COVID-19 has caused huge disruption to working practices in financial services across the globe, with many people now remotely communicating with colleagues rather than face to face. And while this may have accelerated a paradigm shift in the way we operate, close attention must be paid to the potential rise in compliance risk caused by working from home.
- The impact of COVID-19 has caused upheaval in financial services working practices. E-communications have evolved rapidly to become the ‘new normal’ for colleagues to interact while they are working from home.
- The financial services sector has shown great operational resilience. People working from home have largely been able to continue with their daily workflows uninterrupted.
- However, the move to the ‘virtual office’ has exposed companies to a new range of compliance risks, in areas such as confidential information sharing and intellectual property protection.
The market disruption caused by COVID-19 has accelerated the path of some key trends and behaviors in our societies, reshaping the way we interact, socialize, learn and work.
Crises pose challenges and force us to re-think, re-strategize and look for better solutions. Similar to conflicts and other global shocks, the current scenario is acting as a reset and driving innovation, but also polarizing wealth and creating greater inequality in society.
While COVID-19 can be perceived as an important moment to reset our lives to the right sequence of priorities, it has undoubtedly changed the way we work.
Adapting to working from home
Some industries have been severely hit by the crisis. Others, meanwhile, have found new opportunities or have had to quickly adapt. For those adjusting to this new scenario, access to internet, hardware and collaboration tools has played a crucial role in enabling daily activities to continue.
Financial markets have seen little difference. Almost all employees are able to leverage home connectivity, VPNs, authentication systems and a wide range of collaboration tools to continue their daily workflows.
Initially, accessibility and security were the first deliverables that helped to guarantee the continuity of operations. Some would say it was a great opportunity to test those emergency plans and protocols, but also those IT infrastructures that were not designed, in the first instance, to deal with a scenario only Hollywood could dream up.
The ability to employ operational resilience is crucial.
Before the pandemic hit, we could already detect growth in the amount, size and variety of social media and collaboration tools permeating our professional and private lives, with undesired overlaps between the two.
At the start of the year, nobody could have anticipated the increase in the use of collaboration tools. This change has revealed how interconnected we are, how much we depend on social relationships, and how easily our access to the internet could help facilitate or harm our daily private and business activities.
As the chart shows, our real-time message rates, that typically see 80 billion messages a day on our core network, have leapt to double that volume, reaching a peak of 176 billion messages on 28 February.
Financial trading activity moved to the home, leveraging company hardware (in most cases), secure connectivity and collaboration tools.
Microsoft Teams experienced a huge increase in users and usage, as did several other collaboration platforms, including some brand new ones. Team drinks became virtual as well, with colleagues connected from their homes.
Most financial market players reported no big issues, and the transition was smooth, sometimes even faster than anticipated. Business continuity was achieved, and there were no market crashes caused by operational and infrastructure failovers.
To avoid overloading operations, regulators helped by easing elements of their regulations, and slowed down the need for the industry to adopt incoming rules.
Some companies have observed increased productivity in their workforces because of reduced commuting times and increased interconnectivity time, and workers displaying resolve in circumstances that have pushed many to do more while dealing with family responsibilities. But what are the challenges this new normal is hiding or introducing?
What’s changed in e-comms?
Over the past five years, the growth in electronic communications has been driven by the evolution of collaboration tools and better connectivity, while the velocity with which we are able to interact has more than doubled.
The picture is the same when it comes to volumes. Attachments, pictures and files have become bigger and are easier to share and store. And the amount of data that needs to be stored for compliance purposes has rocketed.
At the same time, the amount and variety of collaboration tools has improved and expanded to include not only enterprise offerings — Microsoft Teams or Skype — but also pure social media tools — LinkedIn, WhatsApp, Telegram, WeChat.
There is now much more choice, although not every tool will be approved by every company. And when client interactions start going ‘offline’ on a chat or a public social media channel, how vulnerable are we? For instance, in January JP Morgan took action against a trader for using WhatsApp at work.
What impact does regular working from home have on our conduct, and consequently, compliance risk?
Moving the workplace to the so-called ‘virtual office’ can expose us to greater compliance risk when it comes to confidential information sharing and intellectual property protection, along with exposure to a wider set of cyber risks and potential misconduct scenarios.
For trading teams, mobile devices and the potential lack of control on social media and collaboration tools means that compliance teams need to be more vigilant.
Although we keep a positive outlook on our future, some companies are adopting a longer period of working from home — some are even adopting it on a permanent basis — raising multiple challenges for compliance and audit teams to track every channel of communication.
For trading teams working from home, mobile devices and the potential lack of control on social media and collaboration tools means that compliance and audit teams need to be more vigilant because a substantial set of new challenges will need to be addressed.
Archiving per se alone will not be enough, but it will be a key requirement to start extracting value from this data, in order to analyse patterns, recognize behaviors and adhere to policies to avoid potential employee misconduct.
Ultimately, it all goes back to individuals, ethics and conduct.
Conduct and compliance risk
Stricter guidance and updates to company e-learning sessions are required to better handle this new nuance of compliance risk. Indeed, a review of the current design is necessary in the following areas: Internal policies; learning paths; governance and crisis management frameworks; business continuity plans; company ethical codes; electronic communications archiving and monitoring tools; and adherence to local laws and industry codes of conduct.
Electronic communications and unstructured data — growing through all areas of velocity, volumes, variety, virtual, vulnerability and value — require special care in the current environment. In an already fragile economic environment, damage to reputation can compromise the future of any organization.
Surveillance and value creation
When it comes to conversations and electronic communications related to transactions, it‘s not just about telephone and email. MiFID II Record Keeping clearly defines what is required. Additionally, storage needs to be secure, to enable proper search functionality and to ensure integrity. In the current working-from-home environment, this is very relevant.
But is it just about archiving and searching? Much of the new paradigm of e-comms surveillance relies on the ability to extract value from those datasets.
The aim is to recognize patterns, avoid misconduct cases, and to learn and adapt policies. A proactive approach to surveillance and monitoring should take into consideration comparing, filtering, deleting when requested; and leveraging analytics to recognize and shape behavior. And again, when it comes to efficient and safe markets, it is all about transparency.
Refinitiv Compliance Archive
Refinitiv Compliance Archive, powered by Global Relay, is a unifying cloud-based compliance archive for unstructured message and trade data from over 50 sources. It is designed to help compliance and audit teams reconstruct, oversee and efficiently analyze activity.
Its full suite of surveillance and trade reconstruction capabilities ensures that firms maintain complete visibility into their trade and communication activities while meeting their regulatory mandates.