| UK & Europe | Articles
The FCA has shared its concerns that changes in technology and home working may heighten the risk of misconduct when it comes to recording obligations. The regulator expects all firms to identify and address risks in the current working environment – not just in terms of policies, but also in monitoring, training and culture more broadly.
In Market Watch 66 the FCA reminded firms of their recording obligations under SYSC rules. The regulator expects firms to take all reasonable steps to ensure that all in-scope activities are carried out in recorded auditable devices.
Firms are required to record conversations and communications made with, sent from, or received on, equipment provided or permitted to be used for in-scope activities – including telephone conversations – and to keep electronic records of these communications. You must be able to demonstrate, on request, that you have effective, up to date recording policies and procedures, and management oversight to meet these recording obligations.
Having weak controls around communications doesn’t just affect your compliance. It also limits your ability to provide evidence to settle any potential client disputes and it reduces the regulators’ ability to investigate cases.
Assessing control gaps and ways to mitigate these risks
According to the FCA, firms must undertake an assessment of the potential risks arising in the current working environment, especially in light of new technology, to identify any gaps in the existing controls and identify the best way to mitigate these risks. These may include the following:
- Assessing if in-scope activities are carried out in unmonitored or encrypted communication applications such as WhatsApp, and whether it’s appropriate to ban them for the performance of those activities.
- Assessing whether recording on privately owned devices is effective when they are used to access work-related systems, and considering whether it’s appropriate to ban them in specific situations.
Updating policies and procedures and implementing adequate monitoring
Firms must proactively update their policies and procedures every time there is a change in the working environment or where new technology is implemented within the firm. Policies and procedures should do the following:
- Identify clearly which calls and communications are covered by the policies. This should include the performance of in-scope activities and any communications carried out on the lead up to these activities, or where there is a reasonable prospect of such activities being performed.
- Set out clearly the consequences for breaching the communications policies. This should include details of the disciplinary action you may undertake and the potential regulatory and enforcement action the FCA may follow, including potential banning of individuals from carrying out regulated activities. Equally it should establish the steps you will undertake to remediate any gaps identified.
- Set out the necessary governance arrangements for amending the policies and procedures including how to document changes and the sign-off process required.
- Set out any additional measures you should be implementing before accepting or permitting a new medium of communication, including the process for approval and implementation.
In addition, you should have a rigorous monitoring regime in place, proportionate to the increased risks, where in-scope activities are conducted outside the controlled office environment. With working arrangements potentially being long-lasting it is worth exploring different solutions in the market, to make sure your obligations under the SYSC rules are being met.
Providing training
Whenever new or amended policies are introduced or new technologies used, you should carry out suitable training including the following areas:
- Providing a clear summary of the obligations and prohibitions under the recording and communication policies.
- Reminding individuals of the consequences of breaching the rules (e.g. disciplinary action and FCA enforcement action)
- Covering any conduct risk arising from this technology or change in the working environment.
Embedding the right culture
Senior Management is expected to play an important role in establishing and embedding the right culture and governance within the firm. This means setting the example and promoting the right message to ensure the best standard of conduct is achieved in the current working from home arrangements.
How we can help with market abuse
Bovill helps firms to build robust frameworks to control their market abuse risk.
- Communication surveillance risk assessment – we can assist you with the identification of gaps in your current controls
- Policies and procedures – we can help firms to implement effective policies and procedures around your recording obligations under the SYSC rules
- Governance arrangements – we can assist reviewing your existing governance arrangements and proposing recommendations for improving your governance framework.
- Training – we can assist in the drafting and delivery of training around SYSC rules and communication of surveillance
Get in touch
