Only one in four organizations say they are very prepared for hybrid working (Cisco). The workplace shifts that occurred over the last two-plus years have introduced a flurry of operational hurdles, HR issues and unexpected business risks. And while these new challenges may be unwieldy — especially in industries like financial services that had not previously allowed remote work as a standard practice — they must be faced. Some form of remote working is the way of the future and organizations must adapt their risk and compliance programs to be as robust for a hybrid workforce as they have been across in-office environments.
I participated in a panel discussion on this topic at the recent SmarshCONNECT conference, alongside Robert Cruz, VP Information Governance at Smarsh. We discussed the challenges of maintaining employee engagement while ensuring that compliance controls work uniformly regardless of location and offered insights around how organizations are implementing strategies to navigate the future of work.
I shared several examples from our experience here at FTI Technology, including how we introduced new offerings, pivoted instantly to maintain continuity of service among remote teams and increased the visibility of compliance leadership to communicate expectations and plans. We moved quickly to strengthen processes and controls so that robust protection and compliance could be maintained while teams were enabled to work from anywhere. These are the very same things financial services organizations are attempting to execute as they brace for the new reality that remote work is here to stay.
In addition to sharing lessons learned from within our own organizations, the panel discussed the following key risk areas that are persisting in the hybrid work environment:
- The Great Resignation and The Great Reshuffling. Employees have been leaving their organizations at unprecedented rates. Over the last two years, this has included resignations from the workforce altogether, extended leaves of absence and increased job-hopping. With millions of people moving in and out of the organization, legal, compliance and security leaders must implement additional processes and controls to mitigate the increased risk of data loss, IP theft and compliance violations. Organizations should also become more proactive with conducting investigations as employees depart and leverage analytics tools to identify patterns in communications in the period of time preceding a departure.
- Insider Threats. An extension of the massive movement of people away from and between employers is the increased incidence of insider threats, which may include well-meaning employees who inadvertently share sensitive company information, as well as malicious actors who are disgruntled or seeking personal gain by exposing or stealing company data. Access controls, compliance monitoring and ongoing employee training are all key steps to reducing exposure from insiders.
- Emerging Data. Compliance leaders need to be thinking about what channels represent the modern watercooler. Where are employees communicating? Are certain individuals or teams using communications tools that are not known to the organization? Collaboration tools (e.g., Slack, Zoom and Teams), messaging applications (e.g., WhatsApp and Telegram) and productivity suites (e.g., Microsoft 365 and Google Workspace) — all of which we categorize as emerging data sources — have changed the ways in which employees communicate and share information. It's not uncommon for any given organization to have dozens or hundreds of different such tools in use, whether they are sanctioned within company policies or not. Organizations must evaluate what they need to change within policies and practices (across governance, compliance monitoring, investigations methodologies and more) in order to adapt to this new reality.
To some degree, these issues are affecting organizations in nearly every industry. Many organizations have either avoided them or implemented makeshift, temporary solutions, with the expectation that they would fully return to in-person work in the near term. Now that it’s become clear that remote and hybrid environments are going to be a permanent fixture in business going forward, it’s time to shore up policies to mitigate risk in a way that’s fit for the future.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.