Compliance and Conduct in the Age of Coronavirus - Are Lessons Already Learned?

When the workforce began to pivot to new work-from-home or other, varied offsite environments, virtually no area within a financial institution went unaffected by the shifts. Nearly everyone had to deal with change and make adjustments, while keeping regulators' requirements and compliance guidelines effectively managed in accordance with the laws.

Organizations for years had put business continuity plans in place and tested them at least annually to prepare for unplanned catastrophes. However, those tests were conducted over the period of a couple days. They were also limited in scope and did not include critical business relationships such as support vendors, customers, or transportation. No one could have tested for the extended pandemic we are facing today.

As new workforce regimes were put in place, initial challenges were exposed. One significant area was remote connectivity. Even today, not everyone has reliable high-speed internet, and with so many people working remotely, additional stress was placed on the capacity of the existing infrastructure. In some instances, there were groups within the financial institution that had not previously worked remotely, which meant there was a demand for new hardware and need for remote connectivity capability.

Another such challenge was the new “office environment.” People needed to establish a dedicated location where they could focus on work, while also being a parent and teacher.

An Industry in Flux

As the environment was changing, so was the industry. Many financial institutions closed branches, while main offices and locations stayed open. Those locations remained quite busy as the customer base was funnelled through them. The number of cash withdrawals increased; however, as you might expect, larger cash deposits were down, as many cash intensive businesses were forced to shut down, resulting in fewer currency transaction reports (CTRs) being filed.

The biggest challenge, which put stress on financial institutions, occurred when small-business aid was released, such as under the U.S. CARES Act or CBILS in the U.K. We quickly saw that most FIs were focused on servicing existing customers first, which on the surface makes perfect sense, as they had already gone through onboarding with these customers, and much of documentation was already complete.

But that meant that a lot of firms were left out because the bank couldn't process the volume of new customers fast enough, coupled with the fact that the institution may not have been set up to handle the flood of requests that hit them all within the span of a week or two. One mid-sized bank in the U.S. processed more loan applications in one week than in the entire year prior.

Selective Relaxation

Aligned with this activity, we noted that the Financial Crimes Enforcement Network (FinCEN) was relaxing some of the beneficial ownership rules and KYC (Know Your Customer) refreshes for SBA loans, which alleviates some work. However, many FIs continued to comply with their established corporate policies. Overall, most regulations were not relaxed, and it was business as usual.

Transactional volumes for the most part have held steady, as have the transactional alerts. Financial intelligence units are working remotely and do not have the same ability to converse in groups as they could before. They also have the typical distractions and challenges mentioned above. They need to stay focused on the job at hand, identifying suspicious behaviors. By using other communication methods, and with a common case management solution, they were able to adapt much more quickly.

Right now, uneasiness over the current environment is making some consumers more prone to fall victim to fraudulent schemes out of fear. Fraudulent activity loves to ride on the coattails of bad news. Most banks are maintaining their existing fraud strategies, and updating as needed. Wire transfers, check fraud, identity-related issues and more remain sore points on the fraud side.

What Have We Learned?

Although we were beleaguered by many of the “start-up” issues at the beginning of this, we are a few months in, and progress has been made. We are hearing from our customers that productivity is actually up. Many people are adopting staggered schedules between work and family, which is tending to increase productivity. It does need to be asked, Will that progress continue when some of the non-essential businesses start opening up?

Communication has also changed. Communications among peers started with some difficulty, as teams were not able to gather and discuss in person as they were when more formally centralized. Instant messaging and video conferencing filled the gap.

From a coordination perspective, those financial institutions with centralized processes, and utilizing a robust workflow/case management solution, are faring well in this environment. Those who did not have strong solutions in place are currently working to improve communications across the board.

As part of this, FIs learned quickly that any paper-based processes presented challenges, as some institutions still had policies requiring “wet” signatures. Adjustments have been made to address those concerns to include new digital signatures and other non-paper-based documentation.

From a regulatory standpoint, financial services organizations are still required to meet regulatory filing obligations, including that of suspicious activity. Any institutions facing concerns on meeting filing timelines should contact their functional regulator as soon as practical to work out a new timeline and make appropriate adjustments.

What's next?

The lessons that FIs learned will most likely be adapted to their best practices playbooks regardless of when things return to a “normal” state - assuming that they do. I think we can all agree, our normal state will forever be changed.

In the weeks ahead, intelligence units will review the gaps in their plans and make adjustments. There will probably be continued conversations about outsourcing models and decisions to move workloads offshore, as was reported to have caused issues. Organizations will also start looking at their locational strategy, as well as the way they process business and work with customers.

Some organizations still rely on paper and forms. For those who do, it definitely exposed weaknesses in completing work while complying with existing policies. Those organizations will likely begin to prioritize electronic documentation and adjust existing policies.

Financial institutions and their intelligence units learned a great deal from the last several months, and as we move forward there is no question that operational processes and procedures will change and benefit from current events. Only time will tell if we have been truly effective and meeting regulatory demands while serving customers.

Ted Sausen is a subject matter expert within the NICE Actimize anti-money-laundering line of business. He has over 25 years of experience and focuses on ensuring the Actimize AML technology solutions align with regulator expectations and the needs of the customer.