Radar examines current thinking around the staggered migration back for regulated sectors, emerging practice for compliance departments, and regulatory expectations.
With uncertainty remaining around the relaxation of Coronavirus lockdown rules, the “return to office” debate has caused anxiety for employers and employees alike, who must steer through an ongoing crisis and accept that the world of work will be a very different place for years to come.
Even in the uniformly regulated world of financial services, every employer, employee and office has unique characteristics that need to be considered, and all will face their own individual challenges. Each situation deserves to be assessed in isolation.
Experts say there are three areas to focus on in the short term, with the primary objective being to keep people safe: initial strategy and making the workplace fit for a return; selecting which employees come back and when; and the detail of health and safety facilities.
“From a compliance perspective, all employers have a legal duty to protect the health and safety of their workforce,” Catherine Taylor, of law firm CMS, said. “But while the underlying legal obligations remain the same, this crisis redefines what safety means in the workplace. You will want to reassure employees of the measures that have been put in place to keep them and their colleagues safe.”
Return to work plans will feature restricted access to workplaces for some employees while others continue to dial in remotely, limited use of communal areas and lifts, as well as curtailed face-to-face meetings and other physical interactions. Floor markings to adhere to social distancing regulations, and even perspex screens between desks, may be necessary.
“Risk assessment will play a crucial role in the return to work process,” Katherine Metcalfe, legal director at Pinsent Masons law firm, said. “Once a decision has been taken to return to work, it will be vital for businesses to carry out a thorough review of risk assessments to ensure that appropriate control measures are put in place to eliminate the risks associated with returning to work or, where that is not possible, to minimize them.”
Business travel is also likely to be hindered for the foreseeable future. Companies will need to draw up a policy. For multinationals, such as large investment banks, professional services firms and energy companies, considerations of colleagues in other areas of the world must also be made. Different rules will govern what is permitted within various legal environments like New York City, Hong Kong and London.
The importance of people analytics tools is also likely to increase as the pandemic’s impact triggers previously unforeseen changes to employee sentiment.
“Many employers have put in place additional mental health support during lockdown,” Melanie Lane of CMS said. “Thought should equally be given to supporting employees who may already be feeling vulnerable through the next period of uncertainty and change.”
Compliance And Covid-19
“Covid-19 has created unprecedented business and regulatory disruption in a condensed period,” Allen Meyer, partner and Americas compliance practice head at Oliver Wyman. commented. He added that “there are massive changes to how financial institutions operate, what regulators and supervisors expect, in addition to significant economic impact on society, businesses and individuals.”
Compliance teams need to pivot quickly in considering the risks and challenges created by these rapid, radical changes, Meyer said, and that it is imperative to perform a frequent and dynamic risk assessment in order to understand new circumstances and address the risks in a holistic way.
This would involve a deliberate assessment of risks based on changes in the environment, including the “Holy Trinity” of business, technology, and regulatory; it also calls for a nimble way for the compliance program to manage changing risks through expedited actions. This will include seeking relief from regulators, updating policies and controls, and escalating issues.
“Compliance, like other functions at most financial institutions, is now fully engaged in managing the day-to-day firefighting,” Meyer said. “However, in periods of disruption, new risks can appear quickly, and existing risks can materialize into real problems as control structures no longer operate optimally.”
The function will also have to consider risks created indirectly through wider regulatory and government actions, including those created by regulatory guidance on displaying restraint and protecting clients in financial distress, and the flow of funds from government stimulus to different types of customers.
“Compliance will likely need to provide input on the framework for exercising forbearance and may need to monitor how the financial institution executes on the framework with its customers in practice,” Meyer said.
Regulatory Expectations And Technology
The UK’s Financial Conduct Authority said that it expects firms to prioritize information security and ensure that adequate controls are in place to manage cyber threats and respond to major incidents.
“Firms should look to implement enhanced monitoring to protect endpoints, information and firm-critical processes, including network connections and video conferencing software,” Simon Lovegrove, Global Head of FS Knowledge, Innovation and Products at Norton Rose, said.
“The FCA expects firms to proactively manage the increased risk during this unprecedented period including reviewing the impact of the pandemic on their information and systems security defenses and taking action as needed.”
Regulators expect firms to turn to technology for solutions, citing how the pandemic forces long-resisted digital changes upon companies, such as moving operations to the cloud, which helps facilitate remote working significantly.
“The current pandemic has fast-forwarded us to the future,” Pentti Hakkarainen, Member of the Supervisory Board of the European Central Bank, said in a speech in May. “This crisis has revealed the need for banks to fully embrace the latest technology – or risk becoming extinct.”
Those coming out of this in good shape will have learned how to ensure operational resilience while running operations in an entirely digital environment, Hakkarainen said, highlighting the greater need for machine learning solutions to improve efficiencies by automating certain repetitive jobs. With budget restraints inevitable after the pandemic, he added that resource management will be key.
“Strategies that forego investment in innovation and instead focus on short-term fixes for legacy IT systems will cost banks dearly,” Hakkarainen said. “To succeed in the race to digitize, banks must continuously invest in building skills and expertise in the use of new technologies – at both operational and board levels. It is also crucial that banks firmly embed their innovation strategies at all organizational levels, and closely monitor them through both financial and non-financial metrics.”
Banks should start on this today, Hakkarainen said, “because this pandemic has made one thing clear: The future is already here.”