Hybrid working: report reveals need for firms to review compliance gaps

A research report has highlighted the need for law firms to review “gaps” in compliance, as two thirds prepare to make a permanent switch to hybrid working post-pandemic. 

In a survey conducted by Access Legal, 85 per cent of firms said they planned to offer a mix of home and office working. However, the survey revealed many firms had neglected to consider compliance requirements that may have been overlooked during lockdown. 

22 per cent had not carried out health and safety assessments of staff in their own homes. While understandably challenging when restrictions were in place, firms may now need to consider whether assessments should be undertaken, as employers have the same responsibilities for those working at home as in the office. 

43 per cent of firms reported they had not updated their cyber security policies since moving to remote working, which suggests they may not have properly assessed risks associated with use of personal IT equipment, such as whether workers have an appropriate level of virus protection in place.

Despite recent focus from the Solicitors Regulation Authority (SRA) on compliance with money laundering rules, 40 per cent of firms had not reviewed or updated anti-money laundering assessments, which may place them in breach of the requirement to note reviews, even where no update is required.

Access Legal believe it is “likely” requirements for training, policy, control and procedure updates, supervision, and ongoing monitoring of employees will all have required an update during the pandemic. 

The research also found almost half (49 per cent) of firms surveyed had not carried out a Data Protection Impact Assessment (DPIA) since the switch to remote working. A DPIA helps firms analyse, identify and minimise data protection risks and not having a DPIA in place removes the opportunity to remove potential risks, and increases the potential for data loss. It is also likely the Information Commissioner’s Office would take a dim view of a business that suffered a breach, without having taken appropriate steps to avoid such an issue.

Commenting on the report, Brian Rogers, regulatory director at Access Legal, said: “Although most firms appear to be doing the right things, there are quite a few that are placing themselves, their staff and their clients at significant risk. We urge these firms to take urgent action to ensure they seek help to address the gaps highlighted. 

“As well as the compliance issues, there were also evident disparities in competency and supervision arrangements, policies and procedures and Business Continuity Plans. 

Rogers added: “With the vast majority of firms looking to make a permanent switch to hybrid working, now is the time to carefully review compliance procedures and ensure that your requirements as an employer are being met. 

“Many firms have shared with us that time and a lack of knowledge are the biggest constraints when it comes to addressing these issues but that isn’t going to be an excuse the SRA accepts. Firms have a duty to make the time to comply and understand what requirements they are expected to comply with.”