Work From Home: Risks and Regulations for the Age of Hybrid Work

Remote or hybrid working is the new norm, but it can be a bit of a nightmare for compliance officers.

As the UK emerges from lockdown many businesses are going back to work. However, this is not a complete return to normal. Business has changed. It is going “hybrid” with many people expecting to work from home at least part of the time.

According to YouGov, 37% of people surveyed say their business has adopted hybrid working systems. And according to PwC , just 20% of financial services employees want to work in the office three or more days a week once COVID 19 is no longer a problem. Deutsche Bank, HSBC, the Bank of Ireland and Google are all either adopting or considering work from home models. The pandemic has shown them it’s possible, and their employees clearly want it.

However, caught in the crossfire are the stressed people in the compliance department. Working from home presents a host of regulatory challenges and many firms do not appear to have gotten their heads around it.

Privacy

The first regulatory challenge relates to employee privacy. PwC’s data shows 70% of financial services firms think people should be in the office at least three days a week in order to preserve a sense of culture. Some managers also worry about staff productivity, with many adopting technology to monitor when employees are at their desks. According to another YouGov survey commissioned by SkillsCast, one in five firms plan to monitor staff as they work from home and admit to having installed the software to do this.

Aside from the obvious trust issues, these businesses could be in breach of GDPR. Under the Employment Practices code, employers will be liable to any damage suffered by their workers as a result of a breach by, effectively, spying on their staff. Data also suggests they may be doing so needlessly. Rather than shirking at home, employees are, for the most part, being more productive. They spend more time at their computers and get more work done, with no commute being just one of the reasons.

Security

Regardless of where people are working from, companies are expected to meet the same security requirements. This is challenging in a hybrid working environment in which data is moving back and forth between office and remote employees. Having people working from home also increases the number of endpoints coming into a system which in turn increases the risk of a data breach. In an office based working system in which every employee works on a fully encrypted device within the office, connected to the same wifi, maintaining defences is much easier.

Remote working multiplies the threats exponentially. In many cases, workers have been allowed to buy their own devices for work which may not be fully secured, and they are also using outdated versions of video conferencing software such as Zoom which has been shown to have serious security flaws. Many businesses are aware of these risks, but few seem to have done much about it. Recent research shows that 41% admit their remote working strategies may be in breach of data protection regulations and 45% expect a breach due to staff using devices which are not fully protected.

Regulators were more understanding early in the pandemic, but with remote work becoming permanent, they will be less understanding in the future. They expect firms to take all reasonable precautions to maintain security levels.

Slashing IT

The same study also found another alarming statistic: almost half of the businesses surveyed have frozen their IT budgets during the pandemic and around 37% say they have made IT staff redundant or have placed them on furlough. The problem is one of attitude. Many companies see IT staff as non-revenue generating and, as such, less important. However, the digital age has put the IT department front and centre. They are crucial in the fight against cybercrime. They ensure defences are at their strongest and they help to embed a culture of security throughout the organisation. Those firms that sideline them are leaving themselves wide open to attack.

Money laundering

The pandemic has also hindered firms’ attempts to prevent money laundering. The inability to meet clients face to face can make it difficult to assess suitability and regulators are back to their pre-pandemic stance, requiring firms to maintain the same high standards of defence as in normal times. It is essential for firms to ensure measures are in place to monitor compliance and put alternative methods into place to assess clients.

The hybrid future

Whether firms like it or not, hybrid work is the way of the future, although many are moving into this world without proper consideration of regulatory requirements. Some gaps they know about and appear to accept while others do not. Either way, going forward the message from regulators is clear: from anti money laundering to security and data protection, firms need to be as vigilant off site as they are on. Conforming to this message places pressure on compliance functions and accountable executives in a time of tough cost controls

There’s no easy solution to these challenges, but RegTech services such as Waymark’s Wayfinder platform have a role to play in easing workloads so that more time is available to address them: Wayfinder can cost-effectively free up compliance effort from regulatory tracking and change management, allowing a focus on the higher value problem solving that is required in this new environment.

Previous
Previous

The EU’s New ESG Disclosure Rules Signal Direction for the Future

Next
Next

New Operational Resilience Rules Present Challenge and Opportunity