As regulated firms start to move to a more stable hybrid working approach, the FCA recently published a statement setting out regulatory expectations ‘so firms can plan and continue to meet their regulatory responsibilities’. 1
In light of the latest FCA communications, set out below are some prompts designed to help Boards continue to ask themselves the right questions to guide the conversations they have, the management information they request, and the decisions they make today to protect the firm and its customers in this hybrid working environment. How relevant each of the points below are will clearly depend on the nature, scale and complexity of the firm in question, and any relevant legislation.
- Is there a satisfactory plan in place for remote or hybrid working, which has been reviewed before making any temporary arrangements permanent?
- Has the Board revisited its risk appetite to reflect the risks arising from a permanent hybrid working model?
- What line of sight do senior managers and the Board have of the latest cultural insights from staff in a hybrid working environment? How has the firm responded to these?
- Do senior managers and Boards have plans in place to oversee the firm’s activities in light of the new working arrangements? Does this include outsourced functions?
- How has the executive been monitoring the risk of poor staff/market conduct? How is this working in practice, in this working environment?
- Is the Board comfortable with any measures implemented to identify and address cultural issues arising from operating a disconnected/ remote workforce?
Customers, clients & markets
- Has the firm embedded changes to customer treatment procedures in light of Covid-19 and are these working as intended?
- Has the firm considered the impact of new working arrangements on customer access (including customer authentication, vulnerability assessments and staff access to appropriate locations for holding face to face customer meetings)?
- Given the current operating model, is the Board well sighted on how effective the firm’s Business Continuity Planning (BCP) arrangements have been? Are updated BCP arrangements required?
- Are the firm’s data, cyber and security arrangements being reviewed to reflect potentially increased risks for customers and the firm, particularly as staff transport confidential materials and laptops more frequently in a hybrid arrangement?
- Are record keeping requirements up to date, reflecting the challenges of a hybrid working approach?
- Has the firm considered any operational and legal risks from staff working abroad?
- Has the firm cascaded policies and procedures to address any additional financial crime risks arising from new working arrangements? Strategic People Customers, Clients & Markets Operational
- Can the firm prove that remote working or lack of a centralised location has not affected the firm’s location in the UK, its ability to continue to meet the FCA threshold conditions for regulated activities or its ability to continue to meet specific regulatory requirements, such as call recordings and order and trade surveillance?
- Has the firm considered whether the FCA needs to be notified of any material changes to the firm’s operations/working arrangements?
- Has the firm ensured that employees understand that the FCA is able to access any location where business is performed and employees are based (including residential addresses) for regulatory purposes? Has the firm reflected these requirements in HR and regulatory engagement policies?
1 FCA 11 October 2021 statement: https://www.fca.org.uk/firms/remote-hybrid-working-expectations