The Financial Conduct Authority (FCA) has warned regulated financial advisers to ensure remote working staff know they could face visits at home from the regulator.
New expectations on remote working set out by the regulator yesterday called on firms to consider how they plan on communicating with home working staff that FCA visits could take place in their homes.
“We should be able to access firms’ sites, records and employees,” the FCA said.
“It’s important that firms are prepared and take responsibility to ensure employees understand that the FCA has powers to visit any location where work is performed, business is carried out and employees are based (including residential addresses) for any regulatory purposes.
“This includes supervisory and enforcement visits.”
The FCA also revealed that it expects firms to ensure an “appropriate culture” can be put in place and be maintained in a remote working environment.
This involves ensuring control functions such as risk, compliance and internal audit can continue to carry out their functions unaffected, such as when listening to client calls or reviewing files.
Firms have also been urged to consider any data, cyber and security risks, particularly where staff are transporting confidential material and laptops more frequently due to a hybrid working arrangement.
And they should monitor the impact of remote working arrangements on staff, including wellbeing, training, and diversity and inclusion matters.
‘Bit of a shock’
Commenting on the potential for home visits, Branko Bjelobaba, principal at consultancy Branko, (pictured) told Health & Protection that a lot of small businesses have always worked from home so this maybe be less disruptive for them.
“So many small medical and protection intermediaries do work from home,” he said. “I used to be an auditor at PwC. I regularly visited people working from home.”
However, where firms suddenly moved people out of the main office into their home, this could be a more significant challenge and risk.
“Say you run a big call centre and last March you flipped the switch and everybody started to work from home, who haven’t up to now worked from home,” he continued.
“Those are the sort of people that might be in for a bit of a shock, but at the same time you’ve got call recording, you’ve got files online, you’ve got paper files.
“The employer already exercises some supervision over employees working from home so to me, this wouldn’t be a step too far. It’s just the regulator checking what’s going on and ensuring that the employer is also checking what’s going on at home.
“To me, it’s not momentous in that way. It’s just the regulator saying that if you’re going to maintain this hybrid form of working, then we need to exercise a supervisory control.”
Other key expectations
Some of the other key expectations included ensuring firms’ lack of a centralised location or remote working does not or is unlikely to:
- Affect the firm’s location in the UK, or its ability to meet and continue to meet the threshold conditions for the regulated activities it has or will have permission for – or any equivalent requirements, where these do not apply.
- Prevent the FCA receiving information about a firm.
- Reduce the accuracy of the financial services register for others if, for example, consumers are not able to contact the firm at the principal place of business shown on the register.
- Affect the ability of the firm to oversee its functions including any outsourced functions.
- Cause detriment to consumers.
- Damage the integrity of the market.
- Increase the risk of financial crime.
Firm are also expected to prove there is satisfactory planning:
- That there is a plan in place, which has been reviewed before making any temporary arrangements permanent and is reviewed periodically to identify new risks.
- There is appropriate governance and oversight by senior managers under the Senior Managers regime, and committees such as the board, and by non-executive directors where applicable, and this governance is capable of being maintained.
- A firm can cascade policies and procedures to reduce any potential for financial crime arising from its working arrangements.
- The nature, scale and complexity of its activities, or legislation, does not require the presence of an office location.
- It has the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are robust.
- It has appropriate record keeping procedures in place.
- Where any staff will be working from abroad the firm has considered the operational and legal risks.
The FCA pointed out that these expectations are not an exhaustive list as the information it requires will depend on a firm’s business model and how they intend to operate.
