Firms’ 2020 compliance workplans and risk management strategies have been rendered redundant as the regulatory response to COVID-19 has usurped everyone’s agenda. Regtech companies tracking COVID-19-related regulatory publications say more than 1,300 announcements have been made internationally as regulators roll out pandemic-specific guidelines and relax some rules to help financial institutions manage their businesses.
“If you look at the 1,300+ documents we have gathered from global regulatory sources on COVID to date it’s a wall of information which needs to be tied back to current plans – and quickly. The challenge is that publications are coming out just as fast as new information on the virus itself. You can search for any topic — COVID and AML, COVID and risk — and there are scores of documents,” said PJ Di Giammarino, chief executive at JWG-IT, a regulatory think-tank in London.
The COVID-19 thematic dashboard at Corlytics, a regulatory analytics company in Dublin, picked up more than 75 publications in just 24 hours on April 2. Hot topics flagged by the system include capital requirements, business continuity planning and regulations relating to remote working. Topics such as benchmark rates, foreign exchange and quantitative easing are also bubbling up. Insurance and reinsurance issues are arising as are concerns about a possible rise in incidence of fraud, according to Corlytics.
“15% of prudential regulations [globally] have been wound down or changed. It’s incredible,” said John Byrne, chief executive.
Determining a COVID compliance response
Some firms will have had plans for compliance and risk set out for 2020, while others may not. Now tracking all the regulatory policy changes and applying them to their businesses while most staff are working from home is going to be a huge and difficult task for firms hoping to come out the other side without too many nasty surprises.
“Firms need to quickly create some order from this chaos and establish who owns what piece of the COVID response, how this effort is linked with current [business as usual] and what 2020/21 change plans are affected. A good [chief administration officer/chief operating officer] would ask the business and compliance to agree a new resource plan for the year that accounts for what new work is going to take the place of budgeted work and where the gaps are against expectations which the regulators are maintaining. In theory, we still have Brexit and CMU/MiFID III to wrestle with this year,” Di Giammarino said.
Risk planning out the window
The UK’s Coronavirus Business Interruption Loan Scheme (CBILS) designed to help small- and medium-sized businesses weather the pandemic is a good example of how banks’ risk management plans perhaps set in late 2019 will need to be reconsidered. While these loans come with 80% government guarantees, for banks they will mean lending to customers in circumstances when they might normally decline applications.
“Some major strategic shifts will take place. When we start talking about underwriting business loans that should have had a business case anyway but firms are supposed to hand out the money what’s that going to do to Tier One capital ratios and all my risk appetite planning?” Di Giammarino said.
UK firms will need to think differently as the regulators suddenly have allowed customers to request mortgage and credit card payment holidays. Questions remain about what will their books will look like after customers push off payments for three months, while interest still accrues and whether payment holidays delay inevitable default. Risk managers and modellers need to evaluate these considerations.
Developing remote-working policies on the hoof
Large-scale, long-term remote working was not envisioned by most firms’ business continuity plans or their working from home policies. Some firms have had to start from scratch setting up employees at home. Then, there are the many risk and compliance difficulties firms need to rethink in the home working complex. That can be something as simple as a ban on printing documents to the more complex such as rules around how trading from home will work. Firms in some cases are having to figure out these problems as they go.
“Some companies have always been geared up for home working, but some haven’t. Those that haven’t need to provide policies and sensible procedures for employees working from home, developing how-to guides in terms of remote working. They are also looking to raise awareness of cyber risks because hackers know a lot of people are working from home and there are a lot more phishing attacks,” said William Long, partner at law firm Sidley Austin, in London.
Firms will also need to consider regulatory statements on home working and key workers and document decisions. Last week, the UK Financial Conduct Authority (FCA) recommended that the chief executive (SMF1) decide who is designated as a key worker, it will leave it up to individual firms to decide the most relevant member of the senior management team for the task of overseeing key workers. Decisions will have to be revisited as more employees are affected by the novel coronavirus. As with any other action taken during the pandemic, boards and senior managers should ensure they document the reasons for assigning particular job functions or individuals key workers status.
“Employers should take every possible step to facilitate their employees working from home, including providing suitable IT and equipment to enable remote working,” the FCA said on March 30.
This article originally appeared in Thomson Reuters Regulatory Intelligence on 7 April 2020