Regulators in the United States and the United Kingdom are continuing to focus on the compliance consequences of hybrid working.
While government regulators may be geographically neutral — it doesn’t matter to them where staff members are working within a jurisdiction — all compliance and security controls must be equally effective regardless of location.
As the UK Financial Conduct Authority (FCA) stated, “any form of remote or hybrid working adopted should not risk or compromise the firm’s ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them.”
A specific concern is that of communications. In October 2021, Gurbir S. Grewal, Director of the Division of Enforcement at the US Securities and Exchange Commission (SEC), warned that companies “need to be actively thinking about and addressing the many compliance issues raised by the increased use of personal devices, new communications channels, and other technological developments like ephemeral apps.”
Integral to hybrid working and the communications compliance challenges across the industry, of course, are dynamic collaboration tools, such as Zoom, Microsoft Teams, Webex by Cisco, RingCentral, and Slack. These platforms were rapidly adopted to ensure that businesses could stay connected throughout the pandemic, and now, they continue to be the mainstay of communication methods regardless of where staff work.
The ever-growing volume of video, voice, chat, and document content, however, makes being able to actively detect risks to compliance or security and losses of data more challenging than ever. Particularly where existing controls or tools are designed for email.