Emma Vernon is quoted in Compliance Monitor discussing how new working methods in the pandemic have impacted on compliance in the regulated sector.
How the pandemic changed Compliance
ON TOP OF THE USUAL, CONSIDERABLE, REGULATORY CHALLENGES, COMPLIANCE TEAMS HAVE BEEN GRAPPLING WITH THE SHIFT FROM FACE-TO-FACE TO ONLINE INTERACTION WITH COLLEAGUES THAT THE COVID-19 PANDEMIC BROUGHT ABOUT, ALONG WITH EXACERBATED BUSINESS AND FRAUD RISKS. NEASA MACERLEAN REPORTS ON HOW THEY HAVE ADAPTED.
Many Compliance and Internal Audit teams have had a far better pandemic than they would have predicted at the onset. Not only did they manage to keep going despite staff shortages and losing the ability to question colleagues face-to-face, but they also proved their own worth — keeping a lid on bad practice in areas they could control while fraud went up substantially elsewhere.
To prove the effect they have, these teams can make interesting comparisons between their own records and those of the state. Government departments — from Health to Business — have not emerged well (see below). [1]
And there have been many spinoff benefits for Compliance teams coming from remote and hybrid working. Emma Vernon, a regulatory partner at Constantine Law, lists some of them: a “massive acceleration in digitalisation for financial services firms” which has led into “a frictionless process with many manual control checks no longer required”; enhanced resource and data-sharing (using platforms such as SharePoint); video calling — with Teams, Zoom and other systems becoming enhanced and embedded as part of day-to-day working life; and technologies that facilitate getting ‘facetime’ with colleagues (which have been “conducive for Compliance, Risk as well as Internal Audit reviews”). She adds: “While adapting to these new digital processes has been a steep learning curve for Compliance functions it has, in the main, meant they can again focus on the greater value-add areas of their remit.”
HOW PREPARED WERE FIRMS AND GOVERNMENT DEPARTMENTS AT THE START OF THE PANDEMIC?
Compliance and Internal Audit teams were particularly worried initially about “business risks [which had been] exacerbated as a result of the crisis, such as cashflow and liquidity, cybersecurity, and fraud”, according to research from the Chartered Institute of Internal Auditors. [2] Nearly half (46 per cent) of Internal Audit teams were understaffed because of redeployment during the lockdown. Legal & General’s group chief internal auditor Stephen Licence was, like many other governance specialists, particularly concerned by “the impact of remote working on organisational culture”. [3] In the event, his and many other teams found effective ways to leverage their own resources. Using Zoom, behaviour assessment, analytics and other tools, these departments managed to keep their systems functioning well. Standard Chartered, for example, made leaps forward by introducing a behavioural risk assessment that aims to be “a forward-looking view of culture, seeking drivers of red flags that could lead to wider issues”, according to Alison McFadyen, the former group head of Internal Audit who helped set it up.
In contrast, fraud appears to have soared across the economy in areas where there were few controls. When he resigned as HM Treasury’s counter fraud minister in January, Lord Agnew spoke of “schoolboy errors” in the Treasury and the Department for Business, Energy and Industrial Strategy. He revealed that the latter had, at the start of the pandemic, “the grand total of two counter-fraud officials on its staff, neither of whom were experienced in the subject”. He did not contradict a £4.3 billion estimate of fraud posited by the Labour opposition on the coronavirus support scheme.
WILL REMOTE WORKING CONTINUE?
Yes. While certain individuals have said that employees must return to the workplace, the workforce wants to maintain flexible arrangements. Boris Johnson’s speech to the CBI in November was seen as controversial when he said: “There are… sound evolutionary reasons why Mother Nature does not like working from home.” [4] And Goldman Sachs CEO David Solomon drew negative attention in May 2021 when he called remote working “an aberration that we are going to correct as soon as possible”. [5]
Against that, Nationwide now has a ‘work anywhere’ policy for its 18,000 employees. [6] It highlights practical difficulties (“Just over half of UK workers need to be onsite — potentially opening up a new employment divide”) but thinks these are outweighed by the gains in employee trust and other opportunities. Surveys — from the OECD to business messenger app Slack [7] — consistently conclude that hybrid working is here to stay. Employee preferences for greater freedom are so strong that employers will be hard pushed to ignore them. For instance, 72 per cent of workers who are dissatisfied with their current level of flexibility at work say they are likely to look for a new job in 2022, compared with 58 per cent of all workers, says Slack.
HOW HAVE FRAUD AND WHISTLEBLOWING ISSUES CHANGED DURING THE PANDEMIC?
There are signs that workplace fraud increased at the start. In 2020, the United Kingdom whistleblowers charity Protect had its busiest 12 months in the 27 years since it was formed — up 20 per cent on the year before (to 3,845 calls). Although much of the peak initially related to the health and care sectors, it then shifted to employers across the economy who were reported by staff for misusing the Government’s furlough scene. Financial malpractice and regulatory failure made up over half of all calls to Protect between March and December 2020. So, while Protect does not point the finger at the financial services sector in particular, it does highlight general financial malpractice.
However, calls to Protect fell 30 per cent (to 2,700) in 2021. Many apparent frauds had related to the pandemic. And, says the charity, “It took some organisations a while to re-set their [whistleblowing] arrangements” to cater for remote working.
HOW DID THE FCA DEVELOP ITS APPROACH OVER THE PANDEMIC?
The regulator produced a “myriad of guidance describing amended or new expectations” as well as regulatory implementations and reporting deadlines, according to Vernon. It was a “challenge” for Compliance teams to keep abreast, she says. All business processes needed to be reviewed, she adds. Compliance teams “scrambled” to ensure they could provide the necessary guidance to colleagues on various issues including operational resilience and information security. In these areas, firms were asked to “proactively manage the increased risk”. [8]
But the situation is improving now. “Two years on the regulatory landscape has settled to more usual and manageable levels,” says Vernon.
WHAT DO FIRMS SAY ABOUT HOW THEY ARE HANDLING COMPLIANCE NOW?
Responses are very different. There are firms that will not speak publicly, and those where individuals will make a comment but only without attribution. A handful of High Street banks were clearly shocked at the attack on them by Lord Agnew, the Treasury minister responsible for counter-fraud who resigned in January. He spoke of £1bn of taxpayer funds going to the banks for defaulted pandemic loans (under the Bounce Back Loan Scheme). He highlighted “serious discrepancies” in quality assurance among the top seven lenders in his resignation speech. In reply, one senior banker is quoted in the Financial Times as saying: “Hopefully commonsense will prevail, but if it doesn’t I have literally told the Treasury and Financial Conduct Authority in meetings: ‘I hope nobody has a short memory around here folks, I have every meeting minuted,’ recording everything the Government said like ‘get these done, get these out, cut corners’, to protect myself.” [9] Four other anonymous quotes of a similar nature appear in the FT article.
We have spoken to two individuals in detail about their pandemic experience (see boxes below). And asset managers Hargreaves Lansdown as well as the Nationwide Building Society spoke to us on the record. Hargreaves Lansdown says, for instance, that it has been recording face-to-face meetings “for some years” so sees “little difference [from this perspective] between the online and face-to-face protection experience”. Expanding this theme, it expects only “a small minority” of people to seek physical meetings again. And it adds: “Increasingly, clients want as quick and as digital an experience as possible.”
Nationwide says that its Mobile Banking App (usually accessed through fingerprint or face recognition on the phone) has been “invaluable in recent months when more people have needed to call as they couldn’t get to a branch for support”. It says it had systems and policies in place, even before the virus, in response to growing digital demand. Once authenticated, customers can open other products through the app. “Doing it this way means we can pre-populate most of the application, so they can then apply for additional products with just a few clicks, creating a smooth member journey.” The bank also highlights its monitoring of suspicious transactions: “We continually learn from cases of fraud or scams as we see them and constantly update systems and procedures…”
HOW WILL OPERATIONAL COMPLIANCE BE AFFECTED?
Firms could be left without sufficient staff to carry out the work overall and, more specifically, to fill their Compliance teams. The Financial Times puts Goldman Sachs top of the “wage inflation leader board, with its pay bill ballooning by 33 per cent”. [10] The FT comments: “For many, investment banking looks less appealing post-pandemic given its demanding hours and the insistence that staff return to offices rather than work from home.”
HOW CAN COMPLIANCE MAINTAIN ORGANISATIONAL CULTURE?
The Chartered Institute of Internal Auditors makes five recommendations including: integrating culture into management control systems; conducting regular staff surveys or forums “to identify and respond to cultural issues”; implementing digital systems in a way that maintains and develops human relationships; discussing strategies with board members “before a cultural crisis takes hold”; and ensuring that management can be held to account by Internal Audit (and Compliance) over preserving organisational culture. [3]
In a blog for the Institute of Business Ethics on audit firms, Professor Chris Cowton and Dr Ian Peters say: “It takes hard work on several fronts to change a dysfunctional culture, but… a good starting point is to articulate the values that the firm wants to live by… And to really gain credibility, the values should be modelled in leaders’ behaviour…” [11] António Horta-Osório’s sudden resignation as chair of Credit Suisse in January — after a board investigation into his quarantine-breaching visit to watch tennis at Wimbledon— was an unexpected example of this issue. [12]
DOES WORKING FROM HOME AFFECT COMPLIANCE ON DIVERSITY ISSUES?
Yes, and it could be a major issue for financial services firms. Now that “diversity and inclusion are regulatory issues”, according to Nikhil Rathi, CEO of the FCA, [13] employers must avoid working practices that favour certain groups. And the Slack research shows that desire for flexible working “is particularly strong among those who have historically been underrepresented in knowledge work, including people of color, women, and working mothers”. [7] So, a traditional firm that insists on the presence of staff in the office could find itself in breach.
WHAT ELSE SHOULD COMPLIANCE OFFICERS BE DOING NOW?
They need to take careful steps to fulfil the FCA’s recent reminder that it be notified ahead of “any material changes to how your firm intends to operate”, says Vernon. [14] They should, she suggests: “consider keeping close to the firm’s decision making” and give “a brief update to a friendly supervisor” if needed. “They should also be prepared to be able to explain and provide their planning,” she adds.
Protect urges employers to revisit and (if necessary) revise whistleblowing arrangements to fit remote working— “opening new channels for raising concerns”, for instance, and “offering reassurance about protecting those who do speak up”. When people are working remotely, the charity says that it is “often much more difficult to raise concerns casually — at the water cooler or just by walking over and saying ‘this doesn’t look right’ to your manager”. But the Protect statistics show that changes to whistleblowing arrangements (as described above) do result in a marked drop in calls to its hotline.
An underwriter’s view
A senior insurance underwriter, Mike gets about 400 emails a week. Among them is an email from the Compliance team, asking him questions about his current transactions. “An email can easily be missed,” he says — adding that a Compliance one might even be overlooked and forgotten when he is on deadline for a deal. In the past, when they were all in the office, he could not avoid reminders from the Compliance manager as she would come along to his desk and wait until he gave her the answers.
Mike (not his real name) is impressed that Compliance still manage to get their emails out “even in this environment”. And he says that all the insurance firms he deals with in Britain take Compliance very seriously. But he observes that emails work less efficiently than eyeballing. “It slows things down. It also could mean that a transaction goes through [before a check was made] and then you could be in breach of the rules. That is all exacerbated by Brexit.” He has to make different kinds of policies with European Union and UK parties and, like everyone else, is finding his way on the post-Brexit rules.
“If you don’t seek advice sometimes, you can find that you have issued the policy and that it turns out to be null and void,” he says. Seeking advice was much easier in the office when he would ask everyone else sitting near him or a colleague over coffee. “I can’t tell you the number of times I’ve turned round and said: ‘Has anyone issued a policy on X?’.” That approach saved him from breaches — for instance, on making a declaration when his brother’s company took over a firm he frequently dealt with.
Dud contracts are already coming to light because of these issues, he says. And he thinks Compliance will do more to clamp down. He suggests they might be able to freeze the email accounts of personnel if they do not reply to Compliance emails in a given time. And they have the clout to do that. “Compliance have an awful lot of power. The last thing an underwriter wants is Compliance going to the head and saying I am not complying.”
An Internal Audit experience
Steve and the rest of his Internal Audit team thought they would be “severely compromised” by having to use Zoom for interviews at the start of lockdown in March 2020. As it turns out, they managed to carry on with their work. And, looking back at his experience in a global business, he cannot say whether more corners were cut by staff or not as a result of remote working.
But he does say: “The quality of communication was reduced, and it was a lot harder.” He has now left the business but his job there often involved two-hour face-to-face interviews to check that rules were not being broken. When Zoom took over, some interviewees used the audio without the visual. And, with everyone, there was a loss of the visual cues that an interviewer also pays attention to — such as gestures and body positions.
Zoom made it harder to break the ice, comments Steve (not his real name). And it took out the positive side that often emerges in interviews. “In a face-to-face interview, I was usually able to establish a rapport and some respect,” he says. “But on a Zoom call, you can sign off feeling that there is a barrier. They could be very unhappy and you would not know. So, you lose the positive side, and that positive side can be very rewarding.”
Comments