Controls during the Covid19 lockdown

by Yawer Shameem

Head of Compliance Advisory – Pakistan

The past few weeks of lockdown in response to the Covid19 pandemic has everyone (individuals as well as corporations) stick to the basics, cutting down on what is not considered essential or urgent. Companies in the financial services sector at this time are rightly concerned about meeting revenue targets and the health of their portfolios. Many regulators too across the globe have allowed the institutions that they regulate some breathing space. Travel restrictions have reduced the number of “on-site visits” by regulatory auditors, inspectors, and reviewers. While all this breathing space is welcome, this does not mean that the underlying risks have somehow disappeared. On the contrary, the risk of Money Laundering, Terror Financing and Fraud not only continue to be present but in some cases have been exacerbated. While Covid19 has driven a lot of businesses towards “online” transactions, and we have seen a greater acceptance of data sharing and increased reliance on technology to communicate, these changes have brought about greater vulnerablity to cyber fraud and a host of information security risks.

The digital workplace may have risks associated with it, but at the same time it also offers solutions for the control functions and regulators. The “contact free” economy that has emerged in response to the social distancing requirements, can also be leveraged by the regulators to continue their monitoring work remotely using the digital tools that are now available.  While long distance international travel is restricted to countries trying to get their stranded nationals home, local travel at a somewhat reduced rate is still happening. In the case of large multinational financial institutions, their “home regulators” can leverage on regulators in the “host” countries to share some oversight responsibilities. Similarly at the corporate level the control functions within an organisation, like risk, audit and compliance will all have to make use of the digital tools that the marketplace now has to offer and leverage on pockets of control within the company at geographical locations away from the head office. On the same lines, appropriate changes in institution’s infrastructure will be required to enable the remote monitoring and work from the home environment. Additionally changes will have to be made in the way we manage sensitive roles such as “compliance monitoring” and “audit” which were traditionally only allowed to be performed inside the office premises.

All this has to be achieved while making sure that the governance requirements are met. This means that audit plans and compliance monitoring plans earlier agreed with the board, will have to be amended and approvals obtained remotely. All such actions have to be clearly documented with an audit trail. Financial institutions will also have to demonstrate through board agenda and minutes that the control functions remained in equal focus compared to business during more “normal” times.

The changes that we see emerging today are fast becoming the new normal. What will never change however, is the importance of control functions.