As the pandemic will appear to linger into the Fall, many positions will continue to take their form as fully or partially remote. For the Chief Compliance Officer (CCO), where oversight and supervision of employee activities is paramount to the success of the position, the remote environment brings particular challenges. To help CCOs recharge for their responsibilities and to handle the challenges presented in a remote work environment, FrontLine Compliance is republishing its BoardRoom post, “How the Remote CCO Succeeds.” We hope this guidance continues to provide a valuable measuring stick for the remote CCO.
Yes, the COVID-19 pandemic has been a disruption to both our personal and work lives. And during this difficult time, many CCOs are now working from home and doing the best they can to balance work and home life. For many, this has been a true challenge in the face of limited support and resources available to them from their workplace. Our BoardRoom discussion focuses on certain challenges remote CCOs encounter when supervising remote employees. As a CCO, under Rule 206(4)-7 (the “Compliance Rule”) of the Advisers Act, supervision of the compliance program and its supervised persons is critical to fulfilling firm obligations under the Compliance Rule.
So you are now a fully remote CCO with none of your fellow co-workers in your sights. With other employees working remotely as well, the supervision aspects of monitoring them for compliance is more strained. Certain resources may no longer be available to you or other compliance staff outside of the office or access is limited in some way due to system settings or firm firewalls.
During a time of crisis, it’s important to know how to prioritize your activities. A CCO’s role is vast and covers many areas so knowing what needs to be at the top of the list when everyone is remote is key. Here are the main questions to consider in the remote work environment:
- Data Security. Is your firm and client data safe?
- Access to Critical Systems. Do those that need access to specific systems in order to perform their duties have secure and reliable access to those systems?
- Communications. How are employees communicating with each other and supervisors, as well as externally?
- Training and Oversight. Can Compliance oversee the various functions it needs to monitor for fraud, insider trading, or other compliance violations? Do all employees know their responsibilities under the compliance program?
- Meeting Deadlines. How do you stay on track with your compliance deadlines (i.e. reporting, filings, Annual Compliance Review, etc.) and keep other employees on track as well?
The BoardRoom will give you some initial tips to address the above points successfully. A more complete guide and answers to your questions will be available in our upcoming virtual chat session on this topic. Also, see our specialized Remote Program.
Tip #1: Connect with IT
Engage your IT department to meet with you weekly via a scheduled call or video meeting to discuss how the deployment of your Business Continuity Plan (BCP) and Written Information Security Plan (WISP)/Cybersecurity Plan is working. Focus the call on breaches (if any), incidents recorded, types of issues encountered, email concerns (phishing), remote trading processes, client facing or client data systems, and network security. Keep the meeting short; no more than 30 minutes as your IT is likely very busy now.
Tip #2: Verify Mission Critical Systems
Check and verify which systems are considered mission critical. These should be outlined in both the BCP and WISP. Then note who uses those systems. Contact the employees that have the most responsibility in utilizing the critical firm systems and engage them in a conversation that gives you feedback on how they are working remotely. Are they complaining or are they going about their job? Find out what is working and what is not. For example, if a trading system is not working as intended, is slow, or certain reports or audit trails are not accessible than that is a compliance issue. Many trading and operational issues that occur at a firm turn into compliance issues if not addressed. It’s your job to know. Again, set up regular meetings with mission critical employees that utilize those systems, so you are in the loop when issues pop up.
Tip #3: Communicate Effectively
We all understand the importance of communication and yet we all get it wrong, at least some of the time. Most firms use email, instant messaging, and perhaps text as primary communication tools. Since Compliance must monitor firm communications, you most likely are well informed as to how employees communicate under normal conditions. However, these are not normal conditions and additional reviews are necessary.
Think about your own communication with your supervisors and the employees you manage. How is that going? Do you feel connected to your teams or is everyone siloed? Regular communication among teams must occur in order to keep everyone on the same page and focused on business goals during this difficult time.
Many firms have proprietary workflow systems via SharePoint or some other system that allows for collaboration and structure of certain workflow processes to create efficiencies and oversight. If your firm utilizes one or more of these tools make sure everyone is on board and actively using them as required.
Tip #4: Implement Regular Training
A compliance program is only as good as its weakest link and its weakest link is often people. Investment professionals are not compliance minded by nature. Their job is to make money for the firm via trading or deal making and compliance if often an afterthought. That afterthought has now been pushed even further down the list in the remote work environment.
Firm-wide training will help push compliance up to the frontlines. Every firm should engage in firm-wide employee training via a video or other online platform meeting system. Now is the time to remind all employees of their obligations under the compliance program. Key areas to focus on should include:
- First and foremost, communicate on how to best reach you, the CCO, quickly. Also, provide your daily availability, should that be altered by your current home office situation. Be sure to inform employees on the types of scenarios requiring compliance approval or input. Utilize group emails, provide case studies and examples, and pursue feedback. Everyone should have your cell phone in their Favorites!
- Firm Trading Restrictions. Cover prohibited transactions and types of trades that may flag out to compliance; make sure that process is happening and that compliance is aware of any hard overrides.
- Personal Trading. Review the Code of Ethics (COE) and key elements of employee trading restrictions and any preclearance requirements.
- Data Security. This is the time to reinforce the WISP and remind everyone of the risks of electronic communications and system protocols such as multi-factor authentication – and get IT involved on this training topic.
As the CCO, this is your time to shine. You are a leader of your firm. By successfully managing the compliance program during a time of crisis, you will be unquestionably recognized as such.
(Originally published April, 20, 2020)