With firms forced to use web-based channels as their primary means of communication, compliance teams need to take stock and identify any lurking digital risks to stay on top of their regulatory obligations.
It's no secret that the adoption of new digital channels has been rapidly increasing year-on-year, but as the COVID-19 pandemic emerged, the role of technology and digital communication became increasingly critical.
However, this rapid uplift in digital communication (with both customers and employees) can have unintended consequences, therefore compliance teams must take care to vet the risks early on and ensure they aren't caught off guard with their regulatory responsibilities.
To help, we decided to create a compliance checklist that highlights the key areas you need to focus on.
1. Stay informed with regulatory announcements and communicate any updates across the firm
This may seem obvious but when businesses are caught up in change it's often overlooked. When there are huge changes taking place across the market, the regulators are almost always publishing announcements. For example, when the COVID-19 pandemic began, the FCA made a statement reminding regulated firms that they are still bound by compliance obligations and that they are expected to have measures and processes in place to ensure they continue to fulfil these obligations.
We suggest setting up alerts for these activities so you become aware the moment they're published. It's then important to communicate this out to the wider business and across internal teams, helping everyone stay on the pulse of regulatory requirements so any subsequent changes aren't missed.
2. Ensure you're aware of any new online communication channels deployed
Whilst online channels and social media networks have been considered as a primary communication channel for some time, their role has now become more crucial and attracted greater scrutiny. Any new channels or networks adopted must be brought to your attention as early as possible - this means building a closer relationship with your marketing and communication teams.
For example, for the marketing team to be more effective during this period have they increased the amount of web content they're publishing? Are they in the process of setting up new microsites, blogs or social network channels to keep customers informed?
This represents an opportunity to review what processes are already in place and if these meet the requirements of the digital age. You need to check that all of these communications go through the right record-keeping and approvals process, for example, do you have a website archiving solution in place? And do you have robust approvals processes that you can evidence at a moment's notice?
For financial services customers, this is an apprehensive time, these channels are more important than ever, meaning it's vital to be able to evidence digital records of what you communicated and when - especially if there is an audit, regulatory investigation, or customer dispute in future.
3. Identify risks where employees could be using inappropriate communication channels
With increases in online interfacing, it's likely that your employees will resort to using communication methods or platforms which haven't yet been endorsed by compliance.
This poses an inherent challenge with mobile communications are at most risk of non-compliance, however, there is a degree of understanding from ESMA in recognising this predicament.
To provide flexibility, they've stated that for a limited time period they will not take action for non-compliance, but only under the guarantee that a firm meets the following criteria:
a) The firm in question has taken appropriate steps to try to ensure compliance.
b) The firm has established “alternative steps” to minimise risks related to recording failures.
c) The firm has established appropriate processes to ensure that the failure to record communications remains temporary, and can evidence that the recording of conversations will be restored as soon as possible.
d) The firm can ensure they have enhanced monitoring and ex-post review of relevant orders and transactions in place.
It's important to recognise that this doesn't remove the compliance obligations around communications, it simply means cases will be reviewed individually and penalised appropriately based on the circumstances.
4. Review your current digital platforms, ensuring any policies and access privileges are correct
In your organisation there'll be a multitude of digital platforms being used and due to the ongoing Coronavirus pandemic, new services could have been adopted too. Now would be the appropriate time to conduct an audit, reviewing the platforms you're using as a compliance team and also on a business level.
What do you have access to and do the correct individuals have the right privileges? This exercise will firm up your existing compliance measures and due to easy online access to digital platforms, there should be no issues posed despite conducting the exercise remotely.
5. Ensure all of your digital communications are archived
Since the financial crisis regulated firms have adopted the 'fair, clear and not misleading rule' as a kind of 'north star', completely changing the way they communicate and conduct themselves.
The ability to prove that products and services were communicated in line with this requirement, amongst others, has led to firms archiving all online communications - such as telephone calls, websites, blogs and social media channels. Ask yourself, are we archiving our website channels currently? How are we doing it? Would we be able to evidence what we communicated on the website from a specific time and date?
We believe these record-keeping processes require careful attention right now. To minimise the risk of non-compliance, we recommend you should archive all digital communications so you have retrievable legally admissible records available at all times.
6. Review your surveillance measures in the new remote working environment
Surveillance will also require the same degree of attention as remote working requirements persist. The core question you need to ask is, are we capturing the right activity and the right data?
With the shift to remote working, there's likely to be an impact on the relevant data points you are capturing due to this change. Review your list of monitored users and ensure that what's being captured is correct and nothing is missed.
7. Plan ahead, optimise your resources and hold your ground
With no way of knowing how long this pandemic will last, compliance teams need to consider potential changes to their available budgets and adjust accordingly.
It's a tough pill to swallow but firms will need to review budgets and make changes where necessary. Ahead of this, it would be a good exercise to review the tools you have in place, ensuring they're delivering compliance confidence to your firm.
One major benefit of digital tools and technology is that through intelligent automation, the resource burden for firms is lifted, but only if the technology is adequately satisfying regulatory requirements. For example, many firms have poor archiving solutions in place which aren't providing them with accurate, legally-admissible records, making these solutions redundant.
Manual record-keeping and surveillance is an uphill battle given the dramatic rise in web-based communication and content published, therefore adequate budget must be secured to protect the firm from risk of non-compliance. It's key for compliance teams to convey these obligations to the leadership team, ensuring the firm is protected and future risk mitigated.
Whilst we've only covered seven areas that compliance teams need to consider, tackling each of these will be a hefty challenge. As the situation changes and the role of digital communications continues to grow and expand we believe there'll be an increased focus from the regulator examining not only compliance but the digital conduct in how firms behave, manage and record their communications with their customers and employees.
Want to learn more about website archiving? To discover how compliant your current record-keeping processes are, why not download our complete guide to web archiving. Simply click below to grab your copy.