With remote working now necessitated by the COVID-19 pandemic, organisations (including us) are rapidly adopting or extending their processes, and in turn their controls to mitigate digital risks, and ensure remote working of employees is safe and secure. The significant increase in the number of people working from home at the same time and for extended periods of time accentuates existing challenges, whilst new types of roles previously not able to be performed remotely introduce new risks.
As more and more of its people began to work remotely, one client started experiencing connectivity issues leading to intermittent access for employees connecting via their remote working channels. They ultimately identified they had insufficient licences for a workforce of c.10,000 leading to dropped connections and the inability to serve customers during peak hours.
Another client has an obligation to perform trader surveillance. Traders, previously forbidden from working remotely are having to work remotely – a scenario the surveillance toolsets are not equipped to handle. This is compounded by being in an un-controlled home environment where the use of traders’ mobile devices cannot be stopped or monitored. This client would usually be in breach of their regulatory1 requirements, and whilst the regulator has relaxed some requirements the regulator still expects surveillance to be resumed quickly and mitigating controls to be implemented.
____________________________________________________
1 https://www.esma.europa.eu/press-news/esma-news/esma-clarifies-position-call-taping-under-mifid-ii
Security, capacity and regulatory concerns are still paramount, but the evolving nature of the current situation means that digital risk management needs to be at the fore-front of the response. The extent of ‘control compromise’ should be proportionate in order to balance over-control with ability to rapidly serve critical customer needs, whilst not exposing the organisation or its customers to unacceptable risks. We have discussed prioritising the most critical Digital Channels in our blog post Digital dependence: How to balance speed with control?
The importance of building an organisation and workforce that is confident in ‘being digital’ has hit a new precedent. You must adapt to the requirements of your most pressing demands, but do so in a sustainable and controlled way that allows immediate priorities. Those organisation’s that thrive will be those that take steps to adapt quickly within risk appetite in the short and medium term, and turn these challenges into a digital advantage into the longer term.
Even under normal circumstances, moving to digital impacts a number of risk areas across the organisation including implications for cyber, regulatory compliance and conduct risk, which require a joined up approach to risk management. Explore more in our Digital Risk framework.