Covid-19, is a name we have become all too familiar with over the last 12 months. A name that conjures up dread and anxiety given the sheer impact on us all. It is something that most businesses would have captured on their risk registers under the “pandemic” category, but how have firms survived over the last 12 months and what lessons have we learned?
On the survival point, many companies have unfortunately not survived, others have benefitted from increased demand in their sectors, such as online businesses, and some have had to adapt to survive. Whichever category you fall into, there are lessons to be learned.
Firstly, most businesses have had to move to homeworking in some way or another. That required a coordinated approach across various business functions from IT to Operations to Risk. Balancing speed and effectiveness was vital. This included understanding the business systems and access requirements, remote access, sourcing IT equipment and the logistics of collection & delivery, and importantly, ensuring employees were safe. Disaster Recovery or Business Continuity Plans can help, but firms must also be flexible and nimble.
Moving to home-working had to take place in a controlled manner, and businesses had to ensure their IT security was fit for purpose, that staff received training and support for these new ways of working, and clear guidance on handling data from home was provided. Importantly, enhancing the controls around IT Security and Cyber was top priority as criminals attempted to seize the opportunities at a time of vulnerability for businesses.
Clearly, the pandemic was an extremely worrying time for all of us and continues to be. There were so many unknowns, and businesses first and foremost, needed to ensure the safety of their employees. Getting them home safely was stage one. Stage two was ensuring there was regular engagement with staff to let them know what was going on and to help manage the isolation of working from home. After all it was a new way of working for most of us. So, in ongoing situations and any future cases, speak to employees, listen to them and provide the necessary support, understand their needs and put in place any changes to working practices. And consider how managers should interact and coach employees with these new ways of working.
Businesses also have to continually reassess changes to their risk environment and revisit business continuity plans, cyber risks, GDPR requirements and information security. A complete risk assessment was necessary to identify any new risks from Covid-19, and to allow the business to mitigate or accept any of these risks. Changes to processes and controls were undoubtedly necessary to ensure a strong control environment was maintained during these unprecedented times.
Clearly, the customer was centre stage during Covid-19. Businesses needed to communicate with and support customers, many who had lost their jobs. Having a clear customer strategy is vital, not just because Regulations require firms to treat customers fairly, but because after Covid-19 has come to an end, customers will remember how a business has dealt with them. Treating customers fairly, especially during tough times, will inspire loyalty and enhance the reputation of the business.
As many organisations will have found, especially in the regulated space, Regulatory engagement and intervention increased in intensity. The FCA for example, as a conduct regulator, is committed to ensuring firms manage their businesses in a way which minimises customer detriment and provides the best possible customer outcomes. For example, new Rules were introduced during Covid-19 on how firms should manage forbearance requests and this impacted how businesses managed their liquidity and how they communicated with customers. In addition, staff had to be trained on any new processes and ways of working, new customer communications had to be prepared and appropriate oversight had to be put in place by QA or Compliance functions.
Another important area that became vital during the Covid-19 crisis was ensuring the communications between colleagues and from the business to customers, suppliers and employees, was clear. Clarity and speed of messaging will instil confidence that the business is prepared, organised and able to continue to operate. We have all seen or heard examples of CEOs being interviewed live on TV as their premises are burning in the background saying they are ruined and their business will never recover from this. You won’t be surprised that these businesses are no longer around and this emphasises the importance of timely, clear communication and messaging.
The ability for a business to adapt in the time of a crisis is vital, whether this is working from home, or offering new or amended services, or operating in a different way. Traditional face to face engagement stopped almost immediately with the outbreak of Covid-19, so businesses had to seek different ways to support customers, whether through Q&As, website enhancements, and even “virtual assistants”. Looking for possible opportunities during a pandemic isn’t easy, but it could be the difference between survival and going under. Thankfully many of the government schemes have helped businesses and individuals during these difficult times, but that support won’t always be there.
There is a great deal of external resource and support in the marketplace to help businesses, so use that. There is much to be optimistic about as the vaccine programme rolls out but we’re not in the clear yet. It is therefore important that companies constantly review risks from the pandemic and wider business risks in general to ensure future well-being and performance.
There is some helpful guidance out there, some useful links are shown below.
James M Wilson, Chief Risk Officer, Premium Credit Limited