Compliance in the Age of COVID-19

Published On February 16, 2021

COVID-19 has wrought chaos across the business landscape and upended every function. Few departments have felt the impact more than compliance.

The COVID-enforced shift to remote working has created major compliance challenges for firms, and as the threat landscape for market abuse has irrevocably changed, regulators say surveillance must evolve in parallel to the new risks that are emerging.

Julia Hoggett, Director of Market Oversight at the UK Financial Conduct Authority (FCA), has warned compliance functions that their obligations through the pandemic haven’t changed, but the way they monitor communications should. 

“What constitutes inside information may change radically during the pandemic,” Hoggett said. “Knowledge that an entire businesses’ operations would have to shut, or indeed could open again; knowledge of whether a company had utilized the furlough scheme or any of the pandemic lending schemes; information about the pace of cash flow burn — all issues that might either not have come up in the past, or not have been material, but which now are.”

Being alert to what information is likely to move valuations, and bring a potentially wider range of issues inside the realm of disclosure, will be key to remaining within the boundaries of the law, she said. This means scanning for a much broader range of words and phrases, and having a new set of alerts and more advanced algorithms in place to scan for disclosures. 

Hoggett said: “Whilst the fundamentals of the market abuse offenses are constant, the ways in which the risk may manifest are not. The manner of surveilling for them must, therefore, also change.

“There is no doubt that the job of managing alerts is made considerably harder by a rise in the volume of alerts driven by the volatility we experienced and hence appropriate calibration of any alerting protocol to take account of the market context is reasonable.”

Brexit has already caused uncertainty surrounding the UK’s future trading relationship with the bloc, with regards to flows of capital and data, so the added headache of having to increase monitoring of remote workers is likely to make the role of compliance staff even harder in the future.

“As firms have adapted to the ‘new normal’ during the pandemic, with large numbers of employees working from home, the challenge of handling inside information appropriately has become even more acute,” said David Hamilton, a financial regulatory lawyer at Pinsent Masons. “Policies and procedures originally designed to manage the flow of this information within the four walls of an office have now had to be applied more widely in the context of homeworking.”

With typically expert timing for overworked compliance officers, the European Union is also updating its flagship insider trading regulation.

The European Securities and Markets Authority (ESMA) recently published a review of the Market Abuse Regulation (MAR). It is the first in-depth review of MAR since its implementation in 2016, and its recommendations will feed into the European Commission’s forthcoming update of the regulation.

ESMA believes the regulation is working well and is fit for purpose, in stark contrast to suggestions it may be watered down in response to the current climate. Instead, a series of amendments have been introduced to further clarify and, in some cases, strengthen the rules.

ESMA and the FCA are broadly aligned in their thinking, and thankfully for compliance executives, any split in regulatory approaches is likely to occur in the distant future.

What firms can expect is an update to definitions of market soundings (or trader chatter as it is more commonly known); benchmark provisions and the interplay between MAR and other investment undertakings, and a strengthening of powers for national regulators to exchange information with tax authorities. 

Inside information and disclosure definitions are likely to be updated, and so firms must be aware that what constitutes a disclosure, or non-material information, is likely to change.

Regulating on the back of a crisis is unusual, and generally not considered helpful to businesses given how quickly things can change again.

However, such has been the all-encompassing impact of coronavirus on the global economy that there are likely to be updates that can be tied to the thinking that has emerged through the pandemic.

Different Work Environment, Same Regulations

Hamilton said: “The FCA is making it loud and clear that just because an employee is working from their kitchen table, rather than their office desk, the regulatory obligations with regard to managing market abuse risks that both firms and their employees are required to meet are not diminished. This does not mean that a firm will necessarily be able to prevent every single breach.

“But it will need to make sure that it has robust and proportionate systems and controls in place to identify, monitor and escalate market abuse issues and regulatory breaches as and when they arise — whether in the office or at an employee’s home.”

Surveillance teams will have to be particularly vigilant for transactional discussions that concern distressed debt markets, where inside information is not always as clearly demarcated as in equity markets. “There is the potential for misuse of that information to occur, particularly in relation to credit restructuring talks,” Hoggett said. 

A further revision of the FX Global Code (a set of global principles of good practice in the foreign exchange market), is also due. Analysis of which will feed into the updated market abuse rules at EU level. Regulators will be putting more pressure on financial services firms to improve their culture and root out bad behavior before it crystallizes into a more serious issue.

“Having a culture that minimizes the risk of poor conduct taking place in the first place remains critical,” said Hoggett. “It is important that staff are conscious of the role they play as the first line of defense.”

ESMA has also identified factors that may be considered when assessing if specific pre-hedging poses risks of market abuse and of violation of conduct rules. The regulator hints at a review of pre-hedging in the future, considering specific circumstances, such as its importance for illiquid instruments or the consequences of pre-hedging activities on the markets.

Rules around buy-back programs are to be updated, as are insider lists and manager transactions, and an update is expected relating to retention periods for personal data. Compliance teams have also been forewarned that a framework for cross-market order book surveillance will be established, which is likely to mean more intelligent technology is required for the additional reporting. 

The regulators are also mulling the introduction of common rules on the need for EU states (and likely the UK too, for now) to provide administrative sanctions for insider dealing and market manipulation. 

In short, penalties for market abuse breaches will be much larger and wider, with sanctioned parties restricted as to their future trading within the bloc. Not only is the work of compliance and surveillance functions getting harder, the punishments for lax operations are about to get tougher too.