The resurgence of COVID-19 in the UK and a corresponding change in government guidance around remote working has caused many firms to rethink plans for a gradual return to the office in the near term. Earlier this year we wrote about the FCA’s focus on the heightened risk of market abuse in a remote working context (see our article). Most recently Julia Hoggett, Director of Market Oversight, has been speaking about this risk at an industry conference and emphasising the need for firms to be vigilant. Whilst surveillance was disrupted in the early days of the pandemic, the FCA has suggested that it now expects there to be equivalent surveillance arrangements for staff whether they are working in the office or remotely.
Therefore, to the extent they have not already doing so, it is apparent that firms should be thinking about whether existing controls (particularly any short term fixes) will need to be re-visited and put in place a strategy for dealing with any backlogs in surveillance alerts.
Questions to consider
Many of the points made by Julia Hoggett reiterated guidance issued by the FCA previously, such as in Market Watch 63 (which we discussed in a previous article). Nonetheless, it was a helpful reminder of the questions that firms should ask themselves. For example, firms should consider:
- whether any new types of information might constitute inside information in the context of the pandemic, such as the firm’s use of government furlough or lending schemes?
- whether existing controls are capturing all staff who should be considered as insiders?
- whether inside information is shared on a need to know basis only?
- whether systems have been adapted to take into account risks which arise in a remote working context, such as how deliberate or inadvertent sharing of confidential information to family or flat mates can be controlled?
- whether remote trading surveillance and reporting systems have adapted to volatile market conditions and remote working arrangements?
- whether a contemporaneous record of decisions around potential inside information has been kept, including the reasons for such decisions?
We have seen firms take steps to strengthen the security of IT systems around access to inside information in light of the pandemic and in our recently published survey of operational resilience in the context of the pandemic observations include that “financial institutions with an established formal model for home working have adapted well to the transition, whereas financial institutions or functions which previously followed a sign-off office based model have faced additional obstacles.”
Increased focus on STORs
One of the areas under scrutiny from the FCA is whether firms’ approach to Suspicious Transaction and Order Reports (STORs) is sufficiently robust, given these are a vital source of information in terms of detecting whether misconduct may have taken place. We commented in our previous article that volatile market conditions had led to a surge in surveillance alerts and, where a backlog has arisen, this may have had an impact on whether and how quickly STORs have been made. It is worth noting that the FCA can leverage a variety of information gathering tools to better understand firms’ approaches to filing STORs including through ongoing supervision, online surveys and, where concerns arise, Skilled Person reviews may be undertaken.
To the extent they are not already, firms should be considering alerts generated by trading surveillance software against the background of any historic STORs to ensure that alerts are not considered in isolation and any emerging patterns of trading behaviours are identified promptly. In addition, the potential for conduct that gives rise to a STOR to trigger a simultaneous suspicious activity report should be considered. Periodic and sample reviews of historic STORs together with meaningful management information will help firms and senior managers responsible for surveillance arrangements to gauge the effectiveness of their systems. For more practical guidance on this subject see the guidelines recently published by the FIA in conjunction with this firm.
Enforcement action on the horizon
Some may see the current environment as an opportunity to commit market abuse, whether through trading on the basis of inside information or otherwise. Firms may have failed to adapt their systems in line with this and other risks arising from the predominantly remote working arrangements currently in place. These circumstances could prove fertile ground for enforcement given that the FCA has made it clear that it will “clamp down with all relevant force” in the event that misconduct comes to light. The fact that such risks were both foreseeable and identified by the FCA from an early stage of lockdown are likely to be aggravating factors in any enforcement action taken.
Against this background, we expect to see an uptick in investigations and enforcement actions in this area including in connection with opportunistic conduct or poor controls around inside information in the months to come, with a focus on the role of senior managers in terms of their oversight in relation to the control of inside information and surveillance arrangements.