A few weeks ago, the SEC issued an important risk alert to Broker-Dealers, highlighting the challenges firms may face as a result of the COVID-19 crisis, and the importance of maintaining compliance. The report writes, “a firm’s supervisory and compliance program should include policies and procedures that are tailored to its specific business activities and operations and should be amended as necessary to reflect the Firm’s current business activities and operations.”
FINRA, as well, is offering advice, including devoting an entire page on its website to COVID-19, and you likely already know about its task force that targets fraud in the broker-dealer industry. “The task force – a collaborative effort headed by Executive Vice President Greg Ruppert – manages a centralized repository of intelligence gathered from and accessed across the organization to help ensure efficiency and maximum coordination.”
The days of light touch regulation and no action relief are now a distant memory, with broker-dealers of all sizes under an intense amount of scrutiny. Increasing levels of trade, the threat of cyber-attacks, and regulators looking to reassert their authority are major concerns, and time is of the essence to undertake a review of compliance activities. Below we highlight some focus areas for broker-dealers to consider.
Tip #1: Take Cybersecurity Seriously
Cybersecurity is a major area of concern for the SEC and FINRA. In the risk alert, the SEC encourages broker-dealers to “pay particular attention to the risks regarding access to systems, investor data protection, and cybersecurity.” FINRA has similarly offered cybersecurity advice for firms that are working from home. Meetings via Zoom and remote compliance activities are likely to be in place for the foreseeable future, and keeping information secure should be a key consideration for compliance teams.
Data exposure can come in many forms, especially where paper processes may be temporarily replacing automation. Providing employees with company equipment, rather than deploying BYOD policies, will make a difference, as well as the use of shredders to destroy physical records at remote locations.
Additionally, firms should offer more detailed guidance to home workers about routinely changing passwords, detecting phishing scams, and avoiding unsecure communication platforms.
“As Firms need to make significant changes to respond to the health and economic effects of COVID-19 – such as shifting to Firm-wide telework conducted from dispersed remote locations, dealing with significant market volatility and related issues, and responding to operational, technological, and other challenges – OCIE encourages Firms to closely review and, where appropriate, modify their supervisory and compliance policies and procedures.” ~ SEC Risk Alert on August 12, 2020
Tip #2: Build a Strong Compliance Program
Broker-Dealers need to solidify their compliance activities by investing in software solutions that improve the efficiency of processes, while providing supervisors with immediate information regarding outliers or areas of increasing exposure.
Transaction monitoring systems provide many benefits. Not only will suspicious trades be flagged, but fees, charges, commissions, and other fiscal metrics can also be monitored in real time. AML risks are always present, especially where offshore feeder structures are favored. Ensuring that these risks are known, mitigated, and recorded correctly is increasingly important.
A high-quality compliance software solution is designed to offer an umbrella of coverage, leaving organizations completely protected while they manage day-to-day operations. Ideally, the software should be personalized to your firm’s needs and built around the standards required by your compliance function. When implemented properly, software oversight can be a business improvement, leaving human resources to focus on operations while the tech automates compliance workflows.
Tip #3: Integrate Compliance with C-Level Leadership
In our years of experience, we’ve seen a gradual diminution of the attitude that compliance, marketing, and sales cannot coexist. The most effective firms place a high emphasis on GRC and include compliance as part of C-Level leadership.
Those leading the compliance program need to understand the business as a whole – its trading environment, its risk appetite, and the flexibility it provides to its staff. Your firm’s compliance program should not be designed solely from a compliance perspective, but co-created across the organization, with ultimate oversight by the CCO and C-level leadership.