The Coronavirus' impact on Compliance

As all countries and businesses around the world struggle with challenges due to the coronavirus pandemic, financial institutions are experiencing additional challenges linked to the outbreak. Regulators expect financial institutions to ensure that they both continue to meet their regulatory obligations and are able to continue to operate effectively. On top of that, financial institutions need to address the new and increased compliance risks that may appear in certain areas as the crisis spreads in society.

Listed below are seven compliance challenges that financial institutions may face due to the coronavirus. This is by no means an exhaustive list and individual firms should consider the risks in the context of their specific business models.

1. Internal Governance and Control

To maintain a well-functioning GRC system as the pandemic spreads poses some regulatory challenges. Employees falling ill will most likely affect the work carried out. The availability of compliance professionals may be reduced, thereby causing further complications for businesses that need the function. Staff who carry out key functions may be personally impacted by Covid-19 and their roles may need to be temporarily carried out by others. The contingency of reporting and decision-making may also be disturbed while working remotely. While focusing on problems with cash flow and customer loss, financial institution may be tempted to relax certain controls and procedures. Even if it is understandable and in some ways necessary to re-prioritize activities and resources to other immediate or higher-risk areas, it is important to note that the virus crisis does not postpone or modify the law. These changes should be well-motivated, targeted and temporary, rather than a opportunity to ease up regulatory compliance in general.

2. Financial Crime

The coronavirus has caused drastic changes in the behavior of customers and criminals, seeking to exploit the situation, are handed new opportunities to generate and launder illegal funds; fraudsters and scammers use Covid-19 fears to sell fake cures or fund fake charities. Financial institutions should as always follow new methods through which money launderers are exploiting the pandemic and assess whether their AML/CFT compliance processes might need to change to mitigate the elevated risks. Financial institutions also has to ensure that the risk mitigating measures are carried out in an adequate manner while the employees are working from home. This is likely more difficult since working remotely may impact a number of compliance processes designed around the ability to collaborate and work closely together as a team. Including transaction monitoring, alert remediation, information sharing and reporting as well as on-boarding processes, such as document reviews and KYC checks.

3. Credit Assessments

The potential risks of coronavirus include businesses becoming insolvent and increasing unemployment levels. As a result, consumers and businesses may seek new or additional loans. Other may face financial difficulties and are not able to meet mortgage or other credit commitments. In a situation like this, it is of course vital that banks and other creditors continue to support customers and society. But it is as important to maintain robust credit assessment process that include customer's capacity to pay. It might be easy to argue that desperate times call for desperate measures, but by lending money to companies and individuals who cannot afford to pay back we might make damages worse. Taking steps away from established procedures should therefore be carefully considered.

4. Conflicts of Interests

When circumstances change, areas of conflict will also need to be re-examined. For example, the activities of sales and marketing teams must be checked, especially if their salaries are linked to sales bonuses. For employees whose compensation may be severely impacted by Covid-19 disruptions, financial institutions should consider adjusting sales targets and other KPIs to minimize any risk that employees may feel the need to resort to non-compliant behavior to meet pre-corona performance targets.

 5. Information to Customers

Financial institutions shall ensure that they treat customers fairly and consider the needs of those potentially affected by the coronavirus. Many customers are concerned about the impact of corona on their circumstances; investors are worried about the impact on their investments and holiday makers want to claim on their travel insurance policies. Financial institutions should prepare for increased levels of customer contact, be clear in the communication to customers as to what exclusions may exist which may impact on any claims resulting from Covid-19 and ensure that their operations can continue to handle complaints and claims in accordance with regulatory requirements.

6. Outsourcing Arrangements

Financial institutions which outsource services, in particular critical or important services, have reasons to monitor their outsourcing arrangements closely during the crisis. Even if the outsourced service or function isn't part of the actual financial institution, the regulated firm remains responsible for the activities being conducted by outsourced providers. In the event that the operations of the outsourced provider are impacted by Covid-19 to the extent that it can no longer meet its obligations under the outsourcing agreement, the regulated firm should take swift action to ensure continuity of business.

7. Data Protection

Working from home presents several data protection and privacy challenges financial institutions need to recognize and attempt to mitigate. Employees working from home may risk data leakages and secrecy reveals if the household is shared with other family members. Working remotely may also impact the possibility to collect, store and archive all employee communications when using different platforms and devices. Financial institutions may need to update and adapt established procedures, communications methods and controls.

To summarize; as the virus is shaking the world to its core, circumstances are changed and working procedures adapted. This may also affect compliance risks. In this state of emergency, it is convenient to think what rules and regulation do not apply or that enforcement may be put on hold. This is not the preferred approach. On the contrary, financial institutions need to ensure that they continue to meet regulatory requirements during the crisis - even if it might be slightly more challenging and time consuming then usually.