Firms have nowhere to hide on remote work.
13th October 2021 by Brielle Hewitt
The FCA has published details of the expectations it will be holding firms to in 2021 and beyond, around remote working controls and practices moving forward. Such clarity is surely welcome, but we fear many firms will need to take serious action if they wish to maintain their flexible working practices. What is now clear is that firms are compelled to monitor and supervise all utilised and in-scope communications channels if employees are to remain flexible working, ensuring that effective systems and controls are in place to maintain compliant operations.
The FCA has been highlighting the risks that have come with the unexpected transition to remote work since the pandemic began. As our working environment has gone virtual, longstanding practices for monitoring and compliance such as random sampling has become unworkable. This has forced firms to rapidly reassess their technological capabilities in order to effectively monitor their workforces. What is also important to understand is that these expectations for remote working apply across the financial industry, from private equity through to trading firms and banks, no matter how big or small, firms must have appropriate IT and systems in place to effectively and compliantly monitor their workforces.
However, firms may find they have a long way to go in order to meet the compliance standards the regulator has laid down for the new environment.
As we wrote earlier in the year, surveys for the City of London Regtech Report 2021 found that while more than 85% of respondents said Regtech solutions could help firms to deal with the challenges Covid has created, adoption of said solutions was stubbornly low.
Now, the FCA has published a list of conditions firms will need to be able to prove that they can meet in a remote-work environment. For example, they will be expected to show remote working is unlikely to affect their ability to oversee any of its functions, increase the risk of financial crime, damage the integrity of the market or cause detriment to consumers.
They must also show ‘satisfactory planning’ that control functions such as risk, audit and compliance can continue to operate unimpeded, appropriate record-keeping is in place, and that its systems and controls are sufficiently robust, among others.
Much of the areas covered by the FCA are ones we have been discussing for months now, such as the importance of maintaining a positive culture and the importance of having robust IT systems in place. However, these can represent a big challenge for firms unsure where to start.
This does not represent malice on the part of the industry. We have written in the past about the challenges principles-based regulation can create for firms, especially in environments of extreme flux such as those we have experienced in the last 18 months. Even with these expectations, firms may ask themselves what constitutes an ‘appropriate culture’
We see signs of firms racing to adapt to the new normal – for example by investing heavily in increasing technological infrastructure and capabilities, as 80% of hedge fund managers report.
That said, technology develops so quickly that it can be extremely difficult to commit to any given solution, especially since it may be superseded by a newer, better one in short order.
These were the concerns we had in mind when we developed Fingerprint. We prioritised evidence of process to ensure regulatory compliance, automation to make it possible to handle the rapid proliferation of communications channels, and interoperability to allow users to upgrade parallel systems as technology moves forward.
The FCA’s expectations send a clear signal to the industry that firms need to be able to prove they are addressing the risks that remote work can create. If you would like to find out more about how Fingerprint can help with ensuring your communications monitoring programmes are effective and compliant, contact me, Sean Morgan on firstname.lastname@example.org