As staff return to the office Pearl Moses outlines how to update your policies and procedures to fit flexible and hybrid working.
Following on from the summer, and with the easing of coronavirus (COVID-19) restrictions, many of us have either returned to the office or are preparing to, even if on a ‘hybrid’ basis. The Solicitors Regulation Authority (SRA) “expect solicitors and firms to continue to meet the high standards the public expect” and to see proper governance and risk management when remote working. Firms can expect some form of blended working in the future, both at home and in the office. So, what policies and procedures will you need to update in order to adapt to a new way of working, while ensuring a suitable standard of compliance?
People and supervision
You will need to review your ’people’ policies: remote and hybrid working has affected the osmotic learning that typically takes place in the office (such as learning by example and from more experienced colleagues), impacting both new and existing staff. Similarly, supervision is a way to support colleagues and this is needed more than ever if working remotely.
Be aware of ‘proximity bias’ (the incorrect belief that people will perform more effectively if they are in front of supervisors). This can lead to supervisors favouring those in the office and excluding others who work remotely. Clearly, this is incompatible with the SRA Principles, and will also have an impact on morale and engagement.
Try to monitor who you give work to and, where possible, whether you could consider blind work allocation.
New starters will still have to be inducted, so think about how you can use virtual tools to help them understand how your firm works, and to answer any questions around terms and conditions, working practices and policies and procedures.
Consider reviewing your induction procedures to account for remote and hybrid working and consider the best way that your team can convert tacit to explicit knowledge, which can be referred to quickly, and from any location.
Health and safety
Currently, this may apply only to your office premises, but policies should be amended to cover home and hybrid working. It should also consider the health and wellbeing of staff who may be isolated or under lockdown stress.
Learning and development
Learning and development must still be delivered, even where people are working off-site. Make sure that your procedures account for situations where training and assessment is conducted remotely.
Lexcel-accredited firms require an information management and security policy; this is good practice for any firm. Ask yourself: are all of your policies and procedures up to date? Reviewing your policies on the use of confidential information and security of information outside the office is more important than ever.
Cybersecurity and email
In its recent Cybercrime Thematic Review, the SRA revealed three-quarters of the firms it visited had reported being the target of a cyber-attack. Make sure all staff are aware of the key threats when remote working. It is worth reminding staff to avoid predictable passwords, ensuring that they are updated regularly.
Check that the scope of permitted and prohibited use of email is up to date and that all staff are aware of procedures for the storage and destruction of emails. Whatever your reporting procedures, it should be made absolutely clear what the recipient of a suspect email should do.
Even if a lawyer’s use of social media isn’t connected to their job, an allegation of misconduct can still occur. The SRA has confirmed that most of the social media complaints it deals with arise from activity outside of legal practice: in 2017, the SRA issued a warning notice about conduct when using social media, so it’s important that you review your policy to cover this.
In the past, ‘working from home’ also encompassed working in cafes, on trains, and so on. This will become much more relevant as lockdown measures ease and travel resumes. Wherever people are working they need to be aware that confidentiality obligations still apply.
Staff should try to work in a private environment where others (even family members) cannot overhear confidential conversations. If staff are living in flat shares or house shares, consider providing headsets to maintain client confidentiality. The same caution applies to computer screens and making sure confidential content is not visible; your computer should be locked when it’s unattended (even at home). Your confidentiality policies and procedures should be updated to cover the extra risks.
File reviews and auditing
File audits may appear to be an additional burden for staff working from home, but they are an essential part of day-to-day risk management and good practice. File audits and reviews are still necessary, so you need to adapt your working practices as needed. Examine your file review checklist to ensure that audits are conducted properly, regardless of the location of the fee-earner.
Finally, revisit your risk assessments. What are some of the key risks you might face with remote or hybrid working and in meeting your regulatory obligations? You will need to do a risk assessment around who to bring back into the office, and when, considering current government guidance.