Hybrid working: how can firms manage the risks?

Hybrid working is now the new normal for many firms – and it offers significant advantages – but we should also be prepared to manage the risks. Hybrid working is revolutionising the way in which firms operate, as it is in so many other sectors. According to a survey by Thomson Reuters, nearly nine out of ten (86 per cent) of UK lawyers would prefer hybrid working, so that they can work remotely at least two days a week, while nearly two thirds (65 per cent) reported that remote working has had a positive impact on their well-being.

The pandemic and lockdown have accelerated a longstanding shift in attitudes towards working practices. Given that the benefits of hybrid working include better work-life balance, improved productivity and greater flexibility, it is likely those firms that cannot offer these new working models will struggle to attract and retain the brightest and best talent.

What are the risks?

However, this rapidly developing new trend introduces a number of challenges. For example, is client due diligence (CDD) still being undertaken as it should in accordance with the law and the firm's policies? How can firms ensure they can protect themselves against cybercrime and that their information continues to be secure? There are also questions about how to supervise and support more junior members – and how to ensure that all staff have healthy working environments, and their physical and mental health is protected.

Mitigation

There are a number of steps firms can take to minimise any potential downside of hybrid working, while realising all it has to offer. First, they should consider whether their AML policies, controls and processes are appropriate for these new working arrangements. When working remotely, just as they would in the office, staff should have ready access to CDD policies and documentation. The firm should consider refresher training, for example, on identity and verification (ID&V) in a remote world, as well as looking to adopt electronic methods of ID&V such as video calls with new clients. Third party, specialist providers can help here – and useful guidance can be found in the FATF guidance on digital identity.

Phishing

In a recent report, the SRA identifies three main IT threats: phishing, ransomware and attacks on third parties and providers that are contaminating law firms computer systems. To reduce the chances of finding themselves subject to these growing threats, firms will need to ensure IT security becomes part of the firm’s mindset – wherever its people are based. Staff should be encouraged to report security breaches in a no-blame culture, while anti-cyberattack systems should be able to cope with distance working. Anti-virus software must be configured to proactively scan devices, attachments and downloads, even if a device never comes into the office.

Supervision

With junior staff in particular, it is important to re-think supervision to ensure  it can it be undertaken remotely. Without the aid of the watercooler or coffee machine, client-focused, as well as pastoral, supervision might need to be made more regular and formalised. Ensuring the days when staff and their line managers are in the office coincide with each other can also help.

As is the case in so many sectors, a reduction in time that all staff spend in the office means that the opportunities open to more junior members of the team for learning 'by osmosis' are reduced. To mitigate this, firms should consider establishing online hubs with information resources and training materials as well as making time – either remotely or in the office – when staff can specifically focus on learning from each other. Mentoring and reverse mentoring, again carried out virtually or in person, provides another such opportunity.

Quality control

There are concerns staff who are physically distanced from an organisation might also feel distanced from its ethical values – after all, if no one is watching or monitoring you, does it really matter if you take a short cut and let standards slip slightly? (Spoiler alert - yes it does). Allowing a culture to breed where this is allowed to happen could end in disaster for a firm’s reputation, especially since, over the last few years, there has been an increased focus by the SRA on the culture of firms.

To counter this risk, firms should ensure that ethics become central to business planning with a clear statement of ethical values and a strategy for implementing those values. Regular ethics audits and clear internal reporting lines will help to identify risks before they blow up, and training will help to embed best practice.

Wellbeing

In a survey for the Royal Society for the Public Health, of those who switched to working from home as a result of covid-19 nearly half (46 per cent) reported that they were taking less exercise, while over a third (39 per cent) developed musculoskeletal problems and around the same number (37 per cent) were experiencing disturbed sleep. Firm staff, particularly those working remotely, can feel alone, undervalued and less confident about how to communicate difficulties such as overwork when they are not in the office. The senior leadership team should redouble its efforts to promote the firm’s health and well-being policy. They should also arrange for risk assessments of these new working practices and offer managers training on how to support their teams. Clarity on working patterns and roles is essential, as is signposting to support channels and the introduction of more regular check-ins with staff.

The hybrid working revolution is challenging decades of thinking about the workplace – now firms have an opportunity to role model best practice in this new world of work for the benefit of clients and its staff.

Julie Norris is a partner in the legal services regulatory team at Kingsley Napley LLP: kingsleynapley.co.uk