As we prepare to attend and exhibit at the 2022 FINRA Annual Conference, it’s a strange new world. This is one of the first in-person business events that many of us will attend in two years, and a lot has changed.
So, what is the same and what is different? Will our world be forever viewed as pre-pandemic and post-pandemic? (Yes, I’m being hopeful about the “post.”) As I read through the agenda for the 2022 FINRA Annual Conference, some new-to-me terminology is evident, including “left of boom” and “finfluencers” – certainly global threats and social media have left their mark.
Two compliance topics that have been influenced by the pandemic are working from home (WFH) and Bring Your Own Device (BYOD). The entire workforce has shifted, and what was once considered an exception is now the rule. Although these practices have been widely accepted, ensuring compliance when working remotely is an important issue for the FINRA community. Here’s a brief synopsis of the issues.
Remote and hybrid work is here to stay. One of the first questions asked when people started getting together with friends again was, “Are you back in the office, or still working from home?” The answer was almost never 100% back in the office. A study by Ladders shows that nearly 20% of all professional jobs are now remote, and that is expected to increase to 25% by the end of 2022.
For those companies embracing remote and hybrid workforces permanently, the impact on regulatory compliance will be significant, according to Payments Journal. One reason for the increased compliance risk is that people tend to behave differently when in their own homes as compared to in the office, where they may feel they are being more closely monitored. Casual conduct increases the compliance risk, and this is exacerbated by the influx of new devices and communications channels.
Although the term BYOD has been around for well over a decade, the trend of using your own personal device for work was in decline by 2018. However, when the pandemic hit, companies had to scramble, and many employees working remotely had to rely on their own personal devices – blurring the line between personal and business device use.
Yet even pre-pandemic, there has been an ongoing battle between regulators, banks, and employees over the use of personal devices in the financial industry. Late last year, $200 million in fines were levied around the use of employees’ personal devices for business purposes, including unapproved WhatsApp messages, texts, and emails that had been ongoing since 2015, CNBC reported. Federal law requires financial firms to keep meticulous records of electronic messages between brokers and clients. This is a safeguard so regulators can ensure those firms aren’t skirting anti-fraud or antitrust laws, and these unauthorized electronic messages represented a widespread record-keeping failure.
Certainly, changes in technology and where we work are topics on the minds of regulators, and I expect these will be widely discussed at the FINRA Annual Conference. This year’s FINRA report on Examination and Risk Monitoring the report is a tool to guide firms in developing their processes and procedures and largely reflects pre-existing guidance. (See key items summarized by McGuireWoods LLP).
One of those key items is regarding Books and Records and the increased use of electronic storage media (ESM) and cloud service providers. FINRA advises firms to ensure that they understand the full scope of their record retention requirements and how they will fulfill them in the ESM environment. FINRA advises that firms undertake thorough contract reviews and periodic testing to include conducting a simulated examination production exercise, to ensure that the vendor can provide the third-party attestation letters required by Exchange Act Rule 17a-4(f)(3)(vii).
That’s why we’ll be at the FINRA Annual Conference. NCC Group’s Software Resilience division will be exhibiting at stand #14 and will also have a virtual booth as part of this hybrid conference. Our Designated Third-Party (D3P) Compliance Service is used to meet regulatory requirements around the storage of electronic media and help you make sure you’re fully in compliance with SEC Rule 17a-4(f)(3)(vii) for broker-dealers and SEC Rule CFR Title 17 Section 240.17Ad-7 (f)(5)(ii) for transfer agents.
NCC Group is an independent third party that can access records in the event of an audit or request if the broker-dealer or transfer agent is unable or unwilling to furnish the information. This serves as a safeguard for our financial system. (As a note, if you’re looking for Iron Mountain at the conference, Iron Mountain’s Intellectual Property Management Group was acquired by NCC Group in June of 2021, including the staff and the service you already know.)
I look forward to seeing you at the FINRA Annual Conference, even if we are bumping elbows or waving from 6 feet away!
Article by Shawn Brazeau
