Bates Practice Leadership Insights: What Compliance Officers are Thinking About Now
During this transition period between what was and what will be the “new normal,” we thought it timely to provide some current thinking from top Bates’ leaders on clients’ immediate and near-term compliance challenges. While no one knows with certainty what the future holds, these “leadership conversations” are intended to share some insight from experts on the front line. For our first conversation, we caught up with Robert Lavigne, Managing Director and Bates Compliance Practice Leader, and Hank Sanchez Esq., Bates Compliance Managing Director and former SEC and FINRA regulator, to get an understanding of what they are hearing from compliance officers right now, as well as advice for compliance teams in the "new normal." Here is a recap.
Question: What are the top concerns you are hearing right now?
Bob Lavigne: “Our compliance practice is fielding a large number of implementation questions concerning Regulation Best Interest (Reg BI). We anticipate that most firms are making good-faith efforts to be in compliance by the rule deadline, so we are preparing for—and have been heavily involved in—what we refer to as ‘Day 2’ work. This includes, just to name a few items, tuning product score cards and product rationalizations, supervisory processes, branch office inspections, compliance testing and book and records reviews.”
Hank Sanchez: “Reg BI remains the top concern. I would only add that we are addressing many questions related to Form CRS (that is, Reg BI Customer Relationship Form disclosures), including process questions concerning how and when to deliver these forms to clients, and ensuring that language in the separate disclosure documents concerning conflicts and fees is clear and adequate.”
Lavigne: “There are of course some firms, usually small- to medium-sized, that have not yet fully prepared for the implementation of the rule. We are currently working with some to help them catch up and be compliant on June 30th.”
Sanchez: “That’s right. Those that are just now trying to catch up can still evidence the necessary ‘reasonable’ attempts to comply, but they will certainly be scrambling to catch up after July. Those firms should understand that the delay may affect their ability to complete the rest of their compliance requirements in the second half of the year.”
Question: How has the Coronavirus affected client efforts to meet the compliance deadline for Reg BI or other compliance goals?
Lavigne: “Many firms that have diligently prepared policies, procedures and operations to meet Reg BI and Form CRS deadlines are now confronting pandemic-related challenges around training. They are also concerned with their ability to supervise and execute new policies and procedures, in part because more of their employees are working remotely.”
We are also responding to pandemic-related questions on conducting branch inspections, which would typically be done on site. FINRA requires on-site inspections, but ‘on-site’ is more complicated now. During the pandemic, on-site will likely be remote. Some firms have delayed their branch inspections during the pandemic. Compliance teams have been limited in their ability to review, and will also have to play catch up.”
Sanchez: “Firms are facing additional technology challenges as a consequence of COVID-19. Some firms did not have the initial ability for compliance staff to access supervision systems immediately when the lockdowns occurred and had to use work-arounds when those problems popped up. Technological issues continue to crop up in many places, including, for example, in trade reporting and surveillance for firms with trade desks.”
Question: What does post-COVID-19 compliance look like?
Lavigne: “As firms make the slow transition out of lockdown mode, they will be forced to address the fact that some ways of doing business simply will not go back to the way they were. From a compliance standpoint, firms must think seriously about the adequacy of their remote working policies and if they are scalable in a new environment.”
Sanchez: “The pandemic is accelerating and intensifying previous trends, but the bottom line is that greater reliance on remote working arrangements can cause serious and even unexpected compliance and supervisory issues, depending on how much business is being done out of someone’s home or other remote location. So, as risk assessments and business continuity plans get updated and firms prepare for contingencies that may keep brokers and advisers out of the office for extended periods of time, firm leadership will have to face the realities of more comprehensive remote compliance. This will cost firms money and maybe require additional staff as well. In the longer term, new roles may need to be defined, new techniques developed, and compliance staff will have to become more proficient in them to fulfill regulatory requirements.”
Lavigne: “I should note that our practice group is also responding to a host of non-Reg BI pandemic-related challenges which we anticipate will last for quite a while. These concerns are quite diverse. We are working on everything from work-life business culture issues to proper use (to ensure forgiveness) and disclosure around PPP loans.”
Question: What are regulators looking for at this time?
Lavigne: “Regulators are looking to see that firms are making a good faith effort at implementing changes right now, as well as looking at how firms are adapting to the changing environment. It is important for firms to make sure that policies and procedures are still being followed and, perhaps as importantly, that compliance efforts are visible throughout the organization. This means reaching out to representatives and branches proactively and in real time. Being able to evidence your change management and implementation will be key when speaking to a regulator about your Reg BI program.”
Sanchez: “As a practical matter, if I were a compliance director right now, I’d be most concerned about what didn’t work in the business continuity plan and getting it fixed. Next, I’d be wondering how to do post-mortem testing to ensure things were done properly during the lockdown and to identify what needs to be corrected. For instance, were supervision and surveillance programs up to the task? Did they work? What needs to be corrected? Following that, there should be thorough updates to the firm’s risk assessment (as well as the business continuity plan) to cover any new or foreseeable events—meaning, at a minimum, any shutdown of a home office for any length of time longer than a day or two.”
Lavigne: “Regulators are going to ask you whether the business continuity plan worked or not. Firms should take the time to review what did and did not work and make sure they address the areas of concern. The answers will matter. Now is the time to address it.
Sanchez: “Beyond these heightened and immediate regulatory concerns, it is abundantly clear that directors must remain on top of firm compliance with respect to anti-money laundering and cyber programs. But it also requires compliance officers to pay attention to those areas where regulators have specifically highlighted their priorities, including continuously addressing privacy-related policies and procedures and ensuring electronic delivery of required forms to customers.”
Question: What is your outlook on the market going forward?
Lavigne: “Keeping up with compliance responsibilities during ‘normal times’ is challenging. These are not normal times. During COVID-19, even the ordinary compliance tasks present unexpected challenges. But COVID-19 also presents an opportunity to take a hard look at the entirety of your compliance and supervisory operations. We suggest that firms take this advantage to reassess old programmatic approaches to compliance and consider supervision and risk mitigation through greater use of data and technology. That may yield cost savings and regulatory benefits long-term.
Sanchez: “During this time, taking a moment to survey the overall compliance operation would be valuable. Firm leadership should acknowledge what worked well and who made it happen. That they got it right should absolutely be recognized. For those firms that struggled, this is also an important moment. Those firms should engage in an assessment of the role of compliance management within their business. Perhaps, firm leaders may consider providing a compliance greater say when budget conversations turn to systems and staffing upgrades.