Increased risks of financial crime and cyber-attacks are being felt by nearly 9 in every 10 Irish businesses as they adapt to new remote working practices. In a survey of 600 members, most of which are organisations operating within the financial services sector, the Association of Compliance Officers Ireland (ACOI) asked whether their businesses were experiencing more threats and challenges as a result of employees working remotely. While most (60%) of respondents say these threats have increased ‘a little’, a further 27% believe they have increased ‘considerably’. In addition, 77% of firms say that new compliance issues have arisen because of a remote workforce. The majority (68%) of these, however, say these issues can be ‘easily managed’.
Commenting on the findings Michael Kavanagh, CEO of the ACOI, the professional body for compliance professionals, with over 3,000 members nationwide,
“Approximately 86% of the businesses we surveyed currently have 50% or more of their workforce at home, while 27% have their entire team working remotely. In March of this year businesses had a very rapid transition to reimagining their normal business processes and procedures within a very short time, as thousands of workers were redeployed to work from home. It seems to be that remote working, in some form or another, is here to stay and as we emerge from lockdown and plan for the future, now is the time to take stock and formalise what might have originally been an ad hoc approach to having a team of staff work from multiple locations across a county, and in some cases, throughout the country.”
The ACOI survey asked 3 questions:
- Has financial crime and the risk of attack become a greater consideration since some of your workforce have been redeployed to work at home?
- Absolutely, it has increased the risks considerably 27%
- Yes, it has increased the risks a little 60%
- Not at all 13%
Mr. Kavanagh commented,
“The feedback we received reveals a palpable concern amongst our members. A recently launched international report on Cyber Readiness found that 41% of firms in Ireland have reported at least one cyber security event in 2020. Incidences of ransomware attacks on organisations are on the up, there is greater risk of security incursions on communication networks such as Zoom and Skype. The increased sharing of work information and files on mobiles devices and platforms, rather than across secure office intra-nets, also presents new and evolving security challenges.”
- Has having the organisation’s employees work remotely presented new compliance issues?
- Yes definitely – it has become very challenging 9%
- Some new issues but nothing that cannot easily be managed 68%
- No 23%
Mr. Kavanagh commented,
“The level of risk varies according to sector. It is widely accepted among the financial services sector that Covid-19 has led to heightened risks in relation to money laundering and terrorist financing. A recent ACOI webinar highlighted the extent to which financial crime is on the rise around the world – all the usual range of criminal activity is there, but with a Covid-19 twist.”
The ACOI say that criminals are taking advantage of the digital adaptations that organisations have needed to make and are devising innovative ways of accessing private information.
Mr. Kavanagh went on to comment,
“This is an evolving story and the financial crime compliance community are having to adapt accordingly. Given the pace of work-practice change and the uncertainty within the macro-economic climate, organisational vulnerability is unavoidable in certain instances. In response, regulators around the world have been developing, issuing, and updating guidance to firms.
Some of the risks we’re hearing a lot about include issues around fake documentation, the reliability of information sources, and data privacy and protection.”
- Approximately what percentage of your organisation’s staff are now working remotely?
- 100% 27%
- Between 50 – 75% 46%
- 50% 13%
- Between 25% – 50% 5%
- Less than 25% 9%
Detect and Protect
How can compliance professionals work to detect and mitigate the risks that we are seeing in the business world due to the prevalence of cyber threats?
Mr. Kavanagh explained,
“ While the challenges and changes can seem sweeping, there are small steps a business can take to begin with, that will help – from keeping up with best practice regarding regular software updates and effective system maintenance, to good password control, to introducing process such as two-step authentication. Larger companies might have the resources to bring in biometrics and facial recognition technology to help with secure identification, and there is also protection available at a financial level by ensuring you have a robust cyber-security insurance policy in place. A combination of technology and human resources will always be the best approach to creating and maintaining cyber-safe and secure working practices and operational environments.”