The COVID-19 pandemic has forced organizations to operate with a physically dispersed workforce. Employees are involuntarily working from remote locations. Due to the changing dynamics and demographics of modern work, enterprises have evolved to manage labour and talent, increasingly favouring automation. This shift, also known as digital transformation, helps organizations digitize manual work processes, freeing up time for employees to focus on more high-value tasks. Over half of executives say automating knowledge work is among their top priorities over the next two years.
Since COVID-19, the adoption of digitization and automation technologies has accelerated.
The clear trend is that remote working is fast becoming the norm, not the exception, bolstered not only by the advent of new modern workplace technology and collaboration software but by a workforce increasingly made up of millennials and Gen Z’ers. They expect to work remotely and even go as far as to make career decisions based on this. Remote work statistics for 2019 by Global Workplace Analytics found that:
- Digital natives are changing the dynamics of the workforce.
- The nature of work is moving from large, structured projects to unstructured, collaborative work.
- Enterprise teams are adjusting the ways they manage work to support digitization and the modern workplace.
- New digital tools are dramatically changing how we collaborate
According to a recent McKinsey survey, 85 per cent of respondents said their businesses have somewhat or greatly accelerated the implementation of technologies that digitally enable employee interaction and collaboration, such as videoconferencing and filesharing. Roughly half of those surveyed reported increasing digitization of customer channels, for example, via e-commerce, mobile apps, or chatbots. Some 35 percent have further digitized their supply chains, for example, by connecting their suppliers with digital platforms in supply chain management.
Compliance in a collaborative model
The interminable Work From Anywhere (WFA) trend has overall uncertain net effects on productivity, ethics, and compliance. This does not change the company’s obligations for regulatory compliance and oversight required to manage compliance risk.
At the beginning of the pandemic, many regulators, including ASIC have temporarily changed their regulatory work and priorities to allow regulated entities to focus on the impact of COVID-19 and focus on business continuity or supervision arrangements that may affect their ability to meet their regulatory obligations. This is to allow firms more time to:
- back-test tactical solutions and changes that were risk accepted during the pandemic under pressure. This is to ensure they are robust to avoid any inadvertent exposure to undue risk of misconduct or breach of law
- assess the ‘new normal’ – the enduring impacts of the pandemic – on flexible working practices and implications for the control environment
- review risk appetites and risk limits, including for offshored and outsourced functions, and adjust them where appropriate
- use stress testing and scenario analysis as effective risk management tools
- update BCPs to incorporate key changes, including the possibility of longer periods of remote working
- reflect on technological challenges encountered during COVID-19. Strengthen technological resilience and plan for any changes or improvements to existing systems and infrastructure
- assess the adequacy of measures that were implemented to address cybersecurity risk during COVID-19 and prepare for the risk of more attacks.
Operational risk & supervision challenges
With an explosion of new working tools and channels, there has never been a greater need to understand digital communications and its risk. But the volume of data that needs to be monitored has gone up massively. In any rapidly evolving environment, it is important that firms continually review their risk appetite and risk frameworks to ensure they address new risks and work arrangements. The pandemic’s experience suggests this should include controls to address outsourcing, information and data security, supervision, and conflicts of interest when working remotely.
Where staff are working remotely, there should be protocols in place to ensure a firm’s compliance with their mandatory recording obligations under the market integrity rules. Staff should be advised only to make calls using a software-based phone system that enables recording or to take instructions and orders by email and chat message, providing a clear audit trail. Only authorised communication channels should be used and this should be monitored. In the rare instance, this isn’t possible, the participant must ensure there is some form of written record. For risk mitigation, this should be followed by electronic confirmation by the client as soon as possible.
Where policies need to change to reflect the current conditions, they should be robustly reviewed and approved by compliance and other control functions to ensure they do not introduce any undue compliance, conduct or operational risk. For example, market intermediaries should carefully consider if it’s appropriate to have staff dealing with confidential client information while working from home. If they do work from home, they should be set up so they can’t be overheard, others can’t see their screens at home and phone calls are recorded (or there are other equivalent record-keeping arrangements). They should be required to lock their screen or log-off when they leave their computer. Market intermediaries should consider what additional monitoring of staff practices and behaviour is necessary when working from home (e.g. whether more or fewer calls are being made from work/recorded lines and whether login patterns change unexpectedly).
Privacy act & protecting personal information
Therefore, organizations are having to revisit their security posture to provide a safe remote-working experience that prevents data breaches. Not only should they address vulnerabilities to their own networks and the physical storage of data, but they will also have to face the fact that remote workers will inevitably have to move data between the corporate network, the cloud and the personal laptop. To protect personal data in transit from one location to another, regulations like GDPR suggests encryption to protect privacy and security and prevent leakage.
The regulators have warned that dramatic news coverage of viral outbreaks and pandemics can be an opportunity for scammers to pump inaccurate information into the marketplace to try to manipulate markets and investors. The coronavirus is no exception. Job loss, financial strain, and social distancing are conditions that present fraudsters with an opportunity to pounce.
For example, ASIC has warned to watch out for scammers who try to take advantage of coronavirus (COVID-19). Scams can take many forms, for example, phishing attempts. In the comfort of their own home, do your employees know what to do to protect themselves from such scams amidst the fear and chaos?
As and when we gradually emerge from the global pandemic, working from anywhere is predicted to become a core part of the new normal, and the processes laid down today will remain relevant for years to come. Organizations need to automate the risk and compliance process to alleviate the compliance and conduct risk failure challenges, reduce the cost burden and improve customer experience. Even if the majority of the workforce does indeed choose to return to the office, this investment for new collaborative work environment will ensure that organization can be confident that it’s prepared, should any similar event happen in future, and that it can offer more-flexible working practices should its employees demand it.