FCA outlines expectations to hybrid working businesses

The Financial Conduct Authority (FCA) has issued new guidance to companies operating a remote or hybrid working model, and has announced that it will evaluate firms considering remote or hybrid working on a case-by-case basis.

The guidance states that companies should be careful to ensure that remote working does not affect the ability of the firm to oversee its functions, cause detriment to consumers, damage the integrity of the market, increase financial crime or reduce competition.

The organisation stipulates that companies must also prove that they have the necessary planning in place to verify that any adopted form of remote or hybrid working should not risk or compromise the firm's ability to follow all rules, regulatory standards and obligations.

This includes making sure that firms have the necessary systems and controls implemented (including IT functionality); considered any data, cyber and security risks; and ensured all control functions, such as risk, compliance and internal audit, can carry out unaffected — for example, when listening to client calls or reviewing files.

The guidance states that any firm that intends to make any material changes to how it operates may need to notify the FCA first.

The full list of expectations can be found here.

Responding to the guidance, Sridhar Iyengar, managing director at Zoho Europe, said: “The FCA is right to warn financial services firms about the risks associated with hybrid working, particularly around challenges such as regulatory requirements, data compliance and accountability. 

“The Covid-19 pandemic has forced through many positive changes in terms of working practices, yet far too many companies still lack the training and assessment of personnel and the IT infrastructure and systems to ensure complete compliance.

“Moving forward, organisations seeking to build a truly safe and secure hybrid working culture must look towards operating systems that can offer key applications to manage everything from collaboration and finance, to analytics and customer engagement. 

“This will bring a new level of safety and security to remote working, helping to keep companies compliant in line with FCA standards.”

Tim Sadler, CEO at Tessian, added: “A hybrid working model brings with it huge benefits in terms of employee wellbeing, cost saving and flexibility, but also substantial cyber risks. 

“The FCA is right to raise awareness of the need for companies to carefully consider how they manage remote working operations to ensure they remain compliant at all times. 

“As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence, as well as external threats like phishing emails and ransomware attacks.

“Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”

Leave a comment