Working from home – time to review the compliance risks?
Has there been any occasion in history that’s forced firms to change their business models faster than COVID? Not only were the ways of interacting with customers changed overnight, but in the case of some firms they literally moved tens of thousands of staff to working from home (WFH) overnight. Of course many firms had robust business continuity plans, particularly after the tragic events of 9/11, but most of these plans involved staff transferring to a new physical location that was primed for staff seamlessly carrying on their jobs. Nobody was expecting whole businesses, behemoths like Barclays or Natwest, to become fully remote - but on the whole they have.
From what we’ve heard, the WFH experience has been successful for financial services firms. The shine of being at home every day may be wearing off, but most people can WFH successfully. We did hear stories of laptops being frantically delivered in March, but with these logistical problems now overcome, all firms were prepared when the Prime Minister changed his mind about going back to work. However, early on in the crisis it felt that the UK was following a more Swedish approach to COVID, but the decision to instigate a lockdown created many unintended consequences and one of these was heightened compliance risks.
On the 4th March 2020, the FCA published the following statement:
“We expect all firms to have contingency plans in place to deal with major events. Alongside the Bank we are actively reviewing the contingency plans of a wide range of firms. This includes assessments of operational risks, the ability of firms to continue to operate effectively and the steps firms are taking to serve and support their customers…”
“…We expect firms to take all reasonable steps to meet their regulatory obligations…If firms are able to meet these standards and undertake these activities from backup sites or with staff working from home, we have no objection to this.”
Operational resilience has been tested to the limit and as time has gone on more questions have developed. Many of these have focuses on supervision and security and include:
- What are the data risks of individuals who live in shared accommodation? Traditionally offices have been the best environment for protecting data and sensitive conversations, but today these conversations are happening in private dwellings. Do we know who lives with who and what the specific risks are?
- What are the jurisdictional risks? Many people are now working in other jurisdictions, some of which aren’t covered by GDPR and again data is in homes.
- Were firms able to arrange call recording during lockdown?
- Are home network firewalls sufficient to protect data?
- How do firms supervise without impinging on an individual's right to privacy? Particularly if individuals use work laptops to check personal emails etc
- What printing permissions are required and what is the process for secure data destruction?
We feel that flexible working will be an essential tool in attracting top talent when the situation around COVID normalises. Results from our survey “the future of the world of work” lead us to believe that a blended week of 2-3 days in the office with the remainder at home will work well for most firms. Therefore, firms now need to consider the long term implications of WFH and review their compliance policies and procedures to now account for these new factors.
Share this Post