The pandemic forced the adoption of remote working overnight. Driven by changing behaviours and staff desires for flexibility, some form of remote or hybrid working looks set to become a permanent feature for most businesses. It is easy to assume that at this point on the journey businesses have considered everything needed. The pandemic caused organisations to make rapid unplanned changes and some of the early decisions taken may need to be reviewed in light of more permanent arrangements.
Pre pandemic most businesses had a limited, and in some cases non-existent hybrid or remote working environment. The pandemic forced organisations overnight to introduce new ways of working for staff that previously had not been on their strategic agenda. A large majority of businesses made the transition relatively smoothly given its significance. As we approach the second anniversary of lockdown 1.0 it is easy to assume that all the right thinking has already been done. In October 2021, the FCA updated their guidance around their expectations for firms. At Mirador we have focused on three key areas that we believe financial services organisations should consider in further detail.
- Governance; hybrid and remote working changes the way organisations govern their businesses. How do they ensure they continue to do this effectively?
- Supplier oversight; in a hybrid and remote working environment, a business must continue to demonstrate effective oversight of their suppliers
- Staff training; hybrid and remote working introduces new threats and challenges. Organisations must ensure their work force is trained and prepared for them
Hybrid or remote working is changing the way that business leaders need to think about how they govern their business. Staff are no longer guaranteed to regularly be in the same office environment and effective communication from senior leadership is more important than ever. Business leaders need to ensure that they are successfully communicating their messaging to staff. This is no longer just thinking about what they are saying, but how they are delivering those messages as well. In a world where the medium for communication can differ depending on the location of the member of staff, business leaders must think about how they deliver messages, how those messages may be received and the feedback loop surrounding it. Organisations must have a clearly articulated framework in place that sets out the appropriate technology to be used based on the type of communication and its content. For example, some “all staff” messages may suit being delivered via a broadcasting app like Yammer due to the informal nature of the content. Other messages, if more sensitive whilst still relevant to all staff, may be better suited to a small Teams or Zoom meeting or even a 121 meeting. This approach ensures team members feel comfortable engaging and providing feedback on the messages being communicated where they may not on a larger more public platform or meeting. In a virtual environment, leaders also need to consider which messages are better delivered through line managers. Line managers by default work closer with team members and will have better insight into how each member of their team engages with the virtual communication process. Whatever their approach it is critical that an organisation ensures it is documented, communicated effectively and consistently followed by all.
In a remote or hybrid working environment it is imperative an organisation considers how they execute effective oversight of their suppliers. Businesses need to consider how their supplier arrangements work in a remote or hybrid setup, particularly in a stressed scenario. In the event of a crisis or business disruption, the ability to coordinate an emergency meeting involving internal and external resources is significantly more challenging in a remote or hybrid state. Technology can help though; messaging platforms can be configured to safely work across organisations enabling teams to collaborate quickly and effectively on issues if and when they arise. Fundamentally, businesses need to ensure they have completed the necessary upfront planning and thinking, escalation procedures need to be clearly understood and articulated in the event they are required. A joint incident or crisis management approach must be planned, documented, and tested. A RACI or matrices that set out the decision-making process in cases where senior resources are unavailable or non-contactable must be considered and written down. Supplier and client alike must consider how due diligence activities are executed in a remote or hybrid structure. Visits to supplier offices are no longer as easy and businesses must consider both physical and virtual solutions in meeting their requirements. Organisations must consider the scope of each due diligence visit and determine the best possible medium to execute it. Physical and virtual events must be planned and organised effectively to ensure their success.
The highly regulated financial services environment requires businesses to ensure that they are regularly training and upskilling staff. Hybrid and remote working introduce a new threat landscape to financial services organisations. Monitoring financial crime becomes increasingly challenging in an environment where staff are no longer in the same location. The ability for senior management and compliance departments to to use technology to monitor activity whilst supported by comprehensive and relevant user training is paramount to minimising this threat. Remote and hybrid working also introduces new cyber threats and data loss risk. Organisations often use consultants or suppliers on large change programmes or specialist work packages. Over time email threads often build up with large numbers of addresses which include external third parties. In a remote or hybrid state is very easy for a user to be unaware that a consultant or supplier is no longer involved in the project or engagement but continue to reply all on messages where the external email addresses are included. A simple error but an immediate loss of data and information by the business. Malicious actors are harder to spot in a remote or hybrid environment, the deliberate exfiltration of data from an organisation’s perimeter is a very real threat. Organisations need to ensure that they have asset tagging policies in place and data leakage tools are implemented to minimise risk. Businesses must also ensure policies and procedures are up to date with regular training provided to staff to educate on what to look for, how to act and what to do in the event of a breach or threat realising itself.
Hybrid and remote working are now established practices in many businesses. Like any good innovation, the businesses that continue to review and assess their approach to implementing these changes will be the most successful in ensuring they remain regulatory compliant, but also in attracting the best talent to their organisation.
Mirador Solutions is a specialist financial services consultancy. At Mirador we can help your organisation to design and implement an appropriate framework and operating model to deliver remote and hybrid working whilst still meeting regulatory and governance requirements.