COVID-19 is all over the media so it is unlikely that anyone is unaware of the potential problem for individuals and businesses that are expected as this new virus takes hold in the UK.
The FCA is monitoring the situation and has issued a statement.
Financial Services firms are obliged to have in place effective business continuity arrangements. When auditing firms, we always try to assess the robustness of those arrangements. In our experience, many of the arrangements are very narrow in scope, generally focusing on IT and data. In response to our standard question, “Have you tested your business continuity plans?“, we often hear something like, “We don’t need to test them. If we have a fire or a flood, our data is in the cloud and we go to PC World and buy some new computers – job done!“
And there it usually sits, with business owners complacently satisfied that the business is safe in the event of a problem. That complacency is misplaced.
There are many more events that could have a serious adverse impact on a business other than losing a few computers. What about disgruntled ex-employees planting malware or stealing data or otherwise generally damaging the firm’s IT set up?
What about the office premises becoming unexpectedly unavailable for whatever reason? Can all staff really work from home? For how long? Has it been tested? We know of one firm that did test the plan for everyone to work from home. They provided laptops and everyone duly tried to log in next day only to find that their software was set up to run on the firm’s network and was unable to be accessed from outside.
And that brings us to staff illness. Current Government warnings suggest that a significant proportion of the work force could succumb to COVID-19. How would that affect your business and customers? Meantime, even before that happened, firms have a duty of care to their staff to take reasonable steps to minimise risks, including health risks. And many firms tend to have a majority of clients that are in the more vulnerable age range – i.e. older. What about meeting those clients? That can involve travel and potentially increased exposure to the virus. What about clients who you meet in your premises? Are the meeting rooms cleaned regularly. Toilets? Towels?
Have you discussed appropriate actions with staff? Do you know what you would do in the event of prolonged absence or mandatory quarantine of an employee? Would they be paid while absent? What are their rights to benefits? It has been confirmed that Statutory Sick Pay is payable in the event of a required self-isolation.
It is not possible to remove all risk but firms need to take appropriate steps to reduce risks where they can and, if the worst happens, firms need an appropriate response to be within their business continuity arrangements.