Are There COVID-19 Silver Linings? Some Risk & Compliance Lessons
It’s not too premature to identify lessons learnt from the pandemic. Many organizations around the world are already applying themselves to identifying any insights the outbreak has provided they might use to bolster their operations given the long-term implications of COVID.
These key learnings were at the heart of a panel discussion at the recent Mitratech Virtual Summit: The Future of Compliance. Henry Umney, SVP Commercial, GRC, Mitratech hosted the conversation with Sam Lee, Head of Operational Risk at SMBC, Richard Smith, Risk & Compliance Consultant, and Dan Torjussen-Proctor, Director, UK Finance.
Looking at the initial response to COVID, Dan and Sam felt that companies had reacted very well to the situation. In the City of London, circa 300,000 bank workers successfully made the switch to working from home in around 10 days, which was a testament to both organizations and their staff.
Technology was clearly an enabler of all this; however, both suggested this successful accomplishment was likely to drive a range of data management, privacy, and compliance issues that needed to be understood and managed.
An opportune moment for OpRes
Sam felt that the current UK regulatory initiative Operational Resilience (OpRes) – designed to help financial institutions address significant business interruptions – had come at an opportune time. In preparing for it, there had already been some internal thinking and preparation at companies about how best to respond to a range of situations, so managers were better placed to respond to such an extreme event.
The OpRes framework also provides a model for sustaining a mixed home working/office working environment, helping institutions balance the now more complex needs of customers, staff, and regulators. Sam also stressed the need to distinguish between crisis management, in which institutions are typically well-practiced, and sustained resilience, where the focus is on mastering the mundane detail of points such as having sufficient broadband bandwidth or ensuring staff possess laptops and other devices that are sufficient for the demands of their work.
Differing financial services approaches to resilience
Dan observed how UK finance professionals were able to confirm their operational robustness, but had maintained it by taking different approaches.
Smaller institutions had been able to show greater resilience through greater agility, by having closer links between management and the technology stack (see the Family Building Society case study as an example), with larger institutions instead relying on their scale and reputation to assure their resilience.
A transition to hybrid work models
One consensus from the panel? That at least for the near future, there would be a transition to a hybrid working model, where some staff would work from home, with others situated in the office. One point about this was that there might less need for ‘presenteeism’, and greater focus on outputs and outcomes.
Richard highlighted the need to find and address risk events that had already occurred owing to sustained home working. Regulators are not allowing organizations to relax their standards, but Dan pointed out they’re seeking ways, with industry feedback, on how best to handle the current situation and the use of sustained hybrid-working models.
There are management and compliance challenges with these hybrid- working models, it was agreed. Not being able to ‘walk the office’ made it harder to gauge the dynamics of a team or business. Sam and Henry suggested management needed to find ways to facilitate the coaching and counseling conversations necessary in managing a business unit. Sam also highlighted the need to maintain the monitoring of issues like insider trading, or anti-money laundering for example, that can arise from sofa-based working.
New relationships between companies and suppliers
Another point that Richard flagged? The potentially changing relationship between customers and their suppliers. Organizations may need to decide if they need to offer additional support to their closest business partners, if they experience business difficulties caused by the disruptions of COVID.
Equally, businesses need to be realistic about the possibility, even likelihood, that failures in their supply and distribution chains will affect them, and plan alternative sources of supply and channels of distribution if necessary.
All of the panelists agreed that right now, businesses are reviewing their risk management, policies, controls, and compliance processes in the light of a hybrid-working model. This would likely entail greater investment in automation, with more innovative and dynamic processes being necessary to help organizations transition to a “new normal” where this more flexible workforce is a fact of ongoing business life.