemic is irresistible to criminals. Apart from usual scams related to fake vaccines, cures, etc., fraudsters are also exploiting the governmental relief programs under CARES Act. The FBI reported several complaints from legitimate businesses that couldn’t apply for PPP loans because their EINs have already been used for fraudulent loan applications. A PPP Fraud Working Group has been formed, over 100 investigations initiated so far, and over $42 million identified in a potential fraud. The report also indicated that these cases involve bank insiders, convicted felons, use of dormant or cash businesses, and identity theft.

Finally, it’s worth mentioning that although Robinhood settled with FINRA in December 2019 and paid a $1.25 million fine, there is still ongoing criticism of its “payment to order flow” business modus operandi and technology failures. The firm could be reinvestigated under Regulation Best Interest (“Reg BI”).

What will be most important to keep compliant in 2020?

With the unprecedented shift to working from home (WHF) for many businesses, a shift that is likely to stay for the foreseeable future, measuring conduct risk will be important to ensure compliance. How have employees settled into this new normal? What is acceptable in this new work environment that wasn’t before?  Have security and information protocols been followed? Is productivity up to expected standards? A ‘work culture revolution’ is in play, and financial institutions will have to adapt to this change, measure the impact and manage the outcome.

Innovative means of outreach and training will have to be deployed on several fronts; compliance, conduct, virtual technologies, and vigilance on information security fronts will also be key to ensure that businesses remain compliant.

What is on the horizon to help compliance officers and firms to comply?

The good news is that there are many RegTech solutions that can assist firms in adjusting to this new normal and complying with regulations effectively. Boards/senior management should consider compliance and/or conduct culture measurement tools to ensure they are keeping on top of the virtual work environment. Additionally, compliance programs and processes ought to be re-evaluated in light of the many accommodations made by regulators to assist in tiding over the difficult months when processes had to be performed remotely almost overnight. The Mizen Group is a RegTech compliance advisory firm with innovative, cost-effective diagnostic solutions that can help compliance officers, senior management and board of directors reassess culture and processes in the compliance space.

Conduct breaches scandals and how to tackle the issue

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

The biggest regulatory enforcement, in my view, would be conduct breaches. We have seen how the lapses in conduct have led to big scandals unfolding this year, from the oil trader Hin Leong to the German payments firm Wirecard.

What will be most important to keep compliant in 2020?

In my view, current regulations in Singapore have been fairly sufficient in meeting their purposes. However, to tackle the issue of conduct breaches, it still requires constant staff training, and also the evolution of monitoring/surveillance tools to enable Compliance/Assurance/Audit staff to perform their roles and discharge their responsibilities to their firms in detecting and deterring conduct breaches which could lead to risks to the firm (reputational, financial, compliance risks etc.). Along with technology and cyber risks which we have seen a spike in the number of advisories sent out by various regulators, these are the upcoming critical areas to keep compliant in 2020.

What is on the horizon to help compliance officers and firms to comply?

Training, development of more advanced monitoring tools, and also technology tools to track regulatory changes in firms. My company, Funderbeam, in its two roles firstly as a crowdfunding firm, and secondly as a private trading exchange for private companies, has always prided itself on being here to support the small-medium private companies in their journey to success. Regulated by the FCA in the UK (with passport authorization in the EU), and also by the MAS in Singapore, we have been in a unique position to assist and advise private companies on how to raise funding and improve their compliance processes (such as on the information disclosure requirements, monitoring of insiders, etc) when it comes to being transparent with investors/shareholders. Many small firms usually neglect this aspect or relegate it to the bottom of their priority because they are, first and foremost, focused on growing the business and revenues to survive and expand. And we will continuously enhance this training to our customers, which will assist them to improve conduct monitoring and reduce the likelihood of conduct breaches happening.

Collaboration among regulators to fight financial crime

In your opinion, what will be the biggest regulatory enforcement in the second half of 2020?

I think we are going to see a lot of movement in:

• Fraud controls and detectability especially around corporate financial accounting (on the back of Wirecard – this is a massive embarrassment for multiple regulators, and it cannot happen again).
• Investment suitability, especially with the current market and increased losses.
• Cross border permissions and licensing (this is such an easy revenue generator for the regulators, and I’m surprised how little action has happened over the years).
• Transaction monitoring – highlighting the lack of current systems ability to trace/identify sophisticated criminal networks. With the banking initiatives where banks are now coming together to share typologies they are seeing, we are going to get a lot more coming out of this. But the regulators need to ensure that there is increased top-down cooperation with info sharing by the FIU/police investigations to banks for this to work optimally.
• Sanction breaches might increase – at an individual level, not at a country level. There have been increased updates during this period, and I’m not sure everyone is fully up to date. Also, with the rapid increase in certain types of financial crimes, we will begin to see more creative business structures to launder money, and this will may lead to banks potentially unknowingly onboarding blacklisted persons who are behind the structures.

What will be most important to keep compliant in 2020?

I think we are going to potentially see more white-collar fraud as people struggle to deal with the impact of COVID job losses and financial losses. So not only do we need increased training but also, we need control and system enhancements for better security and detectability. Also potentially increased Market Abuse, where working from home employees are unintentionally exposing MNPI to others around them. Banks need to be paying close attention to client changes in investment strategies and profiles.

What is on the horizon to help compliance officers and firms to comply?

Many compliance officers are currently struggling with day to day demands from the business with increased regulatory interactions and reporting/information requests. However, in Hong Kong for example under §59(2) of the Banking Ordinance, banks may be required to appoint auditors to report on the adequacy of specific systems of control. What is critical right now is for Banks to review “health check” their control frameworks to assess whether they are fully effective and proactively self-identify any gaps before they appear in a regulatory inspection report, which will be viewed more favourable in the eyes of the regulator and hopefully help with avoiding fines and/or public censure.

At VRS – Virtual Risk Solutions, we are currently working with clients to provide these health check “certificates“ in preparation for upcoming regulatory inspections. In addition, we are through these reviews helping clients to identify ways they can streamline and increase the efficiency of the control framework, including increased automation to help relieve resourcing constraints, and focus manual attention where most critical.

MCO hosts a selection of on-demand webinars with experts for you to watch or listen to in your own time. Go to our webinar session on the website and choose from a variety of topics around compliance and risk. 

MCO provides compliance management software that enables companies around the world to reduce their risk of misconduct. Our powerful platform lets compliance professionals demonstrate they are proactively managing the regulated activities of employees, third-party vendors and other agents of the firm. Available as a unified suite or à la carte, our easy-to-use and extensible SaaS-based solutions get clients up and running quickly and cost-efficiently. We’ve built our passion and proficiency for compliance automation into every product, empowering clients of all sizes to maximize technology to minimize conduct risk.