Dealing with unexpected tech risks

Side gigs and technology pose new challenges for compliance teams.

Risk sensitivities have evolved immensely in recent decades, and CCOs need to be prepared for unexpected risk exposures arising from evolving technology, audience members at PEI Group’s recent Private Funds Compliance Summit in New York.

One CCO at the event stressed the importance of asking employees about their social media usage, or what technologies they use and how they use them in any outside professional activities or side gigs.

“You have to be prepared for employees using technology in unexpected ways,” he cautioned. “I think we can all appreciate our sensitivity to risks was a lot different 15 years ago than it is today and that our employees are doing things differently today than in the past, and these new practices come with their own risks that firms have to be ready to deal with.”

One of his firm’s employees, for example, had a side job as a social media influencer, and his commercial partnerships posed possible conflicts of interest with some of the firm’s own investments.

“We’re a consumer company and that was an issue for us,” he explained. “This person had thousands of followers on social media and we had to tell her to cancel all of her agreements with various consumer brands because she was working with some competitive brands. No one at the firm expected that situation.”

That situation highlights the importance of the onboarding process, panelists agreed, so that employees understand and accept the firm’s policies, procedures and code of ethics.

“It’s a great time to get full disclosure from employees about their activities outside of work that may cause conflicts or be problematic,” the CCO said.

And firms should take steps to protect themselves, including having employees sign non-compete agreements, particularly if an employee has a side gig in the same sector in which the employer invests, and requiring employees to notify the employer if they plan to make additional income elsewhere.

As new and unforeseen issues arise, firms can use them as tools to educate employees about certain risks and the firm’s policies and procedures to mitigate those risks. It can also be an opportunity for firms to update their policies to address new situations.

But at the end of the day, it is the compliance team’s responsibility to prevent conflicts of interest and mitigate risks associated with tech usage, one GC/CCO attendee said, stressing the importance rigourously educating compliance staff.

“You really should use all resources available to understand the technicalities and get clarification on things that might not be clear,” she advised. “You, as somebody who’s in-house, needs to be knowledgeable enough so that you can oversee everything properly.”

She recommended reading online blogs or other educational resources, attending industry events, talking to peers about what they are doing and what issues they are having, and also just talking to technology vendors.

The CCO explained that he did all he could to “get educated” so he could understand his firm’s risk areas.

“My education really gave me the ability to do damage control. The risks we face from our employees and from technology are probably a ticking clock. You really have to take the necessary steps to understand potential issues, to understand technology and how your firm uses it,” he advised.

Going beyond engaging with employees to understand their tech-associated risks outside the firm, and understanding your firm’s technological needs, regular risk assessments should also be conducted in order to understand issues that should be addressed.

“By conducting these risk assessments, you can get a better picture of where your risks actually are,” noted one technology services provider. “Also, talk to your vendors and ask a lot of questions to understand your risks and find out what best practice is.”