"People are working from home. They are not working in the same office with the same oversight, controls and processes within an office. How do we ensure proper compliant behaviour in a distributed workforce? That becomes critical. Even where regulations haven't changed, the business patterns and behaviours have changed and still need to be compliant. We still need to meet those requirements whether they are privacy requirements related to GDPR, market conduct requirements, UK SMCR, bribery and corruption and health and safety requirements. We need to be able to meet all these requirements with a distributed workforce in the pandemic," Rasmussen told listeners to ClauseMatch's recent webinar : "How to Maintain a Strong Compliance Culture when Working Remotely".
Firms still need to be able to see and monitor individual behaviour, communicate what behaviour should be in policies and ensure compliance across employees working from home. It is a lot easier in traditional office environments, but as firms respond to the pandemic it becomes a lot more challenging to monitor and control that behaviour in remote office settings. Working remotely has raised some difficult questions for firms in terms of how to manage and monitor market conduct, IT security as well as other key compliance and risk management tasks to protect themselves while meeting compliance requirements when
employees are working from home.
"This scenario where unagile processes particularly with documents and spreadsheets and emails just do not work. When we have
documents, spreadsheets and emails it's hard to understand whether somebody actually did understand that policy they acknowledged.
Did they answer the questions for compliance and understand what is expected of them in this time of crisis? Documents, spreadsheets
and emails become a mountain of paperwork and they work against compliance," said Rasmussen.
To illustrate how unagile the manual approach is Rasmussen used an example of a firm he met prior to the crisis that spent 200
employee hours to build a compliance annual report for its board. It took 200 hours, because the management information was dispersed throughout hundreds of documents, spreadsheets and emails. In that context, he explained a firm is not managing compliance, but reacting it as issues arise that have not been addressed. This approach becomes even riskier in the fast-moving pandemic environment in which firms currently find themselves, he said.
"Documents, spreadsheets and emails slow the business down, don't have a proper audit trail and system of record of what was communicated to employees and how they acknowledged it. We need a system that can communicate policies, track attestations, clearly illustrate what proper behaviour is in normal business times, but even more so in times of crisis," said Rasmussen.