Compliance is the metaphorical sun that the financial industry orbits around. Yet, even though regulators have established the gravity of the situation, common communications challenges continue to leave firms free-floating.
Despite efforts to implement bans and build policies, firms find themselves in retrograde motion when monitoring and capturing conversations. The pursuit for effective solutions continues and is an especially urgent task considering the intensity with which off-channel communications and recordkeeping failure enforcements have been distributed.
On December 7, 2023, financial compliance experts contemplated the communications conundrum in our “Comms in crisis: why is it so hard to communicate compliantly?” webinar.
1. 59% of compliance officers have banned commonly used IM channels, yet only 2.6% think these bans are effective. Why are compliance officers using bans if they don’t think they work?
Bans have long been a method of resistance when it comes to noncompliance, though enforcement actions have shown that they are not foolproof. Scott McCleskey, Executive Director of Compliance Training at Sumitomo Mitsui Banking Corporation, explained that there are two kinds of violators: those who breach policies inadvertently and those who do so intentionally.
Hoda Aden Mohamed, Corporate Compliance at Nordic Semiconductor, added a noteworthy point, which is that there could be a third group of violators – those who know the rules exist but believe off-channel comms is either a minor infraction or a parameter they can defy based on the circumstances, such as responding to a client on their preferred platform.
While some offenders may not be defying policies out of ill intent, the fact remains that communication channels are one of the means by which other, more severe violations transpire. Failure to record data is a big deal because if misconduct does occur, there’s no trail to follow or messages to investigate.
Alternatively, Rob Mason, Director of Regulatory Intelligence at Global Relay, said there is a cost element to banning. Often, it is a quicker and cheaper option. Firms may also be contemplating the purpose of spending money on a solution that cannot impede every possible compliance risk.
However, regulators want to see purposeful action that proves firms are doing everything in their power to catch and mitigate risks despite the possibility of misconduct. McCleskey said:
“There isn’t going to be a watertight solution here – that’s just not the nature of communications. You will wind up addressing two different populations differently: one may be through training and education, and the other may be through disciplinary action.”
The bottom line is that bans should be a placeholder as firms determine the best tools to implement when adapting to modernized compliance risks. Proactivity and resolution are always the best way to address these issues head-on.
2. Is 100% compliance really possible? What do regulators expect when it comes to communications policies?
Generally, regulators want to see a defensible position and thoughtful strategies. Firms need to demonstrate that there’s logic behind the actions they took. Ask yourself – how effective are your processes? Implementing thorough solutions that can tackle noncompliance and surveillance at a broader range are valuable, though they involve multiple technologies that take time to build.
Realistically, 100% compliance isn’t possible. Humans are not infallible, meaning that the margin for error will always exist. Though there is a chance that violations will occur, firms shouldn’t “let the perfect be the enemy of the good enough,” McCleskey said, and instead establish what’s in their power when implementing policies. If firms do what they believe is right, it is more likely that this will better reflect on them in an investigation.
Mason explained that firms must be able to walk through the steps they took and rationalize the thought process behind their actions. In urgent situations where misconduct occurs, if your firm has an all-encompassing policy that is strictly followed, regulators are more inclined to take a lenient view, even if you end up with the wrong conclusion:
“Inevitably…you’re making decisions on the basis of imperfect or somewhat incomplete information, and it’s easy to look back…and second guess that with the benefit of hindsight. But the decisions need to be taken…and you also need to be in a position where you take responsibility for those decisions on the basis of the information that you’ve got.”
3. Why do employees fail to follow policies even when parameters are laid out? How can firms persuade employees to take policies more seriously?
Tone from the top is a phrase those in the industry often hear, but this is really a buzzword for something more fundamental – leadership and action. Mohamed stated that people “absorb the attitude of their manager and won’t take the parameters seriously if management doesn’t.”
McCleskey encouraged firms to engage their staff in training. When educating employees on regulations, avoid using complex legal terminology and instead be succinct and clear in explaining the rules. Provide scenarios that demonstrate the consequences of misbehavior so that people actually retain information.
Just as importantly, and especially relevant in recent enforcements, emphasize that senior managers need to set a precedent. When laying out expected behavior, Mason proposed, “How can they expect others to do as I say and not as I do?”
Firms must maintain and exemplify appropriate practices while retaining staff’s best interest, which can be difficult in a highly pressurized environment. Mohamed underscored the importance of a robust speak-up culture and channels staff can utilize to report misconduct. This way, firms can address suspicious activity preliminarily and take internal action when necessary:
“It’s important to know that even senior managers…aren’t beyond reproach. That’s an important element so that someone at the top can’t just do what they want because that sets a bad trend and taints the culture of the organization.”
Alongside tone and culture, firms are taking practical steps by determining their market abuse risk assessment. Conducting a detailed review of your communications channels to establish a complete population of related risks helps identify the scope of surveillance, which means compliance teams can feel comfortable that they are well-equipped.
4. If violations occur, what’s the best course of action? Should firms self-report, or conduct internal investigations first?
Firms should first exhaust the data internally to get a complete picture of the extent and intent of an identified wrongdoing. After determining the facts, self-report any compliance breaches. On top of this being good practice, regulators have stressed that they are more lenient when it comes to self-reporting. There’s a chance the wrongdoing may come to light later and can backfire if firms chose to stay quiet.
It’s easy to be wary of regulators, knowing they have the ability to take influential disciplinary action. However, firms should remember that a regulator’s main goal is to preserve an operative industry. Therefore, working with instead of against them will help keep firms on the right track.
When juggling culture, compliance, and communication, consistently enhancing policies and representing the behavior expected within the workplace will help encourage good practices. Though ultimately, deploying a defensible solution that enables business flow without restrictions will tackle noncompliance holistically.