I recently came across an article suggesting that the compliance functions of financial institutions are to become the subject of significant job cuts over the coming months, and whilst it comes as no surprise that firms seeking to increase profitability look to reduce spending in areas that do not generate revenue, without skilful handling such activity has the potential to compound the increasing risk of compliance breaches that is an inevitable result of the unprecedented operating environment we now find ourselves in.
Compliance breaches ultimately come about due to the actions of one or more individuals and although said breaches are not necessarily criminal offences it is helpful to reference the theory of criminology when understanding how best to detect, investigate and prevent such behaviour:
Means, motive and opportunity are commonly cited as the key factors to consider when attempting to identify the perpetrator of a crime; so if we consider these dimensions as the ingredients required for a crime to be committed it follows that as the number of people with the means, motive and opportunity to carry out criminal activity increases so to does the the likelihood of a crime occurring. Should we accept these well-established principles to be the case then those with responsibility for ensuring that firms adhere to the laws and regulations governing the financial industry have good reason for concern that the circumstances created by the Covid-19 pandemic will lead to a surge in the number of breaches coming to pass.
The most obvious impact of the virus on white collar industries has been the dramatic increase in the number of employees working remotely and in order to facilitate this change systems and information that might previously have been accessible only to staff physically present on company premises have been made more widely available, in other words employees now have the means to break the rules from the comfort of their own home. The purpose of restricting remote access to certain systems is not purely driven by security concerns however; it is also far more challenging for a firm to monitor the behaviour of the staff using those systems when they are not located on-site and that being so, the shift to remote working has certainly increased the opportunity for people to breach regulations without it being noticed.
The physiological effects of the change in working patterns must also be considered; a number of studies over recent years have concluded that whilst employees' work-life balance undoubtedly benefits from the ability to perform their duties remotely, it can simultaneously contribute to feelings of anxiety, isolation and burnout as well as making it harder for an organisation to maintain a particular working culture. Psychologists have long recognised the fact that people whose actions are visible to others tend to act in a more socially responsible fashion (in fact people merely need to feel that they are being watched for their behaviour to improve) and so the communal environment of an office actually serves to provide a degree of "natural deterrent" against selfish behaviour, something that is eroded by the shift to remote working. Together, these factors all contribute to increasing the motivation of employees to break the rules.
On the subject of motive, the financial downturn caused by the pandemic has led to (or accelerated) job losses across many sectors and even those who retain their positions can expect reduced compensation (despite sometimes record-breaking performance) whilst continuing to feel insecure in their employment. This situation puts pressure on household finances and generates negative sentiment towards employers, which can serve to encourage employees to take action that benefits themselves at the cost of others. Restructuring a company to fit the new environment may do more than simply motivate staff to break the rules, it could also present them with the opportunity to do so by creating gaps in risk coverage whilst staff settle in to their teams and responsibilities, and controls are adapted to fit the new organisation and business processes.
I have thus far painted a pretty bleak picture of the compliance landscape, however whilst restructuring and downsizing may contribute to an increased level of risk, by encouraging firms to examine the way they approach the management of that risk I believe that it also presents an opportunity to improve the effectiveness as well as the efficiency of the controls that they deploy (as discussed in my previous post): Rather than simply reducing budgets across what are generally separate business functions and departments, I would suggest that savings are best achieved by recognising the fundamental similarities in the processes, skill sets, technology and information required to mitigate multiple forms of operational risk and carefully identifying options for consolidation and collaboration from a boarder perspective.
Having spent the last couple of years working as part of a team from DMW to promote and implement an entity-centric, intelligence-led approach to managing compliance risk that enables exactly this type of consolidation I can safely say that this is more than speculation; in fact earlier this year we demonstrated the similarity between the approach and technology being deployed to detect and prevent market abuse and those that could be applied in relation to mitigating "Insider Risk" (i.e. theft, sabotage, fraud etc. committed by employees) at our current client.
Whether the current situation will become the "new normal" for the financial sector is debatable, I have seen articles talking to the preference of firms to get staff back into offices as quickly as possible (primarily due to the increased risk presented by home-working that I outlined above), as well as those citing the large proportion of staff considering a career change as a result of their experience of working through the pandemic. What is clear though is that cuts are coming to compliance departments and unless companies consider improving the effectiveness of their risk mitigation alongside cost reduction targets, my prediction is that in a few years time we will see a number of significant enforcement actions brought about as a result of on-going bad behaviour stemming from this period going undetected.
I am currently working with Matt Pockson and a team from DMW in defining an intelligence-led, entity-centric approach to managing the risk posed by market abuse and conduct regulations at a global FS client, so if anything in this post has a struck a chord or piqued your interest feel free to get in touch to find out a bit more.