What ‘the New Normal’ Really Means for Compliance
Compliance programs were quite the hodge-podge in 2020: a jumble of improvised procedures, changed priorities, and revamped budgets, all thanks to a pandemic that forced hundreds of millions to work from home. Good riddance to that brutish experience, right?
Well, perhaps not.
2021 will be the year compliance officers try to normalize that jumble. We’ll need to put structure, workflow and automation around all the new policies and procedures we devised last year, because many firms now expect most employees to keep working remotely for most of this year — and possibly into 2022 and beyond.
That’s what people really mean when we utter that cliché, “the new normal.” Firms are accepting that at least some adjustments we all made to the pandemic will be permanent, and widespread working from home is likely to be one of them. So, compliance officers need to optimize their programs for that reality.
Example 1: Surveillance Technology
Right away, this new normal means paying much more attention to surveillance.
Sure, surveillance has been a compliance priority for years, but at least when most employees worked in the same physical offices you had a certain “home court advantage” to monitor their activities. The pandemic took that advantage away. Compliance officers need to revisit their technology and data strategies to maintain that same surveillance capability, in a much more complicated work environment.
The good news, according to the 2020 Global Compliance Survey published by Nasdaq in December, is that most compliance officers are well-versed in the challenges of trade surveillance: 87 percent of respondents said they were “familiar” or “very familiar” with trade surveillance processes, and 68 percent used some sort of automated technology for the task.
The bad news is that compliance officers will now need to do the same for employee communication surveillance — and CCOs are on less certain footing there. Only 63% were familiar or very familiar with those processes, and only 43% said they use an automated tool.
The real challenges, however, will be integrating all that data (and more) into a single view of employee activity; and then building strong alerting and investigation workflows so you can act on troublesome activity. In the Nasdaq survey, only 27% of respondents had any ability at all to coordinate investigations between communication and trade surveillance.
Then consider that truly effective surveillance and supervision requires a blend of internal and external data and tracking that data across multiple applications, devices, and networks. Compliance officers have plenty of work to do in 2021 building a surveillance capability that can keep pace with the risks that our pandemic work habits have created.
Example 2: Employee Oversight
A permanent shift toward more remote working also has profound consequences for employee onboarding, training and monitoring.
You can see why the HR director or senior operating executives might embrace remote working now that we’ve all had a year to grow accustomed to it. The firm can expand its talent pool nationwide, give employees more freedom over their schedules, and cut down on real estate costs. What’s not to love?
Of course, compliance officers know the answer to that: more difficulty supervising employees, especially under-performing employees who might ultimately need disciplinary action or termination; more obligations around workplace protections and accommodations, which do extend to employees’ home offices; perhaps more reliance on independent contractors, whom you might never meet in person.
Compliance officers either found temporary policies and procedures to address those concerns last year or whistled their way through 2020 hoping for the best. But if your executive team decides to embrace a permanent shift toward remote work, you’ll need to devise permanent solutions too.
For example, you might need to expand your online training: both the library of courses you offer, and your policies about training so employees know their obligations. You might need more rigorous procedures around access controls to sensitive corporate data, including policies for lost passwords and forgotten user IDs. You might re-evaluate your reliance on internal technology to address those issues, in favor of cloud-based tech vendors.
Know what's coming in compliance
Perhaps the biggest priority of all for compliance officers this year will be to assure that whatever executive management decides to do as we all “embrace the new normal,” you’re included in those deliberations.
Only then can you break down 2021’s challenges into their component pieces: perform a risk assessment to understand exactly what challenges you face. Identify the best solutions that, as much as possible, automate compliance workflows and embed controls into business operations. Implement your plan.
We could say the same for any year because compliance officers have always had to survey changes in the business landscape and tailor their programs as necessary. Last year, however, we had to do that without any forewarning.
Let’s hope this year’s experience is a bit more, well, normal.
Share this post!
Matt Kelly
Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in the inaugural class of 2008 and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77). In 2018 he won a Reader’s Choice award from JD Supra as one of the Top 10 authors on corporate compliance.
Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015.
Latest posts by Matt Kelly (see all)
- Fostering a Better Climate for Employee Surveillance - July 6, 2021
- Electronic Communication: Lost in Translation - April 27, 2021
- What ‘the New Normal’ Really Means for Compliance - February 23, 2021
Smarsh Blog
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.
Watch it Work
Contact Us
Chat
Subscribe to the Smarsh Blog Digest
Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.
Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.
FOLLOW US