RTO Effort Gets Unlikely New Ally As SEC, FINRA Step Up Security Safeguards
The slow slog back to the office may get a boost from a source usually blamed for holding business back: financial regulators.
Regulatory decisions from the Securities and Exchange Commission and the Financial Industry Regulatory Authority are playing into the decisions of major banks to bring some workers back to the office every day. These moves are being made even though the full extent of what compliance would mean is still unknown.
“With the expiration of FINRA's Covid-related relief on May 31, approximately 600 Citi colleagues who previously performed certain activities outside an office environment will now be required to work full-time from a Citi office location going forward,” a Citi spokesperson told Bisnow in an email.
The agency had rolled back some security restrictions in the early days of the pandemic to facilitate remote work. Those rules are now reverting.
In the four years since the first lockdowns, office use has not come close to pre-pandemic levels. Last week, office usage was 51% of pre-pandemic norms, according to card swipe data from Kastle Systems, which monitors building access in 10 major U.S. metro areas. Low utilization has had sweeping impacts for commercial real estate, especially owners of office buildings and their lenders.
Financial services firms like Goldman Sachs have tried to lead the return-to-office charge, but reports indicate varying levels of success. Now, though, changes in regulations could offer even more motivation to bring workers back, although some say the move is coincidental rather than causal.
Barclays, for example, will bring its investment banking staff back to the office every day beginning June 1, according to Bloomberg, but told Bisnow via email the decision “happens to coincide with new regulatory policies in the US that amends some flexible work practices that were permitted during and following Covid.”
It is not clear exactly what would be needed to comply with the changing rules, such as new policies and procedures, or if more technological solutions would be needed. The cost of compliance varies based on what each company would need. But it serves to reason that any distributed work model would be more costly.
“It depends, number one, on the size of the organization and the operations – what business they're actually in,” said Jerry Ravi, a partner in the risk and compliance services group at audit, tax, advisory and outsourcing firm EisnerAmper, of a proposed rule in the works to address cybersecurity. The number of employees with access to sensitive information and how they are accessing that information are other considerations.
“If you have an entirely remote workforce, the cost of compliance might be more expensive,” Ravi said.
For its part, FINRA said the expiration of temporary relief from some requirements it made to help businesses work remotely during the pandemic doesn’t necessarily mean investment bankers must come back to their offices.
“The new rules provide a practical and balanced way for firms to meet their regulatory obligations, while protecting investors, and acknowledging the need for greater workplace flexibility,” FINRA said in a statement released last week.
The rules from FINRA come into play as other regulations from the SEC are increasingly enforced and new proposed requirements around cybersecurity are slated to roll out. There were an estimated 482,000 people working in the sales of securities, commodities and financial services in the U.S. in 2022, according to the U.S. Census Bureau.
“The return to work is nothing new, but the SEC's ramp-up of enforcement action for off-channel communications certainly is,” said Phara Guberman, a partner in the Global Litigation Group at Cadwalader, Wickersham & Taft.
Off-channel communications refer to those that take place on a service or device that is not approved or monitored by a firm. Guberman co-authored a paper earlier this month looking at the potential for increased risk of off-channel communications when workers are remote.
Recent charges brought for insider trading have featured people exploiting the work-from-home environment to gain access to information and make investments based on that information. Some high-profile cases have arisen in the days since Covid began, including the husband of a BP executive allegedly trading on nonpublic information he overheard from one of his wife’s work calls. In another instance, a man allegedly stole information from the laptop of his girlfriend, who worked at an investment bank.
Guberman, along with Kenneth Breen, a partner in the White Collar Defense and Investigations Practice at Cadwalader, Wickersham & Taft, said remote work does bring additional risks for companies whose workers deal with material nonpublic information. This kind of information is commonplace for many public companies, including REITs, Breen said.
With companies still figuring out how often they want their workers to be in the office, protection of information is a consideration that would play into those decisions, Breen said.
If there is an increased risk of SEC investigations, there will likely be efforts to encourage workers to come into the office, where oversight and regulation of communications are easier, Guberman said.
Guberman referenced SEC Deputy Director of Enforcement Sanjay Wadhwa's comments earlier this year about how the criteria taken into account when determining penalties for off-channel communications violations includes efforts to comply with requirements.
The SEC considers a firm’s efforts to limit off-channel communication when handing down a penalty for noncompliance, according to Wadhwa’s comments.
But the commission had concerns early in the pandemic about the risk for misused information, Guberman and her co-authors wrote. Those concerns have been borne out.
“In the years since, the SEC’s concerns have materialized in a string of enforcement actions against individuals who gained access to [material nonpublic information] as a result of the pandemic and misappropriated that information in pursuit of profit,” according to a Harvard Law School forum entry about the paper.
