With many City workers continuing to work from home for the foreseeable future, firms are grappling with how to maintain market conduct standards when employees are not physically present. Organisational culture and technology both have roles to play to keep firms on the right side of regulators in the ‘new normal’. Listen to the related podcast series here.
Six months into the global pandemic and we are moving from what we thought was a temporary emergency to something akin to a new normal. Many banks and city-based firms are delaying returns to the office until at least the end of the year, if not into 2021, and those people that are returning are often coming into offices with greatly reduced capacity to enable social distancing. While many people are missing seeing their colleagues in person, or going out for lunch, long-term remote working has serious implications for organisations, which find it harder to reinforce controls and to affirm culture when employees are not physically present.
Managing market conduct and other regulatory risks are more important than ever. As the pandemic rolls on and the adrenalin of the initial shock wears off, reality is starting to sink in about the potential long-term effects on the economy, which can put pressure on employees, says Manmeet Rana, Partner at global consultancy Aurexia. “When people are under pressure, they don’t always make the best decisions, which can lead to greater conduct risk in the medium term,” Rana says. It is also potentially easier to conceal inside information without the usual controls and transparency of an in-person environment.
Remote working has meant firms have had to rethink how compliance teams can get a view onto front-office activities. Compliance teams are often physically co-located with the sales desk, so they can provide their expertise on certain strategies and generally understand what is going on in the front office. With people now working from home, firms have had to get creative to find ways to keep up this level of openness. Some desks have resorted to all-day conference calls between teams, which compliance personnel can dial into, to recreate the collaboration and transparency of the regular office environment, Rana says.
“Firms need to be focusing on how they actually continue to embed their culture across the organisation to ensure good behaviour, because I’m not convinced the kind of the big brother surveillance controls – putting video cameras in people’s home offices or bedrooms or wherever else they work from – is actually going to be very helpful or even conducive to people’s mental wellbeing in the longer term,” – Manmeet Rana, Aurexia.
However, Rana cautions against an over-reliance on surveillance tools. “Firms need to be focusing on how they actually continue to embed their culture across the organisation to ensure good behaviour, because I’m not convinced the kind of the big brother surveillance controls – putting video cameras in people’s home offices or bedrooms or wherever else they work from – is actually going to be very helpful or even conducive to people’s mental wellbeing in the longer term,” says Rana.
The regulatory view
There are a number of legal risks that are exacerbated by the pandemic, says Michelle Kirschner, Partner at Gibson Dunn in London. Market conduct is a major area for firms to focus on, but non-financial misconduct, such as bullying is another area regulators are focused on. Cyber risk and the increased frequency of cyber-attacks is an issue, as well as the appropriateness and security of home-office technology being used during the pandemic. Third-party risks also need to be on firms’ radars, such as when outsourcing providers are operating with reduced staff and what the implications of that are for the client. “Many of the risks are not new risks per se, but obviously in the remote working environment, the way in which we manage those risks is going to have to change,” Kirschner says.
The Financial Authority (FCA) released Market Watch 63 in May 2020 specifically focused on market conduct expectations in the context of alternative working arrangements due to coronavirus. Key messages centred around the continued expectation for the appropriate handling of insider information and conflicts of interest, and the maintenance of robust market surveillance and suspicious transaction and order reporting.
“Many of the policies and processes firms have developed over the years to adhere to regulations, such as those around safe harbour in 2016’s Market Abuse Regulation (MAR), will have been designed for an office-based environment, so one of the first things firms need to have done is ensure these are fit-for-purpose in a working-from-home environment.” Michelle Kirschner, Gibson Dunn
“Many of the policies and processes firms have developed over the years to adhere to regulations, such as those around safe harbour in 2016’s Market Abuse Regulation, will have been designed for an office-based environment, so one of the first things firms need to have done is ensure these are fit-for-purpose in a working-from-home environment,” says Kirschner.
Making sure employees are correctly handling inside information when working from home is essential, especially if they are sharing a workspace with someone who does not have the necessary training around insider dealing. “There is need at the moment to rollout training that is not just the standard market abuse insider dealing training, but with a particular angle on the current working from home environment. This applies to both sell-side and buy-side firms, she says.
In addition, there may need to be enhanced scrutiny in terms of what is and what is not inside information. “With the markets in a disrupted state, information that would perhaps not have been previously considered to be inside information in relation to a particular issuer may well be inside information in the current environment. Therefore, being extra attentive to information that is in the hands of both buy and sell-side to ensure that inside information is being identified appropriately, is really key,” says Kirschner.
Conduct risk and making sure that the culture of an organisation encourages and promotes good conduct outcomes have been a focus for the Financial Conduct Authority (FCA) and firms it supervises over the last ten years. Firms have invested heavily in communicating their espoused values to employees old and new in various ways. They need to continue to embed remote working employees in a culture of doing the right thing, especially those who have been onboarded since the pandemic began, Rana adds.
The role of technology
Among other things, the pandemic has caused companies across the world to revisit their business continuity plans (BCPs). “If anything is to come out of this pandemic as a new normal it will be the dynamic of an increased remote workforce,” says Rex Gooch, General Manager of Retail Surveillance at FIS and its Protegent Business Unit. “That opens questions of how to better maintain security standards, data protection and record keeping of a mostly remote workforce. It also means heavier reliance on secure web and cloud-based systems which can be accessed anywhere,” Gooch says.
“If anything is to come out of this pandemic as a new normal it will be the dynamic of an increased remote workforce…That opens questions of how to better maintain security standards, data protection and record keeping of a mostly remote workforce. It also means heavier reliance on secure web and cloud-based systems which can be accessed anywhere.” – Rex Gooch, FIS
Across all geographic regions, firms are very focused on privacy and the protection of customer information, validation of customer authenticity, security in systems, implementing more robust access controls like multifactor authentication, business continuity and testing of those BCPs, documentation of gaps in normal operating procedures vs. necessary changes in the current environment, awareness of increased fraud potential, increased consistency and frequency in communications to personnel and customers and the reporting of any issues, concerns or questions to authorities, says Gooch.
Whether the regulatory focus is more on suitability standards (FINRA), fiduciary standards (SEC), investor protection and market abuse (EU), firms must rely on systems to perform the detection of potential issues and facilitate the review and mitigation activities so firms can provide evidence of review and demonstrate the firms’ adherence to their obligations under any regulatory standard or authority, Gooch says. FIS Protegent provides systems and tools that enable firms to more easily fulfil their regulatory obligations. Having the right tools and systems is more important than ever in situations like today when there is heightened scrutiny because of the increased risk.
The pandemic has put unprecedented pressure on companies, which had to rethink much of their operations almost overnight. To fully adapt to the ‘new normal’ and ensure continued regulatory compliance, firms need to apply a blend of technology, legal and cultural strategies. Training, communication and surveillance tools all have important roles to play to keep operations on track over the coming months.
*Listen to the entire podcast series on this topic here.