On 25 May 2020, the Wall Street Journal shed light to the reality that corporate compliance departments – particularly in sectors most affected by the pandemic - are responding to the economic impact with layoffs and furloughs. According to the WSJ, this trend is bleeding to the companies less affected by the economic downturn where more conservative spending decisions are being made (i.e. hiring freezes and postponement of new technological investments, etc.).
These fiscally conservative compliance paths are not being taken due to diminished volumes, but more likely as a precaution surrounding the unknowns of the global economy as we move into the post-pandemic period. Since the digitalization brought on by the pandemic, the volume of risk and work is arguably greater and more complex. Ultimately, companies taking fiscal precautions are asking existing staff to do more and asking employees to do more with less may open your institution to more risk of error or susceptibility for bribery. A higher risk of fraud and failure can be expensive if they evolve into illegal activity or non-compliance. Corporations with the capability to voluntarily impose fiscal conservative policies for compliance must weigh those opportunity costs. With that said, the “risk-based” theme of regulatory guidance during the pandemic may allow companies to “have their cake and eat it too.”
Since March – particularly in response to the CARES Act and the PPP program – regulators have been issuing guidance encouraging financial services institutions to approach compliance with a “risk-based” lens acknowledging these times of digitalization and fundamental transformation of operations has created challenges to maintaining the existing compliance processes in the pre-coronavirus standard. It can be inferred that this “risk-based” guidance would ensure financial institutions would remain compliant and effective in fighting financial crime. It is no surprise that despite that hope this quarantine period has seen a myriad of new fraud schemes, data security weaknesses, and other financial crimes.
Nevertheless, adopting and adhering to a “risk-based” approach is a proactive way to try to minimize the risks of your organization for illegal activity and abuse if and when substantive changes must be made to ensure the business survives this economic turmoil. In the context of compliance layoffs and budget cuts for fiscal conservation, corporate compliance leadership should consider heeding the advice of regulators and concentrating their resources in a risk-based manner, such as:
- Revisit the internal risk assessment and recent internal audit reports to identify areas where human resources can be reallocated and technological resources dedicated, such as:
- AI resources for data-heavy tasks (i.e. customer identification, basic customer due diligence and transaction monitoring) v.
- Human resources for subjective matters (i.e. investigations, enhance due diligence reviews, and regulatory disclosures).
- Update and test internal reporting functions (i.e. whistleblower hotlines and MTA, where applicable).
“All of these factors are creating the perfect storm for fraud risk,” said Andi McNeal, director of research at the Association of Certified Fraud Examiners, a professional organization. Demands on corporate compliance teams have grown along with increased regulatory enforcement over the past decade, requiring a balancing act to maintain effective controls.