FCA: Remote working expectations for firms
Graeme Stewart
1 November 2021In October, the FCA published their expectations for remote or hybrid working, which apply to existing firms, firms applying to be regulated and firms proposing to submit further applications. In this update, we will look only at existing firms.
As we emerge from the pandemic, many firms will be introducing further changes to their normal working practices, following relaxations in Covid-19 rules. Some firms have all staff at home or all staff working remotely. The variable arrangements are almost indefinite!
Whatever arrangements you have made, either on a temporary or permanent basis, we should all be aware of what the FCA expectations are, and what considerations we should be making as we emerge into the new ‘paradigm’.
What existing firms should be planning for now
The FCA has said that they will evaluate firms on a case-by-case basis.
They expect that firms should be able to prove to them that any lack of a centralised location or remote working does not or is unlikely to:
- Affect the firm’s ability to meet and continue to meet the threshold conditions
- Prevent the FCA from receiving any information about a firm
Our comments and observations
Throughout the pandemic, the FCA has issued several questionnaires that required firms to report to the FCA their financial resilience. Thee FCA expected some firms to fail, and the questionnaires were designed to highlight any firm that may be experiencing financial difficulties so that a planned and orderly exit could be achieved.
Recently, the FCA has turned its attention towards asking firms to interrogate their financial resilience and ask in particular: if holding the minimum capital adequacy is sufficient to meet any claims that could reasonably be expected. This is particularly important for firms who may have product exclusions or higher levels of excess within their PI policy.
Paradigm recommend that the senior managers document such discussion and assessments in their senior managers meetings, and that a close watch is kept on this issue.
In addition, firms should make sure there's nothing that reduces the accuracy of the FCA Register: for example, consumers are not able to contact the firm at the principal place of business shown on the register.
Firms should ensure that any changes in working practices does not leave clients with no easy point of contact, and any changes to working practices from advisers are reflected in updating the FCA Directory. Neither should these changes:
- Affect the ability of the firm to oversee its functions, including any outsourced functions
- Cause detriment to consumers
- Increase the risk of financial crime
Our comments and observations
Firms will need to ensure that their governance arrangements remain robust, whatever working practices might be adopted.
For example:
- The fact that some staff are working from home, does not mean that the frequency and content of normal supervision, is relaxed or interrupted.
- Staff should still have access to the firm’s policies that they may need to refer to as they work on a daily basis.
Data Security is key, and firms should ensure that if data (physical or electronic) is being used remotely, it remains safely secured. Further information and support is within our cybercrime support hub.
The FCA state that a firm must also prove that there is satisfactory planning:
- That there is a plan in place which has been reviewed before making any temporary arrangements permanent and is reviewed periodically to identify new risks.
- There is appropriate governance and oversight by senior managers under the SMCR and this governance is capable of being maintained.
- A firm can cascade policies and procedures to reduce any potential for financial crime arising from its working arrangements.
- An appropriate culture is in place and maintained in a remote working environment.
- Control functions such as risk, compliance and internal audit can be carried out effectively, such as listening to client calls or reviewing client files.
- The firm has robust systems and controls and IT infrastructure to fully support any new working conditions.
- A firm has considered the risk of data security if laptops etc, are used more frequently from home.
- The firm considers the effect on staff, including wellbeing, training and diversity and inclusion matters.
Our comments and observations
The emphasis is on the senior managers then, to consider what additional risks may result from any new working practices. For example: is there a risk that the usual case checking levels could not be delivered if a supervisor was in a different location to an adviser?
It is also important that any changes to the firm’s governance arrangements, continue to be communicated clearly to any remote staff.
Firms should also be on the lookout for any changes in staff behaviours, ensuring that their wellbeing is being managed through any disruption to normal working practices.
Firm’s engagement with the FCA
The FCA state that firms should consider if their details on the FS register need updating.
They also reminder us, that the FCA has powers to visit any location where work is performed.
Firms are reminded that any material changes to how a firm intends to operate must be notified to the FCA under Principle 11.
Our comments and observations
In summary, the FCA has provided a number of different considerations that firms should be aware of.
Their expectations are that firms need to remain robust and compliant regardless of any changes brought about in working conditions as a result of the pandemic.
The onus has very much been put on the senior managers within a firm for them to consider how the firm may need to adopt or adapt their governance arrangements to ensure on-going standards of compliance remain in place.
The FCA has set the bar high and allude to the fact that that they will not accept the excuse of the pandemic for any failings within the firm, that may lead to customer detriment or harm.
