Supervision in a Pandemic and Post-Pandemic World

At the onset of the pandemic in early 2020, firms were forced to pivot quickly into a remote working environment.  While business continuity plans had been repeatedly tested for a shift in location from the primary location, no one understood the enormous burden placed on supervisory efforts in an environment where even an alternative work location was not possible.  Financial professionals were forced to work in the remotest of conditions, away from other similarly functioning locations, such as a home office.  FINRA’s rules of supervision, for the most part, did not contemplate the circumstances in which the world found itself.  Fast forward two years and much has changed about how and where business is conducted. Where do we go from here?

How the Pandemic Shaped the Future

As a result of the pandemic, financial services, along with the rest of the world, transformed itself into a highly digitized, remote workspace where the minimally required equipment is a cell phone, laptop and an internet connection.  Financial professionals can now call any location their “office”; however, regulations have not supported this environment for the long term.  The pandemic has accelerated the widespread use of compliance and workplace technology allowing financial professionals the ability to do their job outside of the four walls of a brick-and-mortar location.

During the pandemic, FINRA, along with other regulatory bodies at both the state and federal levels have offered temporary relief in order to meet the needs of investors while considering the safety of every individual.  In relatively short order, firms and financial professionals have adopted technology and forward-thinking, innovative ways to conduct business as no one was certain how long the world would be “closed”.  Meeting with clients in a virtual environment quickly became the norm.  Supervision processes and technology were put to the test and adjustments were made to handle workflows. Though not completely seamless in every circumstance, more often than not, adapting to the new way of life was less bumpy than anticipated.

With regulatory relief beginning to expire, FINRA has turned their focus to supervisory enhancements in the modern digital era.  There are a couple of proposals in the comment period focused on providing an evergreen solution to keep up with technology and the modern way of conducting business.  The first proposal SR-FINRA-2022-019[1] seeks to amend the definition of office of supervisory jurisdiction (“OSJ”), while the second one SR-FINRA-2022-021[2] introduces a Remote Inspections Pilot Program to take advantage of widespread advancements in and adoption of technology.

Firms and their compliance departments should monitor the outcomes of these proposals and then make any needed adjustments to their internal protocols.

  

The Proposals

SR-2022-019 proposes changes to the definition of an OSJ, branch office and non-branch locations.  FINRA Rule 3110 outlines the supervisory practices broker dealers must adhere to when conducting business.  OSJ’s are designed to supervise financial professionals in their sales activities to ensure these activities are conducted in a manner consistent with rules and regulations, including the firm’s own policies and procedures.  Currently, how FINRA defines each of these offices is determined by the work being performed in each location.  The proposed rule change to adopt Supplemental Material .19 (Residential Supervisory Location) would supplement Rule 3110. It would align FINRA’s definition of an OSJ and the classification of a location that supervises non-branch locations with an existing residential exclusion, would treat a private residence where an associated person is engaging in specific supervisory activities as a non-branch location, and would require periodic inspections no greater than once every three years instead of annually as required for OSJs.  The proposal contains certain requirements as well as ineligible locations, whereby firms would need to make an assessment to ensure the location qualifies under the proposed rule.

SR-2022-021 proposes a voluntary, three-year remote inspection pilot program to allow member firms to elect to fulfill their obligations under Rule 3110(c)[3] by conducting required inspections of some or all branch offices and locations remotely without an on-site visit to such office.  With new and innovative regulatory technologies including artificial intelligence and robotics process automation, among others, FINRA notes that firms are taking advantage of these tools and significant advances in technology, thereby allowing them to supervise in a more efficient and effective manner.  The regulatory body seeks a period of monitoring firms participating in this program to further develop new supervisory protocols, rules, and requirements for the future. After all, these supervisory systems were used during the pandemic, they should be able to be strengthened for the use in a post-pandemic environment.

If these proposals are approved, this could lead the way for future revisions in other rules.

 

Considerations for Remote Supervision

As firms navigate the remote environment, whether to return or not to return to the office on a part-time, hybrid, or full-time basis, supervision of associated persons is paramount to investor safety.  Firms should undertake a thorough review of the “lessons learned” as a result of the pandemic and shifting workforces away from the traditional office.  Determine what worked, what the challenges were facing associated persons, supervisors, and firms along with what should be improved to accommodate a continued remote environment in the future.

At the bare minimum, considerations should be given for enhancing both operational and compliance or supervisory technology, cybersecurity protocols and challenges for oversight of associates and supervisors working remotely.  The firm should also evaluate what other firms are doing to enhance their protocols as well.

Practical considerations to remote supervision should include the following:

 

• Dust off those business continuity plans! Review ALL components of the plan and test it on a regular basis.  The beginning of the pandemic forced all firms to enact, ready or not, their plans.  What issues were found?  Routine testing will uncover vulnerabilities and allow the firm to pivot where necessary.  Ensure that there are protocols not only related to issues such as natural disasters, but also for pandemics and other unanticipated business disruption scenarios.
• Confirm and reiterate with all levels of the organization, including the leaders of the supervisory efforts that the firm is still obligated to implement a reasonably designed supervisory system – regardless of the changes in the financial services landscape. At the onset of the pandemic, this was not an easy feat and it forced firms to remain flexible with the “how” to get it done, but not flexible with the fact that effective supervision must continue.
• Firms must document all changes made to policies and procedures (even those that are temporary) as regulators will want to know what WSPs have been in place throughout the pandemic operations as well as future remote environments.
• A critical piece to this puzzle is ensuring that all employees and/or remote financial professionals provide accurate data to the firm of their working location and the details of what activities may occur at that physical location. As noted in the proposals above, some of the key metrics in defining the type of office, the requirements for registration and the protocols going forward for supervision hinge on the activities being performed at the location.
• The word “communication” cannot be stressed enough in the post pandemic operations. Confusion due to a lack of communication and clarification will lead to risk and potential inadvertent violations of the firm’s WSPs.
• Increased scrutiny on cybersecurity and implementation of elevated levels of privacy and security is a must. Utilization of and access to firm systems via home networks or potentially a less secure access point elevates the risk not previously considered when individuals only accessed the network in a physical location controlled by the firm.
• Ensure surveillance mechanisms, such as email review, transaction review, and other activities requiring monitoring are robust and fully operational. Include routine training and reminders of the obligations of associated persons regardless of their work location.
• Clearly communicate the expectations of employees and supervisors, stressing that standards do not change with a location change. Accountability to the work and the firm are paramount to the success of the supervision process. Regularly conduct scheduled meetings with staff, such as individual, team, department, and town hall gatherings.
• Implement easy to use systems and processes such as approved instant messaging platforms for ease of communicating with team members and leaders. Analyze data to routinely assess productivity including completion of required tasks, duties and determine bottlenecks or roadblocks.
• Stress an “open-door” policy with leadership. Associated persons and supervisors should feel that they have access to supervisors and managers on a regular basis to maintain a consistent message.  Seek feedback from those that are on the frontlines.  This feedback will be invaluable as the firm continues to enhance its supervisory efforts.

 

One of the most important components of supervision is to understand what works, what doesn’t work and maintain the flexibility to change directions when needed.  Document the supervisory efforts made in the firm’s books and records for production during an examination.  Regulators have high expectations; however, they are looking for effort, not perfection.  Continuous improvement is necessary to discharging the duties of compliance and supervision.

The team at Core Compliance can assist firms with developing WSPs and supervisory structures. For assistance or more information about our services, please contact us at info@corecls.com, at (619) 278- 0020 or visit us at www.corecls.com for more information