How do the compliance officers address the Employee WFH issue for the DIFC Companies?
What are the actions DIFC Compliance Officers must consider about the WFH environment?
Articles 43 to 54 of the DIFC Employment Law mandates employers to provide a safe working system to the employees. However, with the lifting of the DIFC directive on restrictions beyond August 2020, these obligations can not be extended to a WFH environment anymore.
Employers and compliance officers willing to ensure business continuity and data security must carry out a WFH risk assessment and provide some basic equipment to enable the employee to perform their duties remotely. Information can be sought from the employees about the WFH environment whether it is a dedicated space or a shared one.
The compliance officers in consultation with the top management must document and introduce certain work instructions for WFH employees concerning dress, working hours and methods and usage of remote working tools. As home computers are more susceptible to security risks, usage of a Virtual Private Network can be a preferred choice. For the WFH employees, the documented work instructions must be made mandatory to effectively address compliance with the DIFC Data Protection rules, Law no 5/2020 enforced on July 1st, 2020.
Two factors and two levels of authentication, OTP based login and Google authenticator can be of great help to ensure data breaches. Private and secure video conferencing platforms must also be made mandatory with End to be End encryption and advanced features e.g., Microsoft Team.
DFSA makes it obligatory for DIFC firms to deploy adequate cybersecurity measures in place for WFH. The employees also need to be notified that while on WFH, the IT systems and equipment may be under surveillance. Some other mandatory measures also need to be taken such as blocking of USB booting, no USB drive, restricted URLs etc.
Regular training sessions must also be conducted on home network security encompassing areas of default users, password protection, SSID, wireless encryption etc.
How can the Performance Appraisal be done for WFH Employees?
As WFH employees in DIFC will have similar expectations as the regular office employees, the performance monitoring and review system must be addressed carefully.
WFH policy needs to be transparent and acceptable behaviours must be clearly stated and updated if required to reflect working methods including meetings, webinars and interviews through video conferencing.
Similar guidelines on employee productivity assessment, as provided by the DIFC directive during the period of emergency and restrictions must be followed by the compliance officers. They should also refer to the guidelines set by the UAE onshore companies during lockdowns on various other aspects such as performing duties within specified timeframes, being available over the phone and email, presenting objective evidence on achievements and productive time spent on jobs etc.
Compliance officers must take the responsibility to effectively and transparently communicate top management’s expectations to WFH employees and accordingly revise the WFH policies as and when necessary.
Unsupported WFH conditions including inadequate IT systems and equipment must also be carefully considered when carrying out employee performance appraisals. Certain issues such as family distractions, sickness and stressful situations need to get a human touch as well.
How can I Protect Confidential Information when My Employees WFH?
- Implementation and enforcement of easy to understand policies and monitoring mechanisms
- Ensuring appropriate usage and storage of confidential information
- Reviewing and updating WFH and IT policies and communicating to employees
- Ensuring data protection and data monitoring
- Taking disciplinary actions for any breaches of data and confidential information as appropriate
- Reviewing confidentiality and post-termination obligations periodically for added safety
- Restricting access to confidential information as necessary
- Restricting downloading and saving of confidential information through passwords and firewalls
- Ensuring usage of company approved devices, platforms and video conferencing facilities
- Approving usage of secure wifi networks only
- Installing software that can automatically delete data and confidential information remotely in case of violation, if any
- Enabling the IT department to securely monitor and manage mobile devices and laptops that access sensitive and confidential business data
Is WFH Policy Implementation Necessary for the Compliance Officers?
Remote working comes with several advantages and is gradually becoming a norm and in all probability, is here to stay. The employers and their compliance officer must formulate and implement a WFH Policy documenting rules, guidance and methods for reaching employee-employer expectations and achieving employee productivity.
- Rules for performance management, working hours and reporting
- Monitoring of data and communication
- Manpower productivity assessment criteria
- Rules and procedures for usage and storage of confidential information and data
- Regulations and practices for using personal devices for work purposes
- Extent of flexibility
- Notification requirement for WFH
Takeaways
Compliance officers must appraise the top management on the nuances of remote working and how this could lead to some additional costs for software infrastructure and other resources.
Top management must also be made aware that WFH policies, procedures and work instructions must be included in Management Review Meetings and shall be subjected to yearly internal audits.
A Member Firm of Andersen Global
- 175+ Countries
- 525+ Locations
- 17,500+ Professionals
- 2350+ Global Partners
Need Assistance?
Get In Touch
We appreciate your interest in IMC and are eager to address your needs.
To ensure we address your needs accurately and promptly, please fill out this form. This will help us in identifying and connecting you with the appropriate team of experts in our organization.
We take pride in our responsiveness and aim to get back to you within a span of 1-2 business days. Your journey towards solutions starts here.