Remote working is a highly sought after perk. So much so, that 78% of employees report being willing to take a pay cut in exchange. Yet, many businesses have resisted it… until COVID-19 forced their hand.
With most of the world now on lockdown, we've all had to accept remote working as the new normal. But while this has its benefits — remote working slashes overhead and makes for happier, more productive employees — it also creates unique challenges, particularly if you operate in a regulated industry.
Recently, we hosted a webinar in which GRC expert Michael Rasmussen discussed how you can make sure you stay compliant in a crisis when you can't have your staff under one roof.
Here's a rundown of the key learnings.
Remote working creates two main compliance issues.
Firstly, regulations change and evolve continually in response to the environment. In the wake of the Covid-19 pandemic, regulators have issued a slew of updates, ranging from guidelines on key workers, to business continuity planning and cybersecurity measures.
The rapid pace of change is challenging at the best of times. You'll now need to find ways to stay compliant while also managing the pandemic's economic impact and with most of your staff working off-site.
Secondly, even where regulations haven't changed, operations probably have.
Every last detail of the way you do business — from staff working patterns down to online security and day-to-day interactions between colleagues — has been disrupted, creating new risks in the process. How do you manage these risks and make sure there's proper oversight, when your teams are spread every which way?
Clearly, culture has never been more important. As Rasmussen puts it:
"To stay in control and safeguard your business' integrity, your employees have to understand what is expected of them and how they should behave. This can only happen if there's an open channel of communication between the leadership team and the rest of the organisation."
Put simply, to ensure your business is resilient, compliance and accountability have to start from the top down.
Physicist Fritjof Capra once said:
"The more we study the major problems of our time, the more we come to realise that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent."
Capra was talking about biological ecosystems. But his statement also aptly describes how regulated businesses have to operate in this brave new world.
"Compliance has many moving parts. The compliance department is often focused on the organisation's code of conduct and other big ticket issues. But there's a lot more to compliance than this — for example privacy, security, and human resources issues such as what constitutes harassment in a remote working environment."
With this in mind, collaboration is key.
Different departments need to find ways to come together and push out a singular view, or there'll be chaos and confusion. This means collectively identifying risks, working out what is acceptable and appropriate behaviour, and communicating expectations in a way that leaves no doubt or differing interpretations.
As a GRC advisor, Rasmussen notes that one of the biggest issues he sees in organisations is "too many people sending too many messages in too many ways." This creates inconsistencies in language, style, and messaging, which make it harder to maintain a culture of compliance and integrity.
In the age of remote working — and faced with a constantly evolving crisis — this won't wash. To make sure you stay compliant, you need to be more agile
"There are three lines of defence you have to deploy to make sure you're compliant. Firstly, everyone needs to be aware of the rules and follow them. Secondly, those rules need to be appropriately written, and effectively managed and monitored. And thirdly, you need audit and assurance. Are your policies appropriate? Is everyone complying?"
At the moment, things are changing day-to-day. So you can't achieve all three using manual processes. Docs, spreadsheets, and emails create a mountain of paperwork that hinders compliance instead of helping it along."
A better option is to use tech to centralise your data. Creating a common portal that integrates with your other systems will make it easier to respond quickly to change, and push out common processes and consistent information your staff can access with ease.
It goes without saying, but your organisation's policies should be at the heart of everything you do.
Your policies spell out your organisation's legal, statutory, regulatory, and contractual requirements. And more importantly, they help, define, develop, and guide your culture. So, at this time of rapid change, it's crucial that you review them regularly to make sure they stay relevant and aligned with your mission, vision, and values.
As Rasmussen puts it:
"There can't be a strong culture of compliance if you don't have strong policies. Policies help guide and direct an organisation, and promote consistency and accountability."
Ultimately, those are the essential ingredients for remote working to succeed and your organisation to come out of this crisis stronger, more focused, and more resilient than ever.
Want more insights about strengthening your organisation's compliance when working remotely?
Access the full webinar, How to maintain a strong culture of compliance when working remotely, here.