Back to the Office

Written by

Although studies have shown most workers like hybrid or remote work opportunities, CEOs rarely like the concept.

A recent KPMG survey across industries this summer found that 65% of CEOs see in-person work as optimal over the next three years. It was even higher for bank CEOs: 69% of them envision their operations fully in-person during that time frame. Only 24% of bank CEOs envision a hybrid work environment, with both in-person and at-home work, during the next three years.

One of those who dislikes the idea of hybrid work is Fifth Third Bancorp CEO Tim Spence. But Spence has an interesting take on why hybrid or remote work doesn’t work well for banking. While many bank CEOs talk about the importance of in-person work to foster a certain culture, Spence sees another reason, too. While tech companies may embrace the concept of a diverse workforce throughout the world plugging in via videoconferences and online chat, banks have long been deeply rooted in their communities where they do business.

The questions every bank faces are now: Will workers feel as motivated to volunteer and make financial donations when they’re not working in local communities where the bank operates? What happens to a corporation’s philanthropic endeavors when its workforce is diffused through the country?

I met up with Spence in late October at the company’s headquarters in Cincinnati. “My biggest fear about the movement in some quarters of the economy toward remote work is that it’s severing the link between headquarters employers and their responsibilities to the communities where their employees live,” he says.

Like many banks, Fifth Third’s financial success is tied up in the success of its communities. The $206 billion bank traces its roots to Cincinnati back more than 160 years; today, it is a major philanthropic entity in the Queen City and its employees contribute sizable volunteer hours. For Spence, being in a community means physical presence and the ability to be out with clients.

“There’s not another regional bank with a more significant share of its balance sheet attached to manufacturing and transportation and logistics companies than Fifth Third,” he says. “Those folks had to [work in-person during the early days of the pandemic] and we needed to be there with them.”

That doesn’t mean no one works from home at Fifth Third. Spence says about 15% to 20% of positions are eligible for remote work. The rest of the employee base works with their managers if they need an alternative work arrangement, for example, to accommodate caregiving responsibilities. But there’s no across-the-board hybrid work that’s available to all employees.

These issues have been on my mind lately as I head to Bank Director’s Bank Compensation & Talent Conference Nov. 7 to Nov. 9 in Dallas. Compensation consultants, executive recruiters and human resources officers at banks will talk about designing compensation programs, attracting and retaining staff and the ever-shifting regulatory environment. Stay tuned for more on those topics in the days ahead.

Can a Hybrid Work Model’s Cyber Risk Be Tamed?

Written by

Many U.S. banks are beginning to repatriate their employees to the office after some 16 months of working at home during the Covid-19 pandemic.

Some, like JPMorgan Chase & Co., have demanded that their staff return to the office full time even though many of them may prefer the flexibility that working from home affords. A recent McKinsey & Co. survey found that 52% of respondents wanted a flexible work model post-pandemic, but that doesn’t impress JPMorgan’s Jamie Dimon. “Oh, yes, people don’t like commuting, but so what?” the CEO of the country’s largest bank said at The Wall Street Journal’s CEO Council in May, according to a recent article in the paper. “It’s got to work for the clients. It’s not about whether it works for me, and I have to compete.”

Other banks, like $19.6 billion Atlantic Union Bankshares Corp. in Richmond, Virginia, are adopting a hybrid work model where employees will rotate between their homes and the office. “We have taken a pretty progressive view there is no going back to normal,” says CEO John Asbury. “Whatever this new normal is will absolutely include a hybrid work environment.” Asbury says the bank has surveyed its employees and “they have spoken clearly that they expect and desire some degree of flexibility. They do not want to go back into the office five days a week [and] if we are heavy-handed, we risk losing good people.”

However, a hybrid work model does create unique cybersecurity issues that banks have to address. From a cyber risk perspective, the safest arrangement is to have everyone working in the office on a company-issued desktop or laptop computers in a closed network. In a hybrid work environment, employees are using laptops that they carry back and forth between the office and home. And at home, they may be using Wi-Fi connections that are less secure than what they have at the office.

“If you think of a typical brick and mortar [environment], the network and computer systems are walled off,” says David McKnight, a principal at the consulting firm Crowe LLP. “No one can gain access to it unless they’re physically there.” In a hybrid work environment, McKnight says, “There are additional footholds on to my network that I don’t necessarily have full visibility into, whether that’s my employee’s home office, or the hotel they’re at or their lake house. That introduces different dynamics, connectivity-wise.”

Still, there are ways of making hybrid arrangements more secure. Full disk encryption protects the content of a laptop’s hard drive if it is stolen. Virtual private networks – or VPNs – can provide a secure environment when an employee is working from a remote location. Multi-factor identification, where employees must provide two or more pieces of authentication when signing on to a system, makes it harder for hackers to break-in to the network. And new cloud-based platforms can enhance security if configured properly.

Many smaller banks struggled to adapt when the pandemic essentially shut the U.S. economy down in the spring of last year, and many banks sent their employees to work from home. Some banks didn’t even have enough laptops to equip all of their workers and had to scramble to procure them, or ask employees to use their own if they had them.

Atlantic Union was fortunate from two perspectives. First, it had already completed a transition throughout the company from desktop computers to laptops, so most of its employees already had them when the pandemic struck. And the bank considers the laptop to be a “higher risk perimeter device,” according to Ron Buchanan, the bank’s chief information security officer. “What that means is you’re putting it in a high-risk environment, and you just expect that it’s going to be on a compromised network [and] it’s going to be attacked.”

The bank has a VPN that only company-issued laptops can access, and this gives it the same level of control and visibility regardless of where an employee was working.

Other security measures include full disk encryption, multi-factor authentication and administrator-level access, which prevents employees from installing unauthorized software and also makes it more difficult for hackers to break into a laptop.

Although cyber risk can never be completely eliminated, it is possible to create a secure environment as banks like Atlantic Union did. But they have to make the investment in upgrading their technology and cybersecurity skill sets. “The tools are there, and the abilities are there,” says Buchanan.