REMOTE OR HYBRID WORKING – REGULATORY EXPECTATIONS
Due to the coronavirus (Covid-19) pandemic, firms are already familiar with working in a remote environment and adapting their systems and controls. And it is likely many firms will continue these new ways of working. The FCA has set out its expectations so firms can plan and continue to meet their regulatory responsibilities.
What existing firms should be planning for now:
- Firms considering remote or hybrid working will be evaluated by us on a case-by-case basis.
- Your firm should consider the following.
Firms should be able to prove that the lack of a centralised location or remote working does not or is unlikely to:
- Affect the firm's location in the UK or its ability to meet and continue to meet the threshold conditions for the regulated activities it has or will have permission for – or any equivalent requirements, where these do not apply.
- Prevent the FCA from receiving information about a firm.
- Reduce the accuracy of the Financial Services (FS) Register for others if, for example, consumers are not able to contact the firm at the principal place of business shown on the FS Register.
- Affect the ability of the firm to oversee its functions, including any outsourced functions.
- Cause detriment to consumers.
- Damage the integrity of the market.
- Increase the risk of financial crime.
- Reduce competition.
A firm must also prove that there is satisfactory planning:
- That there is a plan in place, which has been reviewed before making any temporary arrangements permanent and is reviewed periodically to identify new risks.
- There is appropriate governance and oversight by senior managers under the Senior Managers Regime and committees such as the Board and by non-executive directors where applicable, and this governance can be maintained.
- A firm can cascade policies and procedures to reduce any potential for a financial crime arising from its working arrangements.
- An appropriate culture can be put in place and maintained in a remote working environment.
- Control functions such as risk, compliance and internal audit can carry out their functions unaffected, such as when listening to client calls or reviewing files.
- The nature, scale and complexity of its activities, or legislation, does not require the presence of an office location.
- It has the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are robust.
- It's considered any data, cyber, and security risks, particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.
- It has appropriate record-keeping procedures in place.
- It can meet and continue to meet any specific regulatory requirements, such as call recordings, order and trade surveillance, and consumers being able to access services.
- The firm has considered the effect on staff, including wellbeing, training and diversity and inclusion matters.
- Where any staff will be working from abroad, the firm has considered the operational and legal risks.
The above is an indicative and non-exhaustive list.
- Any form of remote or hybrid working adopted mustn't risk or compromise the firm's ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them.
Firms' engagement with the FCA
- Firms should consider if their details on the FS Register need updating. For example,
- If your firm intends to use a private residential address as its principal place of business, it should consider the effect on any individuals and get necessary approvals.
- This includes those living at the property who aren't employees.
- We should be able to access firms' sites, records and employees.
- Firms must be prepared and take responsibility to ensure employees understand that the FCA has powers to visit any location where work is performed, business is carried out, and employees are based (including residential addresses) for any regulatory purposes. This includes supervisory and enforcement visits.
Notifying the FCA of changes to your working arrangement:
- Any material changes to how your firm intends to operate may require you to notify us first.
- Under Principle 11 of the FCA's Principles for Businesses, firms are required to deal with the FCA in an open and cooperative way and to disclose to us anything relating to the firm which we would reasonably expect notice of.
- SUP 15.3sets out additional rules and guidance about when the FCA would expect notice of matters relating to a firm. You should continue to monitor any changes and speak to your usual supervisory contact with any questions.
If you are applying to be authorised or registered
For all the regulated activities which firms have or will have permission, they need to continue to meet the threshold conditions in Schedule 6 Part 1B of FSMA (or equivalent requirements, where these do not apply). See guidance on the threshold conditions in the COND sourcebook.
While the information we require from firms hasn't changed, it's important that your application covers the following specific details (if applicable):
- The arrangements your firm will have for remote working, including presence in any other jurisdictions.
- That you've considered the legal implications for your business of this type of arrangement.
- How key functions will be performed, overseen and based.
- The location of senior managers and their plans to oversee the firm's activities.
- Confirmation that your processes and procedures reflect the arrangements.
- The period the arrangements are expected to last (if not permanent).
- The arrangements your firm will make for consumer access. For example, how will you ensure that consumers without access to electronic communications can communicate with your firm?
- How your firm will address complex consumer needs. This could include ensuring you have access to appropriate locations to hold face-to-face meetings.
- The arrangements for customer authentication and vulnerability assessments.
- Business continuity plan requirements, including when using home networks.
- How your firm will manage the risk of information becoming out of date. For example, staff moving addresses.
- Where and how any FCA supervisory or enforcement visits would be done and how this is documented in your processes.
- Systems and controls, including:
- To what extent will the business digitise?
- The ability to access records/systems.
- If your firm relies on physical documents, what arrangements have been made for their security and access.
- Where files and paperwork will be located.
- Systems being used – are they recognisable and protected appropriately against cybercrime?
- The above is an indicative and non-exhaustive list as the information we need will depend on your business model and how your firm intends to operate.
Meet the team of industry experts behind ComsureFind out more
Keep up to date with the very latest news from ComsureFind out more
View our latest imagery from our news and workFind out more
Think we can help you and your business? Chat to us todayGet In Touch
As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email email@example.com.