WFH – Is the Non-Regulated Party Over? An FCA Crack Down

Depending on which side of the table you’re on – be it the Board room or your kitchen table – it seems that both executives and employees of financial firms have begun flexing their muscles. Wall Street was one of the first communities worldwide to decree that the work-from-home (WFH) party was over. Big firms like JP Morgan Chase, Bank of America, and others have demanded that their employees return to the office. Not to mention that most have mandated that all employees be vaccinated before they do so – “or else.” David Solomon, the CEO of Goldman Sachs, publicly called out WFH as “an aberration … and not the new normal.”

But employees are flexing their muscles in this period of “The Great Resignation.” Specifically, they are flexing their legs and feet as they’re walking away in droves despite unprecedented bonuses to retain them or lure their replacements. Indeed, the war on talent rages on. A key part of that tug-of-war between executives and employees is the now requisite demand for flexibility – which is code for WFH. However, Wall Street isn’t the only one opposed to the idea: the FCA (Financial Conduct Authority) of Europe, seems to agree that the WFH party is over.

It’s about integrity

The FCA, per its charter, is focused on protecting the integrity of the markets. Even if that means visiting brokers and executives in their homes. Stated more bluntly, the plan is to do whatever it takes to reduce the risk of harm to consumers. And the financial services people who WFH can like it – or leave it.

On October 11, 2021, the FCA issued a note that stated, “…FCA visits could take place in homes.” As expected, the reaction was swift and unfavorable. Given the ambiguity in the note related to how and under what terms the FCA would mandate a home visit, workers immediately spoke up to voice their discontent with the decree. Having previously conducted dozens of raids at dawn in 2018, eight in 2019, then only a few in the first half of 2020, people are questioning the drastic change of tactics vocalized by the regulatory authority.

Although the intended actions of the FCA are unprecedented, they are not unfounded. In 2019, insider trading was suspected in 17% of all transactions. Last year, 2020, the FCA estimated that over 25% of all trades were non-compliant with insider trading. WFH has afforded bad actors with new opportunities – that have been essentially unchecked, at least until now – to perpetrate market abuse. Not to mention the dramatic spike in sexist and racist rhetoric communicated amongst brokers and between them and their clients as they hide behind the anonymity of personal devices and burner phones.

Integrity … hello? Where have you gone? It’s the FCA calling. We want our market integrity back so we’re cracking down now.

A scare tactic or does their move have teeth?

Apparently, it’s the latter. The FCA has stated that firms upholding hybrid work policies must first vet them for approval. And then have periodic check-ins with the RegTech authority to ensure the policies have kept up with the ever-changing demands for compliance. The rationale cited is that laptops and other work devices, which were typically safely housed within the financial institution, are now “on the move” and hence the risk of those devices being compromised is significantly heightened.

“Risks from misconduct may be heightened or increased by homeworking” is an affirmation made by the FCA and it sounds like a conclusion rather than a concept up for deliberation. What that means for financial firms is not yet clear, but there are some signs of what’s to come.

Per the FCA, WFH cannot impair the firm’s ability to meet the threshold conditions which define its market activities. Nor can it impair the firm’s ability to oversee its functions or reduce the accuracy of the Firm’s Financial Register. Of course, it goes without saying that WFH cannot, in any way, increase the risk of financial crime, cause detriment to a consumer, or damage the integrity of the market. There’s that word again – integrity.

Governance around establishing a practice as permanent, whereas that practice was previously temporary and in place given the extreme measures required to meet the onslaught of COVID, is non-trivial. Firms have been “delicately” warned to not take their obligations in this regard lightly. Not to be overlooked, the rigor required to document everything with appropriate record-keeping efforts. Control functions like listening to calls, monitoring e-Communications, and other best practices are also essential.

These requirements are hardly surprising. Nor is the expectation that compliance efforts need to be tightened up to manage the added risk imposed by WFH. One new requirement has surfaced in the face of the pandemic, “The firm has considered the effect on staff, including wellbeing, training and diversity and inclusion matters.” No doubt there will be more of this as mental health, specifical burnout, continues to dominate the conversation.

Firms have been under increased risk since the pandemic began with the shift to remote work. A recommended best practice is to routinely read the FCA Market Watch publications which highlight areas of concern. Market Watch 66 underscores the importance of upholding the same level of monitoring and controls, regardless of where the work is being conducted or if that work is being transacted on a personal device. This includes the use of video conferencing tools such as the widely popular, zoom.

Specifically, Market Watch 66 states, “The recording obligations apply to conversations and communications made with, sent from, or received on, equipment provided or permitted to be used for business purposes. A firm to which the recording regime in SYSC 10A applies must take reasonable steps to record telephone conversations and keep a copy of electronic communications of activities falling within the scope of the recording rules. Firms must ensure that their recording policies can identify calls and communications that directly relate to the performance of in-scope activities.” That’s a lot of words: the net-net is a not-so-subtle reminder that firms are responsible for recording everything from zoom to WhatsApp to any other e-comms activity.

 Consider these next steps

Whether or not the FCA will come knocking on your door isn’t entirely clear. But it does sound like they may do so. There are a few things that you can do to keep this unwelcome visitor at bay:

• Adhere tightly to Principle 11 of the FCA’s Principles for Business where you inform the authorities of any changes in your working environment.
• Clearly define and track where the work is being conducted to meet threshold requirements of Schedule 6 Part 1B of FSMA which define oversight for key functions, where the managers preside over those functions and ensure that consumers will be able to interact with the firm if they do not have access to digital communications.
• Location, location, location, as they say. The FCA wants firms to maintain a high level of accuracy on their registry so that anyone registered as a current location and means of contact as the FCA holds the authority to audit and inspect any location where work is being performed.

Maybe the WFH party is over. Maybe it’s not. Either way, the FCA has a standing invitation to your home. So, you’ll need to be ready to roll out the welcome mat.