Financial Services Compliance in 2021

2020 was a year like no other. COVID-19 forced financial firms to transition to a distributed workforce with employees working from home indefinitely. Compliance teams have perhaps been most heavily affected by this seismic change in the professional landscape, quickly adapting and employing new technologies to ensure their firms remain compliant while offices lay empty and employees work remotely.

One distinct positive that can be gleaned from this experience is that long-dormant plans for enhancing compliance capabilities have suddenly accelerated across the financial services industry. Senior management teams have been awakened by the threats posed by a distributed workforce and are fast-tracking new technology, processes and policies to ensure their firms are operating within regulations. What’s more, they’re even starting to understand the potential for utilizing internal data to enhance their compliance programs from being a reactive measure to a fully-fledged preventative solution.

The purpose and benefits of compliance are changing. In 2021, financial firms can expect four trends to define this rapidly evolving industry.

1. The Extension of Communication Surveillance

Surveillance must extend from just emails to numerous data streams, across text, videoconferencing and phone calls.

Think of your average day at work. How do you communicate with your colleagues, especially in remote environments? You send emails, you join Zoom calls, you message on Bloomberg chat, you may have a phone call every now and then. How many desktop and mobile apps do financial firms use to communicate and collaborate with colleagues and clients?

Communication happens constantly. It occurs across an increasing number of applications and devices. Effectively covering all applications was a challenge for compliance teams prior to the pandemic. With remote workforces blending work and personal time at home, the challenges are magnified significantly. Compliance teams clearly have their work cut out for them. The prevailing paradigm shows no signs of shifting either.

Legacy solutions and approaches often monitor one or a few channels for misconduct, but if you’re only monitoring email, for example, you’re not getting the full picture. Not even close. With communication happening across an ever-increasing number of applications, compliance teams must apply solutions that cover all internal communication channels. After all, bad actors are not naive. They are unlikely to use a common communication channel to conduct insider dealings, collude with other firms or spoof trades.

The most effective compliance solutions leave no stone unturned. In 2021, financial firms cannot afford to leave gaping communication blind spots in their compliance programs.

2. Compliance Technology Moving to the Cloud

Cloud technology will become more prevalent due to increased work-from-home conditions.

Traditionally, financial firms would insist on any compliance technology being installed on-premise. This approach requires a lengthy initial implementation process, with ongoing investment in infrastructure and operational support alongside annual maintenance costs. In return, the firm has full control over the security of the solution.

As we enter 2021, that trade-off is starting to make less sense. Sure, security is a hugely important factor to consider, but cloud technology isn’t a new thing. There are mature compliance solutions available with robust security controls that will satisfy even the most scrupulous of CIOs.

Compliance teams will embrace cloud technology at increased rates – and subsequently cut costs – in 2021 due to the rise of remote working creating a greater need for agility.

Even if we see a return to the office in 2021, it’s almost certain that some form of flexible working is here to stay, even in the world of finance where being in the office was once thought of as imperative. Cloud-based solutions are much more appropriate for a distributed workforce due to the ease of access and the lack of internal maintenance.

They also allow firms to operate with greater agility, scaling up or down dependent on the needs of the business. Increasing storage, for example, can often be a logistical headache when collecting vast amounts of data. However, with a cloud-based solution, it’s the vendor who looks after infrastructure and can provide additional resources efficiently.

Finally, passing the cost of infrastructure over to a vendor means that cloud-based solutions are often cheaper than their on-premise equivalents. With companies focused on reducing costs like never before, 2021 is the time to undergo a digital transformation, taking advantage of the savings offered by moving business systems to the cloud.

3. Machine Learning Informing Human Learning

Machine learning technology to inform “human learning,” with firms utilizing true positives to triangulate issues and identify compliance hotspots.

Compliance training is set to revolutionize in 2021. Currently, a compliance team will assess the latest regulations, incorporate them into their program and offer training to ensure employees understand the rules and how to abide by them. That’s fine for keeping the company abreast of the latest regulatory developments, but it doesn’t do much to address the actual compliance deficiencies within an organization.

Instead, forward-thinking compliance officers are starting to put data at the heart of their training programs. By analyzing alerts from compliance surveillance tools, they are able to triangulate their training based on the actual infringements that occur at their firm. For example, if they notice a spike in true positives related to collusion, the compliance officer can create training that’s tailored to that specific subject. Financial institutions that utilize such methods have reported significant reductions in true positives related to areas of misconduct that were identified.

Following such training, firms even report cases of reverse-escalations, with employees pre-emptively self-reporting their own behavior before they are caught by their compliance team. Using technology to assist with training is now vital as finance professionals are working from home and no longer embedded within the compliance culture.

4. The Development of Specific WFH Policies

Regulators have warned financial firms to have specific work-from-home policies and procedures in place.

When lockdowns first came into effect at the beginning of the year, the financial services industry was turned on its head. Transitioning a workforce from the office to the living room was a huge undertaking for companies that previously relied on workplace security by restricting off-site access. Firms should be applauded for how swiftly new processes were put in place to ensure employees were able to work from home whilst still adhering to regulations.

While it is likely that there will be a return to the office in some form in 2021, it will certainly be gradual, with many employees opting for flexible working arrangements. Firms must adjust their compliance processes accordingly, ensuring that they operate seamlessly regardless of where their employees are working.

Julia Hoggett, Director of Market Oversight at the Financial Conduct Authority (FCA), says that while in the early stages of the pandemic it was not possible to implement universal levels of recording and surveillance, firms should have now overcome these challenges.

“Our expectation is that going forward, office and working-from-home arrangements should be equivalent – this is not a market for information that we wish to see be arbitraged,” Hoggett said.

Regulators want firms to demonstrate that they have taken steps to minimize the risks associated with a distributed workforce by updating policies accordingly.

With that in mind, there are four key areas that firms should evaluate:

• Assess your compliance practices, policies and procedures to ensure they address regulatory obligations for employees working from home.
• Provide suitable training related to security and applications containing sensitive information.
• Assess systems for vulnerabilities thoroughly and ensure content from all key communication channels is being ingested for analysis.
• Increase the level of engagement with supervised persons that are working remotely.