The FCA has recently published the Market Watch 66, its latest periodic newsletter on market conduct and transaction reporting issues. This focuses on the obligation on firms to ensure that communications are recorded.
The COVID-19 pandemic significantly changed the way financial firms operated during 2020. Many employees moved to a working from home environment, which brought new challenges for compliance departments. As we head into 2021, this new way of working is still prevalent for most firms.
In this latest Market Watch, the FCA reminds firms of their obligations to record relevant telephone conversations and electronic communications. It has noted that working from home may result in an increase in the risk of misconduct through the sharing of sensitive information via unmonitored and/or encrypted communication such as WhatsApp.
Where firms do allow staff to communicate through these methods, they must ensure that messages are recorded and can be monitored. The FCA notes that it has taken action against firms and individuals who have used WhatsApp and other social media platforms to arrange deals and give investment advice. This type of activity is taken seriously by the regulator and it will continue to be an area of focus.
Firms should be proactive in reviewing their approach to recording when there are changes in the business environment. Monitoring should be appropriate for the level of risks, particularly where relevant activities are being performed outside of the office. The culture of a firm is key to ensuring the conduct of staff is suitable, with Senior Management responsible for setting and embedding the tone from the top. The importance of suitable training is also reinforced.
In this latest Market Watch, the FCA reinforces that firms are required to have effective, up-to-date policies on communications recording. They must be able to demonstrate to the regulator, upon request, that policies, procedures, and management oversight meet the rules of recording. Importantly, this includes the policies and procedures that have been adopted, if required, to accommodate working from home arrangements. Policies should include details on which conversations/communications are subject to the recording rules as well as procedures to follow where breaches or gaps are identified. New or amended policies should be approved through the firm’s governance arrangements.
Where firms allow privately owned devices to be connected to their networks or access sensitive/confidential data, there should be controls in place to ensure recording can take place. It may be necessary to ban certain activities from being performed on these devices. As a general rule, all communication arrangements should be approved by the firm prior to being used by employees.
Firms should review their communication policies, procedures, and arrangements to ensure they are appropriate for the continuation of working from home arrangements. Compliance monitoring should be in place to check that calls, messages and emails are being recorded. All controls to manage the risks of market abuse should be assessed and tested on a regular basis.
For further information on this alert, please speak to Anthony Wells, or your usual ACA consultant at +44 (0)20 7042 0500.
How We Help
We offer a wide range of services and solutions to help you address these challenges, including:
- Training solutions: We offer tailored and customised training across a range of topics, including roles and responsibilities and financial crime prevention, as well as a regular series of pre-scheduled, live and interactive training courses.
- Communication monitoring: Our dedicated search specialists and regulatory consultants are on hand to conduct communication reviews to assist you address your regulatory obligations.
- Employee compliance and market abuse detection: Our ComplianceAlpha® technology platform offers automated monitoring and surveillance capabilities to provide risk and compliance officers with a unified view of risks and behaviour across the firm as well as reduce the number of false positives.
- SM&CR: Our comprehensive and practical suite of SM&CR solutions are designed to help you review and maintain compliance against the directive. Our SM&CR services include post-implementation assurance reviews of your firm's current framework and on-going assistance with employee assessments and training.