FINRA’s guidelines in a recent regulatory notice address a host of concerns around compliance while employees work from home. Smarsh’s Robert Cruz discusses what firms should be doing to address the latest FINRA guidance.
FINRA, the government-authorized nonprofit organization that oversees broker-dealers in the securities industry, recently issued a regulatory notice on how to manage a remote work environment during the COVID-19 pandemic. FINRA’s notice aims to help firms conduct the required oversight of all trading activity, even from employees’ home offices.
FINRA’s guidelines address such concerns as transitioning to a remote work environment, maintaining supervision across a distributed workforce and preserving strict compliance for the archiving of all customer communications.
Maintaining a strict compliance posture has become a challenge for many firms during the pandemic. The goal is to ensure that broker-dealers only use firm-provided and approved communication systems and tools. Necessary protections include email reviews, keyword surveillance and use of recorded lines for all conversations related to trading orders. Restrictions should also be placed on videoconferencing chats that would be subject to recordkeeping obligations, which firms cannot fulfill in a remote work environment. Taken together, those protections represent a heavy lift for many firms that were unprepared for the COVID-19 crisis.
Despite the current health crisis, the FINRA notice reminds firms that they must continue to implement a reasonably designed supervisory system that is appropriate for their size and business model. In addition, firms must memorialize in writing any adjustments made to their policies and supervisory procedures stemming from the pandemic.
When transitioning to remote work environments, many firms have implemented business continuity plans (BCPs) while closing branches and shuttering offices. Firms that relied on web-based tools, electronic document management systems and cloud-based services faced fewer difficulties transitioning to a remote work and supervisory environment. Other best practices included regularly testing remote connectivity, capacity, work processes and trading capabilities. Firms that made continuous updates to their BCPs and maintained fully live and connected disaster recovery sites also experienced a smoother transition.
FINRA officials noted several more helpful tactics related to remote work, including:
- Customer Assistance – Firms should enable customers to navigate branch and office closures by providing back-up contact information for the firm, branches and the people on firm websites and the representatives at their call centers. They should also redirect phone lines and voicemails to a centralized group.
- Move to Remote Work – Firms should implement certain remote work protocols to facilitate the transition, including location monitoring and shared contact lists for their assigned points of contact in compliance, legal, operations and other departments.
- Additional Support and Communications to Staff – Firms should facilitate conference calls and videoconferences for all staff so the leadership team can provide regular updates on operations and communicate clear guidance about firm expectations while working from home.
Getting Out in Front of Supervision Oversight During “the New Normal”
Most firms understand the challenges related to remote supervision, and many were prepared to remotely supervise their teams using supervisory checklists, surveillance tools, incident trackers, email review and trade exception reports. Certain firms that already maintained comprehensive remote supervision capabilities reported that they easily transitioned to supervising their associated persons in the new remote work environment.
In this climate, testing has become a critical element for general supervision oversight. Firms should be prepared to meet their supervisory obligations in a remote-work setting by conducting additional tests of their remote supervision capabilities. They should also perform a gap analysis between normal and remote supervision documentation requirements.
In addition, many firms have provided additional guidance and resources to supervisors by scheduling daily or weekly meetings for all senior leadership to give regular updates. Others are sending reminders to supervisors about ongoing regulatory responsibilities and applicable firm policies that are especially important in a remote-work environment.
Trading supervision is another area that deserves close attention. Some firms reported that their existing trading systems allowed them to successfully perform remote supervision, compliance monitoring and surveillance. In some cases, firms also implemented new trading tools that replicated or directly accessed traders’ office trading systems from the traders’ homes. In this way, they could provide supervisors with comprehensive remote-supervision capabilities.
Some firms enhanced their oversight of trading activity by implementing strict screening processes and additional supervisory requirements before approving any remote-trading capabilities. Others increased the frequency of their reviews, changed the existing thresholds for certain trade reports and alerts to increase the scope of their surveillance, or created additional alerts requiring traders to provide their rationale for certain activities.
The final supervisory activity involves the close supervision of customer communications. Some firms relied on their existing methods to supervise communications with customers, while others acknowledged the additional risks of remote-work environments. Those firms took extra steps to ensure that associated persons must only use approved communication systems and tools, such as firm email, messaging platforms and softphones with recording capabilities for staff requiring voice recordings.
By taking these necessary precautions and implementing clear policies and protocols, financial services firms can help protect their businesses, employees and customers from exposure to a range of harmful risks while managing a remote workforce.
