FCA warns firms on remote working compliance: urges tight ship on call recording
"There is a real risk of loss of monitoring and surveillance capability"
Financial watchdog the FCA has fired a warning shot at firms over compliance while teams are working remotely, noting in particular that it would be easy for companies to drop the ball on the recording regime in SYSC 10A (Senior Management Arrangements, Systems and Controls) which requires all firms to take "reasonable steps" to record telephone conversations and keep a copy of electronic communications of activities.
The note highlights the challenges financial services can face in ensuring compliance with a highly distributed workforce, conducting work from home on domestic networks and often, personal devices. (Both the FCA and US regulators have fined traders in recent years for sharing confidential information or conducting trades over applications like WhatsApp: JPMorgan Chase & Co. punished more than a dozen traders last year for using WhatsApp at work).
FCA call recording warning
In a newsletter, the FCA said: "Without effective recording and monitoring controls, there is a real risk of loss of monitoring and surveillance capability, and the absence of protection through loss of evidence to resolve disputes between a firm and its clients over transaction terms".
The regulator added it is important for firms to "proactively review their recording policies and procedures every time the context and environment they operate in changes".
The FCA added: "We expect firms to have a rigorous monitoring regime, commensurate to the increased risks, where in-scope activities may be conducted outside the controlled office environment."
Read this: "A little bit of sweating..." Standard Chartered's Group CIO on taking core banking to the cloud in every country
The recording obligations apply to conversations and communications made with, sent from, or received on, equipment provided or permitted to be used for business purposes.
As the FCA reminded firms, the recording regime in SYSC 10A means they "must take reasonable steps to record telephone conversations and keep a copy of electronic communications of activities falling within scope of the recording rules. Firms must ensure that their recording policies can identify calls and communications that directly relate to the performance of in-scope activities.
David Gurlé, Founder and CEO of Symphony Communication Services (a company that provides encrypted chat-based collaboration tools to financial services market clients, including ones which can layer on top of WhatsApp to make the popular chat app compliant) told The Stack: "For highly regulated industries such as finance and central government, compliance has been the key challenge of migrating to remote working.
"Beyond the professionals in financial sales and trading, other job functions such as accounting and legal affairs are starting to realise the benefits of monitoring communications to ensure full compliance, particularly in publicly traded companies. Businesses looking to enforce a more compliant remote working environment must be proactive and work with regulators to get ahead of potential issues. Doing so will be in their best interest. The matter at hand has evolved over the last year.
Gurlé added: "The initial focus on business continuity has shifted as the remote working environment seems to have either turned permanent or at least become a real and common option to many financial professionals around the world. In the end, more compliance practices implemented across the board will protect businesses and professionals."
CallCabinet provides cloud based call recording, QA and analytics tools. Managing Director Darren Beck, agrees and emphasises that now is the time for financial institutions to get their houses in order in this area.
Beck said: “We know companies had to work quickly to implement remote workforces last year, and understandably that haste will have led to some firms deploying technology that didn’t meet internal compliance practices, or rules enforced by the FCA. The FCA recognised the difficulties organisations were facing, so took a looser approach to enforcement. This is something we and many others supported in the interests of fairness.
“However, this latest announcement from the FCA comes as no surprise. If we think back to the original introduction of regulations such as MiFID II, the FCA allowed some leeway in the early days... Over time, this rightly changed. The same is true here: remote working has been in play for almost a year, which is ample time for financial services firms to assess their regulatory obligations and make whatever changes are needed."