On 11 January 2021, the FCA published Market Watch 66 in which it set out its expectations for firms on recording telephone conversations and electronic communications when alternative working arrangements are in place, including increased homeworking.
In terms of risk from reduced monitoring, the key messages in Market Watch 66 include:
- Risks from misconduct may be heightened or increased by homeworking.
- Firms will need to ensure that where unmonitored and encrypted communication applications are used for in-scope activities on business devices, they are recorded and auditable.
- The FCA has acted against individuals and firms for misconduct which involved the use of WhatsApp and other social media platforms to arrange deals and provide investment advice. This included transmitting lists of trades to copy (‘trading signals’) and making other investment recommendations to clients. The FCA views these actions as serious and have sought orders preventing such individuals from carrying out these activities in the future. The FCA expects this to remain an area of focus.
- It is important for firms to proactively review their recording policies and procedures every time in which the context and environment they operate in changes. The FCA expects firms to have a rigorous monitoring regime, commensurate to the increased risks, where in-scope activities may be conducted outside the controlled office environment.
In terms of communications that must be recorded the FCA reminds firms that:
- The recording obligations apply to conversations and communications made with, sent from, or received on, equipment provided or permitted to be used for business purposes.
- A firm to which the recording regime in SYSC 10A applies, must take reasonable steps to record telephone conversations and keep a copy of electronic communications of activities falling within scope of the recording rules. Firms must ensure that their recording policies can identify calls and communications that directly relate to the performance of in-scope activities.
In relation to what this means for firms, the FCA mentions, among other things that:
- Firms must have effective, up to date recording policies and they must be able to demonstrate to the regulator, on request, that their policies, procedures and management oversight meet the recording rules. This includes policies and procedures adopted for home working arrangements.
- These policies should identify which telephone conversations and electronic communications are subject to recording requirements. They must also contain procedures to follow where breaches or gaps have been identified.
- Where new or amended recording policies are needed, these should be clearly set out in writing, documented and signed off under appropriate governance arrangements. Any necessary additional measures should be implemented before the firm accepts or permits a new medium of communication.
- Firms should assess policies and controls for the use of privately owned devices to connect to their organisational networks and access work-related systems and potentially sensitive or confidential data, to ensure that these provide sufficient scope for effective recording. This might include ensuring clear policies banning the use of privately owned devices for in-scope activities where recording cannot be carried out by the firm. In all cases, arrangements should be clear that new communication mediums must be approved by the firms before being used by employees to conduct business activities.
- If new or amended policies are introduced, or new technologies used, the FCA expects firms to provide enhanced or refreshed training to staff covering the use of new technologies and conduct risks arising.