Risks and regulations in the age of hybrid work
Remote or hybrid working is the new normal, but it can be a bit of a nightmare for compliance officers.
As the UK emerges from the lockdown, many companies are returning to work. However, this is not a complete return to normal. Business has changed. It is becoming “hybrid” with many people expecting to work from home at least some of the time.
According to YouGov, 37% of people say their company has adopted hybrid work systems. And according to PwC, only 20% of financial services workers want to work in the office three or more days a week once COVID 19 is no longer a problem. Deutsche Bank, HSBC, Bank of Ireland and Google are all adopting or considering working from home. The pandemic has shown them it is possible, and their employees clearly want it.
However, stressed people in the compliance department are caught in the crossfire. Working from home presents a multitude of regulatory challenges and many businesses don’t seem to get the hang of it.
The first regulatory challenge concerns employee privacy. PwC data shows that 70% of financial services companies believe people should be in the office at least three days a week in order to maintain a sense of culture. Some managers are also concerned about staff productivity, with many adopting technology to monitor when employees are at their desks. According to another YouGov survey commissioned by SkillsCast, one in five businesses plan to monitor staff while they work from home and admit to installing the software to do so.
Besides the obvious trust issues, these companies could be in breach of the GDPR. Under the Code of Employment Practices, employers will be liable for any damage suffered by their workers as a result of an offense by effectively spying on their staff. The data also suggests that they may be doing it unnecessarily. Rather than shying away from home, employees are, for the most part, more productive. They spend more time in front of their computer and work more, without moving around being just one of the reasons.
Regardless of where people work, businesses are expected to meet the same security requirements. This is a challenge in a hybrid work environment in which data flows back and forth between office workers and remote workers. Having people working from home also increases the number of endpoints entering a system, which increases the risk of a data breach. In an office-based work system in which each employee works on a fully encrypted device within the office, connected to the same wifi, maintaining defenses is much easier.
Remote work multiplies threats exponentially. In many cases, workers have been allowed to purchase their own devices for work that may not be fully secure, and they are also using outdated versions of video conferencing software such as Zoom, which have serious flaws in it. security. Many companies are aware of these risks, but few seem to have done much to address them. Recent research shows that 41% admit their remote work policies may violate data protection rules and 45% expect a violation due to using devices that are not fully protected.
Regulators were more understanding at the start of the pandemic, but as remote working becomes permanent, they will be less so in the future. They expect companies to take all reasonable precautions to maintain security levels.
The same study also revealed another alarming statistic: Almost half of the companies surveyed froze their IT budgets during the pandemic, and around 37% say they have laid off IT staff or put them on leave. The problem is the attitude. Many companies view IT staff as non-revenue generating and, as such, less important. However, the digital age has put IT at the forefront. They are essential in the fight against cybercrime. They ensure that defenses are at their best and help anchor a culture of safety throughout the organization. The companies that sideline them are leaving themselves wide open to attack.
The pandemic has also hampered companies’ attempts to prevent money laundering. Inability to meet clients in person can make it difficult to assess adequacy and regulators are back to their pre-pandemic position, forcing companies to maintain the same high defense standards as they normally do. . It is essential that companies ensure that measures are in place to monitor compliance and put in place alternative methods to assess customers.
The hybrid future
Whether companies like it or not, hybrid work is the way of the future, although many are moving into this world without giving due consideration to regulatory requirements. Some shortcomings that they know and seem to accept, while others do not know. Either way, the message from regulators is clear: From anti-money laundering to security and data protection, businesses need to be as vigilant offsite as they are. Complying with this message puts pressure on compliance functions and accountable executives in an age of tight cost controls.
There are no easy solutions to these challenges, but RegTech services such as Waymark’s Wayfinder platform have a role to play in lightening workloads so that they have more time to resolve them: Wayfinder can cost-effectively free compliance efforts from regulatory tracking and change management, allowing focus on solving higher value issues that are required in this new environment.