Written by Amelia Liew
Compliance Issues During Covid-19
The Covid-19 outbreak has significantly impacted most of the financial institutions, disrupting their operations, financials, risk management and internal controls. While there is no certainty on when the crisis will end, one thing is clear: the challenges are here to stay for a while. Therefore, compliance, like any other functions at most financial institutions, are now fully engaged in managing the day-to-day firefighting. However, in periods of disruption, new risks can appear quickly, and existing risks can materialize into real problems. In order to mitigate the risks, we have identified 3 compliance issues that the financial institutions should beware of during these periods.
Regulators globally have responded to the crisis by introducing new and more stringent regulations to protect financial consumers. This constant change increases the risk of companies (financial and non financial related) not complying with the relevant laws and regulations which may result in hefty penalties. Therefore, among financial institutions, a significant amount of attention is directed towards regulatory requirements so as to keep the lights on. They are trying to keep pace with rapid regulatory change, while simultaneously trying to deliver value for customers. In the new normal, it should be noted that the competitive advantage will go to those that can allocate capital in a way that recognize the correlations. It is vital that the financial institutions to have a Compliance Department (whether internal or external) which has extensive experience to deal with regulators and comply with laws and regulations and could implement reactions to regulatory changes much more quickly. Therefore, it allows the financial institutions to have the simplicity of being able to breathe easy under regulatory scrutiny while focusing on creating values to their customers.
As safe management measures are constantly changed and urgently implemented, the financial institutions have no choice but to adapt their businesses and control processes to the new environment. Some controls may need to be modified, relaxed or abandoned and some unexpected gaps may appear, without being immediately noticed. Deviations from normal checks and controls present greater opportunities for fraud. For example, being thrown into a completely new working environment, the employees may not perform controls as rigorous as usual and may miss the “red flags”. It is important that the financial institutions to conduct fraud risk assessment and update their fraud risk register and documentation to specifically consider whether there is a heightened risk of fraud as a result of the impact from the spread of COVID-19. This assessment should include any changes that have been made to the internal control environment to allow the continuing operation of the business and how these have been designed to mitigate the risk of fraud.
The sudden shift to remote offices means that many employees are now working in a less-secure environment, with a dramatic increase in electronic communications. The employees who are unfamiliar with approved telework solutions may install their own software or make greater use of personal devices for business purposes, increasing security risks. Moreover, the employees are more vulnerable to cyber-attacks such as phishing attempts that trick recipients into downloading malware or innocently providing sensitive company information. As businesses adapt to new ways of operating amid Covid-19, there could be an increase in cyber risks and hence, the need to enhance existing measures and controls. The financial institutions shall understand how their management have revisited the cyber security controls and processes to ensure that a multifaceted defense strategy is implemented. Given the frequency, magnitude and costs of cybersecurity incidents, it is important for businesses to: (i) understand the impact of cybersecurity risks on various business processes and financial reporting process; (2) ensure controls and procedures are developed to identify and address cybersecurity risks; and (3) ensures procedures are in place to provide timely updates to investors about material cybersecurity issues.
Covid-19 has been a wakeup call to all types of disruptions, from natural disasters and telecom outages to cybercrime. Financial institutions are shifting from disaster recovery to business continuity to manage risk and build resiliency to operational disruptions. During these uncertain times, it is critical to be practical and focus on what matters. Compliance is in the perfect position for the COVID-19 response period and whatever comes after. The key is to transcend the day’s challenges and get proactive with three action steps: perform a compliance risk assessment, embrace the new normal and take the lead on business continuity. By adapting quickly and planning for the new and emerging risks and challenges, compliance teams can help mitigate risk and support business strategy for financial institutions to successfully navigate this crisis.