Compliance News: Employee Remote Working Considerations and COVID-19
As companies encourage employees to work remotely in unprecedented numbers, Compliance Departments as well as IT and HR Departments will be faced with increased challenges, such as those related to:
Cybersecurity
Communication Networks
Office Supervision and Business Disruptions
Business Continuity Planning
The following is a high-level summary of some of the potential considerations that may apply to your firm depending upon your business model and regulator(s).
Cybersecurity
Employees working remotely will access company networks through a number of networks, including Office/365, Outlook Web Access (OWA), Citrix and more. Remote access increases companies potential explosion to cybercriminals. Companies will want to assess their cybersecurity policies and procedures in light of increased employee usage. Policy and procedure reviews may include assessments of system and network vulnerability, firewalls, penetration testing, user authentication and more.
The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
Review CISA Insights on Risk Management for COVID-19 for more information.
Communication Networks
Companies may consider reminding employees of company approved communication channels (e.g., corporate Outlook email, Bloomberg messaging, etc.), as most regulatory regimes (e.g., broker-dealers, investment advisors, etc.) have supervisory and records maintenance requirements. Companies may consider conducting electronic communication reviews through their compliance systems to ensure that employees are communicating through approved communication channels. Additionally, it is important that companies ensure that their employees have access to the company network to access these approved communication channels. Compliance Departments may also consider remote employee attestations and/or checklists to assist in ensuring that employees have the resources they need, and an understanding of current compliance policies and procedures, to conduct their job compliantly.
Office Supervision and Business Disruptions
A number of regulators have issued reminders of supervisory requirements since the spread of COVID-19 began. Please feel free to visit www.HalyardCompliance.com for a helpful list of notices and announcements that the regulators and government agencies have issued to date. As an enhancement, in certain circumstances companies may consider a reasonable risk based approach to supplement current policies and procedures, such as ‘compliance check-ups’ via webinars, emails, phone, network and system checks and other means of auditing certain processes and procedures remotely. It is important to remember that until additional regulatory guidance is issued to the contrary, companies are required to adhere to current rules and regulations applicable under their respective regulatory regime(s).
Business Continuity Planning
Companies should ensure that their Business Continuity Plan (BCP) is adequate in addressing global pandemics. The BCP should consider related topics, such as restrictions on travel, working remotely, working from alternative office locations and other measure to help prevent the spread of COVID-19.
