Logo DarkLogo Light
WFH-and-DIFC-Compliance-officers

How do the compliance officers address the Employee WFH issue for the DIFC Companies?

The UAE private sector companies including those in DIFC don’t, in principle, approve remote working or WFH for their employees. Many employers also negate this idea considering only a short distance that employees normally commute for attending their offices with minimum possibility of exposure of covid 19 viral infections.

Overview

It was an exception and not a rule when the UAE Government enforced pandemic restrictions from March 2020 till July 2020 to minimize the spread of the virus by breaking the chain. Both employers and employees in the DIFC readily rose to the occasion and adapted to the new norm of WFH. The fast and successful transition from an office environment to remote working from home only signalled that this new WFH culture will be there to stay amongst the corporates.

Can an Employee in DIFC Demand the Facility of WFH?

Neither the UAE Labour Law nor the DIFC Employment Law provides any legal right to the private sector employees for WFH. It was only because of the pandemic that the government-imposed restrictions on movement and limited the workplace capacity. Employee health and safety obligations forced employers to implement WFH wherever possible.

What are the actions DIFC compliance officers must consider about the WFH environment?

Articles 43 to 54 of the DIFC Employment Law mandates employers to provide a safe working system to the employees. However, with the lifting of the DIFC directive on restrictions beyond August 2020, these obligations can not be extended to a WFH environment anymore.

Employers and compliance officers willing to ensure business continuity and data security must carry out a WFH risk assessment and provide some basic equipment to enable the employee to perform their duties remotely. Information can be sought from the employees about the WFH environment whether it is a dedicated space or a shared one.

The compliance officers in consultation with the top management must document and introduce certain work instructions for WFH employees concerning dress, working hours and methods and usage of remote working tools. As home computers are more susceptible to security risks, usage of a Virtual Private Network can be a preferred choice. For the WFH employees, the documented work instructions must be made mandatory to effectively address compliance with the DIFC Data Protection rules, Law no 5/2020 enforced on July 1st, 2020.

Two factors and two levels of authentication, OTP based login and Google authenticator can be of great help to ensure data breaches. Private and secure video conferencing platforms must also be made mandatory with End to be End encryption and advanced features e.g., Microsoft Team.

DFSA makes it obligatory for DIFC firms to deploy adequate cybersecurity measures in place for WFH. The employees also need to be notified that while on WFH, the IT systems and equipment may be under surveillance. Some other mandatory measures also need to be taken such as blocking of USB booting, no USB drive, restricted URLs etc.

Regular training sessions must also be conducted on home network security encompassing areas of default users, password protection, SSID, wireless encryption etc.

How can the performance appraisal be done for WFH employees?

As WFH employees in DIFC will have similar expectations as the regular office employees, the performance monitoring and review system must be addressed carefully.

WFH policy needs to be transparent and acceptable behaviours must be clearly stated and updated if required to reflect working methods including meetings, webinars and interviews through video conferencing.

Similar guidelines on employee productivity assessment, as provided by the DIFC directive during the period of emergency and restrictions must be followed by the compliance officers. They should also refer to the guidelines set by the UAE onshore companies during lockdowns on various other aspects such as performing duties within specified timeframes, being available over the phone and email, presenting objective evidence on achievements and productive time spent on jobs etc.

Compliance officers must take the responsibility to effectively and transparently communicate top management’s expectations to WFH employees and accordingly revise the WFH policies as and when necessary.

Unsupported WFH conditions including inadequate IT systems and equipment must also be carefully considered when carrying out employee performance appraisals. Certain issues such as family distractions, sickness and stressful situations need to get a human touch as well.

How can I protect confidential information when my employees WFH?

As DIFC employers may not have control over the storage and use of company data and information with limited or no access to the WFH environment, protection of confidential information and data becomes difficult.

However, the below-mentioned actions taken by the compliance officers should help in achieving this objective.

  • Implementation and enforcement of easy to understand policies and monitoring mechanisms
  • Ensuring appropriate usage and storage of confidential information
  • Reviewing and updating WFH and IT policies and communicating to employees
  • Ensuring data protection and data monitoring
  • Taking disciplinary actions for any breaches of data and confidential information as appropriate
  • Reviewing confidentiality and post-termination obligations periodically for added safety
  • Restricting access to confidential information as necessary
  • Restricting downloading and saving of confidential information through passwords and firewalls
  • Ensuring usage of company approved devices, platforms and video conferencing facilities
  • Approving usage of secure wifi networks only
  • Installing software that can automatically delete data and confidential information remotely in case of violation, if any
  • Enabling the IT department to securely monitor and manage mobile devices and laptops that access sensitive and confidential business data

Is WFH policy implementation necessary for the compliance officers?

Remote working comes with several advantages and is gradually becoming a norm and in all probability, is here to stay. The employers and their compliance officer must formulate and implement a WFH Policy documenting rules, guidance and methods for reaching employee-employer expectations and achieving employee productivity.

  • Rules for performance management, working hours and reporting
  • Monitoring of data and communication
  • Manpower productivity assessment criteria
  • Rules and procedures for usage and storage of confidential information and data.
  • Regulations and practices for using personal devices for work purposes
  • Extent of flexibility
  • Notification requirement for WFH

Implementation of a sound and fair WFH policy will facilitate talent retention and ensure easy transition if DIFC mandates any further restrictions for regular office working in future.

Takeaway

Compliance officers must appraise the top management on the nuances of remote working and how this could lead to some additional costs for software infrastructure and other resources.

Top management must also be made aware that WFH policies, procedures and work instructions must be included in Management Review Meetings and shall be subjected to yearly internal audits.

Just drop your email id and we will get in touch with you