Post By: Shin Park, Product Marketing Director, FinScan
The COVID-19 pandemic has left the compliance community with increased exposure to risk
The Coronavirus pandemic has had profound effects on all aspects of social and economic norms, and has forced a swift adaptation of new processes such as social distancing and remote work among society. The effects of this pandemic have also had repercussions in the compliance community, and according to FinScan’s May 2020 report which surveyed those in the anti-financial crime community — such as regulators, auditors, compliance professionals, and consultants — many organizations feel that their risk of exposure has increased. But what are the reasons behind this increase in risk and what are the implications for the compliance community?
Compliance Controls and Processes Disrupted
Four factors contributed to the increased risk levels experienced by compliance departments
As a result of the global pandemic, businesses were forced to close or move their operations entirely online in a very short amount of time. Thrown into crisis management mode, companies saw a disruption in their everyday compliance controls and processes due to four main reasons:
- Remote working conditions. Many companies had to switch to remote-only operations due to stay-at-home orders, causing delays in return to business as usual. Having employees at home with no automated monitoring system in place also was a cause for many respondents to believe their risk increased.
- Inadequate IT support and system structure. IT systems were unprepared to bring employees and their systems online for remote work, which disrupted compliance processes. Most systems were designed to stay safely behind the firewalls, and not branch out onto remote or cloud services.
- Suboptimal due diligence on new business opportunities. Because of remote working conditions and the lack of proper IT support, proper due diligence was lost for new business onboarding. Instead of focusing on proper compliance procedures, due diligence was de-prioritized as more resources were put into the survival of the organization.
- Rushed roll out of online services. As businesses struggled to get systems online and employees set up for remote work, there were gaps in processes which led to increased exposure to criminal activities as well as increased risk of non-compliance with the regulatory requirements.
According to those surveyed, 53% expected an increase in their risk exposure due to the significant disruption caused by the organization’s crisis management efforts.
The COVID-19 pandemic created problems for those compliance organizations who did not have the proper support necessary to work remotely.
What’s driving the increased compliance risk?
Those who reported that their compliance risk level had increased because of the pandemic’s disruption of their processes expected to see a rise in criminal activity exploiting their online systems. They also were concerned that due to the increase of online transactions (since face-to-face encounters have been eliminated), there was the possibility of data leaks from employees operating on personal systems remotely. Having limited resources to maintain and monitor everyday procedures was also a concern. Additionally, due to the pandemic, many companies had to put on hold some of the compliance initiatives that were imperative to constructing new systems and controls.
As many government services essential to the compliance community were either shut down or only partially in operation due to the pandemic, it made it difficult for compliance departments to resolve questions and concerns required to continue everyday processes and meet regulatory deadlines. Together these drivers caused those in compliance to have a heightened concern about their risk exposure.
Are there any risk mitigating factors?
However some respondents were optimistic and saw that there are some factors working in their favor, and either felt that their risk stayed the same as before the pandemic, or had decreased. For example, as companies were forced to close down or go remote there was an overall slow down in the amount of transactions taking place. With fewer customers to conduct due diligence on, the perceived risk exposure decreased.
Another factor that organizations cited as having a mitigating effect on their risk level was whether or not they had a business continuity plan in place. With the disruption of COVID-19, those companies who were more prepared with the infrastructure and support required to move operations remotely did not see their risk increasing as much. Having a way to manage processes and people went a long way in determining whether an organization’s risk increased.
Implications and Going Forward
How can compliance organizations decrease risk exposure in the future?
As the results of this survey point out, many compliance organizations around the world were caught off guard by the disruption to productivity brought on by the COVID-19 pandemic. However, there is a strong correlation between organizations who have a business continuity plan and the level of compliance risk. Those that planned better, saw their risk stay the same or had it decreased.
With better infrastructure and digital support, companies reporting lower exposure to risk were likely spending less time in crisis management mode, and more time getting their jobs done. In order to avoid the type of unplanned exposure brought on by the pandemic, compliance departments should work on building their infrastructure around flexible options that will allow them to return to business as usual much faster. Some of those efforts could include:
- Creating a workable digital infrastructure
- Developing “anytime, anywhere” compliance support system
- Building better criminal detection and screening tools and updates
- Having an automated staff monitoring system in place to reduce risk
As compliance professionals prepare for the new normal, it is imperative that they create a detailed continuity plan with a risk-based approach in mind to help them return to everyday operations as quickly as possible and reduce their risk exposure in the future.