While we are trying to predict what the world will look like when the Covid-19 pandemic finally recedes, it is becoming clear already that after the outbreak is over, many of us will still be working from home.
Some companies like those in the technology, financial services, and insurance sectors probably won’t return to the old way of doing business. Others are planning to send employees back to the office in batches, with the ones itching to get back going in first. In any case, most employees will likely be allowed to work from home, at least through the end of 2020.
Lloydette Bai-Marrow’s great recent post on the FCPA Blog discusses the new risk profile that employees working from home will create for compliance departments. Personal conflicts of interest, data protection, and compliance training regimes – these are the three associated risks she highlights.
The situation with the pandemic and a sudden shift to WFH has a tremendous effect on our behavior – our normal ways of working and daily routines are gone, as well as the accompanying sense of security. To elaborate on Lloydette’s arguments, I wanted to look at the issue from a behavioral perspective.
Here’s a summary of the main behavioral risks related to working from home and their underlying drivers:
Out of sight out of mind. As Aristotle famously declared, “Man is by nature a social animal.” We have a chronic need to belong to and identify with a group. When working from home, video conferencing is our only option to maintain the feeling of “connectedness.” Psychological distance, however, is not that easy to bridge, no matter how refined the technology. Along with a decrease in motivation, this can drive unethical conduct – suddenly all the rules and regulations are so far away, is it so important to follow them?
The value of social influence. The environment within which we find ourselves plays a significant role in shaping our decisions and choices, ethical or otherwise. In the workplace, employees will look for “social cues” in the environment to understand how to behave, especially when facing an uncertain situation. Social context helps us to identify what “doing the right thing” is and what is not. Without environmental cues, we may struggle to determine which type of behavior is appropriate, which can directly drive the risk of misconduct.
A shift of social identities. According to the social identity theory, social group membership has a strong impact on people’s behavior. Being a member of a group provides us with a “social identity” and helps to determine what type of behavior is appropriate and expected. When working from home, our social identity as a “family member” takes over from the employee’s social identity. This may lead people to put personal interests first and take riskier decisions, such as developing a side hustle.
As compliance practitioners, we need to recognize these and other drivers of behavioral risk and work with the management to mitigate them effectively. Start with a risk assessment – review the new processes and procedures employees are expected to follow when working from home. Are there any risk factors that might drive additional risk? Think about the potential strategies to mitigate them. While you update your risk registries, remember that leaders should be encouraged to foster psychological safety and to speak up in their teams at all times.
What evidence is there to support these assumptions on negative impacts from behaviour change? This seems to suggest that our compelling reasons for being more corrupt than normal increase while working from home. Can that be true. Surely it is other factors that count when considering an increased propensity to commit financial crime and not just the “being watched “factor.
Great points raised. A couple of things for your consideration:
1) the best practice guidance tells us that a major change to an organization’s business operations is a legitimate reason to perform a compliance risk assessment. I argue that shifting most of the workforce to WFH mode is a major change;
2) when performing a risk assessment, we need to understand the risk factors, i.e. things that may drive additional risk – that’s exactly what the article is about;
3) regardless of whether these risk factors will or will not materialize into negative events, compliance professionals must be prepared for any scenario. That’s what risk management is all about. And that’s what the regulators are expecting to see – an effective C&E program should be based on the company’s risk profile.
4) regarding the ‘being watched’ factor – I was rather referring to contextual influences in the article, like having a certain social identity because of belonging to a team, being embedded into a certain corporate environment, etc.
Hope that helps!
On the bright side, with the lack of “social cues” in the environment good employees might not be exposed to ongoing negative or corrupt behaviors, thus reducing the misconducts seen up to now in any given workplace. Who knows with less human interaction next year we may see a reduction in the 3.6 Billion total loss reported by the ACFE – no more rotten apples to spoil the barrel?
Comments are closed for this article!