The Financial Conduct Authority (FCA) has issued new guidance to companies operating a remote or hybrid working model, warning that firms must be able to prove their working model does not affect the firm's activities or cause detriment to consumers.
The new directive states that firms will be evaluated by the regulator on a case-by-case basis and should be able to prove that the lack of a centralised location or remote working does not or is unlikely to affect the company’s ability to meet the threshold for the for the regulated activities it has or will have permission for.
The guidance states that companies should be careful to ensure that remote working does not affect the ability of the firm to oversee its functions, cause detriment to consumers, damage the integrity of the market, increase financial crime or reduce competition.
Other advice contained in the proposals include the need for companies to have the necessary planning in place. Recommendations include firms need to ensure they have the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are robust. Additionally, companies are told they should also ensure they have considered any data, cyber and security risks, particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.
Companies are also warned to consider the full legal implications for this type of arrangement and how key functions will be performed, overseen and based. Firms are also advised to manage systems and controls effectively, including digital capabilities such as the ability to access records/systems, whether the firm in question relies on physical documents and what arrangements have been made for their security and access.
Sridhar Iyengar, Managing Director, Zoho Europe, commented on the guidance:
“The FCA is right to warn financial services firms about the risks associated with hybrid working, particularly around challenges such as regulatory requirements, data compliance and accountability. The Covid-19 pandemic has forced through many positive changes in terms of working practices, yet far too many companies still lack the training & assessment of personnel and the IT infrastructure and systems to ensure complete compliance."
“Moving forward, organisations seeking to build a truly safe and secure hybrid working culture must look towards operating systems that can offer key applications to manage everything from collaboration and finance, to analytics and customer engagement. This will bring a new level of safety and security to remote working, helping to keep companies compliant in line with FCA standards."