Open in app

Sign in

Write

Sign in

Can we see a hint of the future of compliance in the new work-from-home world?

Matthew Van Buskirk
Hummingbird Regtech

--

The Corona situation has put pressure on the entire financial services industry but has an outsized impact on teams that do most of their work with on-premise technology. Compliance teams are among the hardest hit. We all have business continuity plans in place, many of us may even have had a pandemic plan before recent events, but most plans involve shifting to alternate facilities or limited work-from-home for specific personnel. Only rarely does a plan account for the possibility of a complete shift to a work-from-home stance for weeks or months.

Forward-thinking financial institutions will have already implemented means of connecting to their office workstations from home through VPNs or virtual machines but, as anyone who has had to rely on these tools can attest, they are often tricky to work with and can cause a material drop in productivity.

In times like these, we may be able to see a hint of the future of compliance in the way that the most sophisticated fintech companies operate. In my prior role running the compliance team at a fintech company, we had an unanticipated live-fire implementation of our business continuity plan on a day when a large European bank was arriving on-site to perform diligence in advance of a potential partnership. A construction crew in our neighborhood accidentally cut power to the entire district about thirty minutes before our guests arrived. As it turned out, the biggest challenge was not keeping our service up and running or staying on top of new transaction alerts; it was finding a conference room with power in a nearby hotel where we could host the meeting. Since our entire compliance stack was hosted in the cloud, we just sent the teams home to continue their work. At the end of the day, the bank’s diligence team was able to joke that they could check business-continuity off of their list since they had seen it implemented in person.

The pandemic is stress-testing our compliance programs at a scale that we have never seen before. Even the post 9/11 office relocation drills did not account for the possibility that every office site across the country may not be accessible. Coming out from this, we will all have learned a great deal about the strengths and weaknesses of our programs and will have an opportunity, if we take it, to push for the adoption of newer technology.

Could this be the event that triggers a shift from a regulatory focus on risks associated with innovation to the dangers inherent in legacy technology? The “if it isn’t broken, don’t fix it” paradigm no longer applies when we can see how broken things are.

Beyond the recommendation that we view this as an opportunity to replace aspects of our programs that have been found to be vulnerable, we also wanted to provide some thoughts on things to consider in the short term. There have been a large number of articles with tips on how to navigate the COVID-19 business landscape, so we will keep this brief.

So, what do we do if we are discouraged from going into the office for a protracted period?

  • Managing regulatory timelines: On-premise solutions are inherently vulnerable to disruption — have you analyzed your remote work tools to see whether there is a material drop in productivity? Is there any impact on your projections that could cause your team to start missing regulatory deadlines? (If you are worried about keeping on top of your BSA filings, consider reaching out to FinCEN.) Should you extend your forecasts out beyond one to two months?
  • Staying ahead of evolving customer risk: Have you considered how the “normal” behavior of your customers may shift during a pandemic? Are your risk assessments and monitoring algorithms ready for dramatic changes in behavior?
  • Keeping on top of your team’s workload: How does your team stay on top of tasks? Are you reliant on emails? Should you consider tools that can cut across multiple queue sources to avoid dropped balls?
  • Staff augmentation may be needed: Do you have enough staffing capacity to continue to perform required functions if a meaningful percentage of your team is out sick? Do you have staff-augmentation support options in place and, if yes, are they impacted by the shift to remote work?

I hope that this has been helpful and that we will someday look at these times as a turning point in our ability to get the resources we need to start to modernize compliance technology. In the words of a friend of ours: “compliance people deserve good tools too.” It is our mission to empower compliance people with better tools so they can focus on doing what they do best — keeping people safe and stopping the bad guys.

Please feel free to reach out to us at info@hummingbird.co if you have any resources or tips that you have found useful — we would love to hear them. You can also find us at hummingbird.co

--

--

Matthew Van Buskirk
Hummingbird Regtech

Written by Matthew Van Buskirk

108 Followers
Editor for

Regulatory futurist, advocate for open-source regulation, and Co-Founder & Co-CEO of Hummingbird Regtech. We build superpowers for compliance professionals.