Press enter to search, esc to close
As firms navigate out of the Covid-19 pandemic, one key operational consideration will be the approach to remote or hybrid working arrangements and whether those arrangements are made permanent. The move to hybrid and home working is a positive cultural step but one that needs to be managed carefully to mitigate associated risks. The FCA has issued new guidance setting out its expectations in respect of remote or hybrid working, in order to assist firms in their planning and in continuing to meet their regulatory responsibilities.
In this article we explore how the evolution from temporary to permanent home working arrangements is multi-faceted, requiring firms to reflect on and revisit their policies and procedures, reconsider operational resilience programmes, systems and controls and manage potential conflicts.
The suitability of firms’ remote or hybrid working arrangements will be assessed by the FCA on a case-by-case basis. As part of that assessment, firms will need to be able to prove that working arrangements do not, or are unlikely to, impact on their ability to meet regulatory obligations, or indeed the FCA’s ability to regulate the firm.
In summary, this means that a firm’s arrangements must not (amongst others) (i) prevent the FCA from receiving information about the firm; (ii) affect a firm’s ability to oversee its functions including any outsourced functions; (iii) cause detriment to consumers; (iv) damage market integrity; (v) increase the risk of financial crime; or (vi) reduce competition.
Firms are required to prove that they have undertaken satisfactory planning before making any temporary arrangements permanent, and that such plans are capable of being periodically reviewed to identify emerging risks. Relevant considerations in this regard include (amongst others):
The guidance is clear that these expectations will evolve as more is understood about how firms intend to operate. The FCA has also reminded firms that they should notify the regulator of any material changes to their working arrangements.
Access to devices and information
Firms will need to make sure they have the right to access residential property to recover firm property. However, to the extent that employees are able to use their own devices to access work systems, this exposes firms to challenges in terms of the ability to cease those devices, and extract information (particularly if saved locally) which may be needed in order to comply with regulatory obligations.
Indeed the potential use of encrypted communication applications (such as WhatsApp) for sharing sensitive information connected with work can impact a firm’s ability to effectively monitor communications (for which the FCA released a separate publication earlier in the year - https://www.fca.org.uk/publications/newsletters/market-watch-66).
Further, own device use may impact a firm’s ability to control and monitor staff use of social media or browsing sites.
Firms should therefore ensure that policies and procedures regarding the use of privately owned devices and social media are revisited and updated where necessary to mitigate such risks, and to ensure they provide sufficient scope for effective monitoring and recording.
The FCA has indicated that it has the power to visit “any location where work is performed, business is carried out and employees are based (including residential addresses)” for any regulatory purposes including supervisory and enforcement visits (which may be unannounced). It has placed the responsibility on firms to ensure that employees understand that such visits may take place if they work remotely. The implications associated with this responsibility are wide reaching, and will require firms to consider current working from home policies and contracts of employment with a view to determining approach to the following issues:
If an employee’s refusal to permit entry would be classed as a failure to cooperate and a disciplinary matter. The FCA’s guidance is silent as to whether refusal would be regarded by it as a failure to cooperate on the part of the individual, the firm or both. However, the fact that the guidance places responsibility on firms to ensure that employees understand these visits could occur signals that the FCA expects firms to take steps to ensure employees do comply.
A firm’s approach to hybrid/ remote working will need to be factored into its wider operational resilience programme. It will be necessary to conduct a mapping exercise to identify employees who are essential to deliver important business services, including those who may be involved in scenario testing, and consider whether remote working is feasible for those individuals in terms of risk and business continuity.
If it is necessary for a firm to adopt different working arrangements for different categories of employees, this may create a tension which the firm will need to manage.
As alluded to by the FCA guidance, there is a risk that remote working may actually facilitate misconduct by employees.
Staff being ‘out of sight, out of mind’ on a more permanent basis may present challenges around effectively monitoring actions and performance. Any disconnect between managers and employees could have an impact on behaviours. Indeed, rogue employees may see remote arrangements as an opportunity to commit misconduct while going undetected.
These matters will need to be carefully considered, with appropriate mitigation strategies put in place. This may include introducing new processes and controls and updating existing policies.
The pandemic has demonstrated that there can be potential cultural benefits to remote working including wellbeing, productivity and connection. However, in the long term there is more chance it may result in isolation and a lack of oversight.
The FCA has previously expressed the view that firms need to strike a balance moving forward which works for both employees and the firm (A regulatory perspective: measuring and assessing culture, now and in the future, the role of purpose and the importance of D&I | FCA). This will be a challenging issue for firms to navigate given differing and evolving views and needs. The FCA views this balancing act as key to ensuring the psychological safety of employees, which in turn contributes to a healthy and sustainable culture.
Firms should therefore ensure that they have in place a range of tools (i) for staff to raise views and make contributions; and (b) to measure and monitor culture, which should be supported by appropriate governance and oversight.
It is clear that the FCA will be monitoring how firms intend to operate in the long term over the upcoming months and any associated risks. Firms should therefore ensure that any planning decisions made are balanced and justifiable, taking into account the competing interests of the regulators, the firm and its employees, with appropriate risk management systems and controls employed.
If you want to discuss any of the issues raised in this article please contact Chantal Peters on the details below.
Authors: Chantal Peters and Ibrahim Patel
This publication is intended for general guidance and represents our understanding of the relevant law and practice as at November 2021. Specific advice should be sought for specific cases. For more information see our terms & conditions.
24 November 2021