The ongoing coronavirus pandemic is causing companies around the world to re-assess how they do business while keeping their employees and communities safe. For much of the United States, in part at the urging of the Centers for Disease Control and Prevention (CDC) and other public health officials, this has led to a sudden and dramatic increase in the number of people working remotely.
While remote work may pose operational difficulties or may be impossible for certain workforces or employees, it also presents a number of easily overlooked legal, compliance, and regulatory risks. Spotting those risks is the first step to preparing to mitigate them. The sampling below highlights examples from a number of different areas of law.
Employment Law
Employers must ensure that they are in compliance with wage and hour laws for remote workers—especially hourly workers who must track their time and who may be entitled to certain required breaks—or else face potential liability for “off-the-clock” or other wage and hour claims. Certain states require reimbursement of remote work expenses, and employers must ensure they are in compliance with these laws. Employers deciding who can and who cannot work remotely may face discrimination claims by employees claiming the decisions were made on impermissible grounds. And employers casually relaxing their remote work policies now may face arguments from employees that they have set a precedent on allowing future remote work. Although remote work is plainly a part of the solution of dealing with COVID-19 in many workplaces, remote work decisions should be made thoughtfully by employers to avoid headaches down the road.
Financial Services
FINRA rules require trading locations to be registered as branch offices with approved OSJ supervision. Personnel from a trading desk working outside their traditional offices creates a risk of trading without the necessary FINRA approvals.
Data Privacy and Cybersecurity
Working remotely strains any company’s IT and network resources. Vulnerabilities can arise from any number of angles: deficiencies or degradations of service in a virtual private network (VPN) that employees use to access company networks; or employees taking shortcuts to ease working on work-issued devices, such as by using personal email or personal cloud-storage accounts to move company data. Be assured that potential bad actors are aware of these vulnerabilities, and the frequency of malicious activity will likely increase so long as those vulnerabilities exist. Obligations to report data privacy incidents will remain, even while companies’ ability to detect incidents may be lessened while employees work outside of their usual systems.
Antitrust and Anticorruption Compliance
The safeguards that companies erect in the workplace may not be sufficient to cover activity elsewhere. Without monitoring tools designed to deter and detect suspicious activity, companies could be left in the dark if employees working remotely get close to—or even cross—the line separating permissible contacts from employee or third party actions that run afoul of antitrust or anticorruption laws. With remote work and increased multitasking comes widespread use of text messaging and apps like WhatsApp and WeChat, and other communications that are outside of the company’s network. In the event that a company policy or law is violated, it will be harder to collect and evaluate the communications underlying those allegations.
Corporate
Contracts that were negotiated during normal times are being put to the test as supply chains and ordinary operations are interrupted. Employees working remotely may not be able to perform all of the services a contract requires, or may not be able to perform to the same standard. For deals that are yet to close, there is an increased risk that non-public information becomes public, or that the real-time exchange of information is disrupted or delayed.
Litigation
Courts across the country are pressing pause on ongoing litigation, but in very different ways. The demands and distractions of working remotely can make it easier for a discovery deadline or a filing period to fall through the cracks. For cases that are continuing to move, remote depositions create unique challenges: the side conducting the deposition may have a harder time presenting exhibits or developing a clean transcript, while the side defending may face limited opportunities for instantaneous attorney-client communications.
***
Whatever the industry and whatever the legal issue, minimizing risk requires a team that knows what to look for. Hogan Lovells’ Crisis Leadership Team helps the world’s leading companies anticipate, prepare for, and respond to risks from any situation. The firm’s integrated global practices are supporting organizations as they navigate many of the same risks identified here.