The spread of the COVID-19 pandemic has presented challenges for many financial service firms. Compliance programs are no exception. Firms are generally responsible for building, testing, and enforcing their compliance programs.
For many firms, elements of the program have been scrutinized and put under heavy stress. Compliance leadership is now more important than ever. During this time, there are key opportunities to add value to the firm’s overall program.
Testing and Internal Review
Many have been thrust into a surreal moment in time that may feel like the twilight zone. However, this time is a key moment to look at evaluating the critical functions of your program during this “stress test”. A few months ago, FINRA released Top 5 Stories from FINRA’s Biannual Cybersecurity Conference. One of which was a useful “tabletop” exercise where the CCO proposed a scenario (i.e. cyberattack). They put everyone in a room and closed off access to electronic systems. They then worked through the scenario based on their written procedures and practical procedures. The SEC also recently published its Cybersecurity and Resiliency Observations noting key failures in cybersecurity programs and other programs within the Firm.
During moments of crisis, either real or as a scenario, many firms can now see the deficiencies in the program and create practical solutions that both meet regulatory requirements and accomplish the goals of the specific program. FINRA recently released NTM 20-08 to give the Firm’s additional guidance on relevant information affecting the industry members. Important items include:
- Telework Arrangements
- Form U4/U5
- Emergency Office Locations
- Communicating with Customers
- Communicating with FINRA
- Military Personnel
- Regulatory Filings and Deadlines
Some firms have instituted mandatory teleworking requirements, and others have essential staff still working within the office. Either way, this is a perfect opportunity to collaborate with your team to understand the challenges and risks within your compliance program.
Risk assessment testing is a vital element in every program. Understanding and documenting various risks to the business (i.e. enterprise, compliance, legal, cyber, etc.), creating mitigation strategies, and mapping these to procedures is not an exercise for solely the compliance department. Collaboration with other critical team members (i.e. operations, marketing, legal, outside vendors) and stakeholders builds a level of depth and often uncovers challenges and risks that would not have been revealed without this input.
If your firm has a bit of downtime, connecting with your team (virtually or in-office) can provide both present and future value. Both the SEC 2020 Examination Priorities and FINRA Risk Monitoring Letter may provide useful planning tools during this process.
Innovation and Leadership Thinking
This may be an opportune time to look at innovating your firm’s current program. From technology advancements, streamlined reports, project management tools, and collaboration strategies, many firms have been thrust into learning what many other industries are already doing, creating a compliant yet innovative program to help support the business, streamline collaboration and effectively minimize risk. Compliance departments can help not only protect the organization but also be key leaders during this time.
Check out our previous blog posts on other key compliance considerations during the COIVD-19 pandemic.
Contact us today to learn how our team of expert consultants can help your firm add value to your compliance program even during these challenging times.