Prolonged periods of remote working can lead to financial institutions facing challenges, perceived risks in meeting regulatory obligations and maintaining a robust compliance monitoring framework. We provide guidance on how GRC professionals can deal with some of the challenges with compliance monitoring due to the pandemic.

 The FCA continues to stress its message that firms must take all reasonable steps to meet their regulatory obligations including giving staff access to the compliance support they need. As such, identifying these compliance risks and mitigating them should be treated as a priority by professionals working in the regulatory space.

Current Compliance Challenges

• The significant financial stress and economic uncertainty caused by the pandemic could pose the risk of non-compliance behaviour among staff such as restricted personal transactions, bypassing appropriate channels of approval etc. 
• Having direct oversight, training and conducting risk assessments as part of monitoring might be difficult while staff are working from home. 
• Firms having to proactively identify all relevant rules and regulations affecting the business, especially as the situation changes quickly, with new regulations and restrictions every day. This poses the risk of non-compliance and delayed compliance to missing regulations especially for organisations operating in multiple geographic locations. 
• Without the right technology and infrastructure, traditional communication channels such as email may not be effective as firms are operating in a “work from home” arrangement.
• Remote working has also made monitoring and surveillance such as capturing voice and e-communications, trade monitoring difficult to conduct.
• There is a risk of a data breach of sensitive information and company proprietary information such as the handling of paper documents.

Things GRC professionals much consider

• Is your firm systematically managing all relevant rules and regulations including new regulatory requirements and planning appropriately? Are your current business operations, practices, and company policies (e.g. travel policies) compliant with the rules and regulations affected by COVID-19?
• Does your firm’s tools and technologies enable you to implement the necessary compliance actions effectively and in a timely manner?
• Do the employees within the business understand their regulatory obligations and up-to-date with them?
• How do you effectively communicate the latest rules and regulatory requirements, work arrangements, company policies, travel alerts, and other notices?
• Is your communication tool effective under the current work arrangements, including the protocols by geography, business unit, and across the entire organisation?
• How do you track employee compliance with regulatory requirements and company policies?

Some Implementation tools

• A robust compliance framework with up-to-date information enabling the firm to assess the impact of rules and regulations on business operations.
• Implement new or additional ways of checking on or monitoring staff in order to manage or assuage these concerns.
• Ensure communication among management and key stakeholders within the firm is fluid in order to get easy access to the necessary tools and data required for each monitoring test.
• Management Information produced from monitoring cycles must be clear and concise.
• Accurate record-keeping of events/ errors or issues. 
• Effective reporting lines in place to allow ease of reporting incidents and errors. 
• Functional training programs to be made available to tackle high risk areas.
• Enhancing the firm’s existing technology toolkit to its maximum capacity to relieve the burden of remote work environment.

Overall, ensuring compliance with regulatory obligations require being proactive as well as reactive, the right access to resources, investing in more automated processes and constant effective communication with the team and management.