“The new normal”: Singapore addresses work-from-home risks

Last year’s shift to remote working in the covid-19 pandemic did not trigger “any significant increase in operational, fraud and cyber risks”, according to a new paper published by Singapore’s banking association and regulator, which outlines a range of new policies banks should adopt if the practice becomes “the new normal” post-pandemic.

The Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS) published the paper, based on the experiences of ABS member banks, on 2 March.

Singapore imposed an eight-week “circuit breaker” stay-at-home order from 7 April to 1 June to contain the pandemic, during which 85% of financial institutions’ staff worked from home, and in many institutions remote working has continued since.

The paper notes that although vaccination programmes in progress in Singapore and other countries mean a return to onsite work is in sight, it was “foreseeable” that remote working would continue for some time yet, while some financial institutions were planning to offer hybrid “new normal” work arrangements even post-pandemic.

Although many financial institutions faced initial problems with the transition during the circuit breaker, the paper says those “have largely been resolved”. Instead, the paper looks beyond the current pandemic to the potential for a longer-term transition to remote working.

The ABS notes that its Return to Onsite Operations Taskforce (ROOT) – established to identify and share good remote working practices – had “generally not observed any significant increase in operational, fraud and cyber risks because of remote working in 2020”.

But it warns that the practice was still new, and its risks “may only emerge over time”.

The paper notes that the “overall control environment” has changed during the shift to remote working, meaning that oversight, verifications, and assessments that used to be done in person were now being done remotely. It warns that over prolonged periods this could lead to some risks being inadequately managed and falling outside their firm’s risk appetite statements.

Banks will also need to adjust their incentive structures and consequence management frameworks to tackle the potential for staff misconduct during remote working, it says, including increased monitoring of transactions and activities taken by staff in high-risk roles.

It says new fraud typologies will “evolve” out of remote working, which banks will need to identify and detect. Banks will also need to outline situations where in-person contact is necessary in spite of the pandemic.

It also warns banks to consider the cybersecurity of their employees’ remote working infrastructure, including their personal devices, and the impact of amended information governance policies – highlighting the risks of “shoulder surfing” and eavesdropping by family members, or sensitive information being printed out at home.

Banks should also consider their third-party suppliers’ remote working arrangements and what risks might arise there, it says, noting by way of example two instances during the circuit-breaker when hours-long internet outages in parts of Singapore disrupted work.

The paper also notes indirect risks from remote working, such as reputational risks arising from processing errors or loss of customer information, credit risks arising due to changes in validation processes, or market risks arising from internet connectivity issues.

“Where their roles permitted, banks have made arrangements to facilitate their employees to work from home in a safe and secured environment and allowed the continued provision of services that our customers needed,” said ABS chair Samuel Tsien. “The good practices are now captured in this paper. It will serve as a valuable reference guide to all banks as remote and flexible work arrangements continue to be adopted as the pandemic evolves.”

“Financial institutions in Singapore have swiftly adapted to remote working and split-team arrangements in response to covid-19,” said MAS’s deputy managing director for financial supervision Ong Chong Tee, adding that their operational resilience was a reflection of their business continuity management plans.

“It also underscores the importance of regular tests through internal drills and industry-wide exercises jointly organised by MAS,” he added. “Investments in the digitalisation of work processes and services over the past five years have also enabled our financial institutions to continue to provide a high level of support to meet the needs of individuals and businesses during the pandemic.”

Get unlimited access to all Global Banking Regulation Review content