With work-from-home becoming the preferred mode of working in banks and other financial institutions post the Covid-19 pandemic, FCA warns banks on the importance of providing the same standard of surveillance of staffs who are working-from-home as they would in an office environment.
Julia Hoggett, Director of Market Oversight at the FCA observed at the City Financial Global Event that though it was difficult to follow usual levels of recording and surveillance early during the pandemic, firms should now have overcome the challenges. Now banks must make sure that they follow call recording FCA protocols and record SMS messages, monitor phone calls as well as archive WhatsApp communication.
FCA expects banks would make sure that both the work-from-home environment and office environment would be equivalent in terms of recording and surveillance. It further says that it expects banks to have “updated their policies, refreshed their training and put in place rigorous oversight reflecting the new environment – particularly regarding the risk of use of privately owned devices.”
Julia Hoggett said that the FCA believes that working from home would provide new challenges to the financial industry. Keeping appropriate physical distance to maintain information barriers could be challenging during working from home. Inside information needs to be kept from partners and flatmates.
Less self-policing is another risk FCA has identified in the present scenario where most of the employees of financial firms are working from home. For example, in a pre-crisis situation, when a front office employee observes or overhears something questionable involving a colleague nearby, the activity would be reported to the compliance team. But working from home diminishes or eliminates such type of first-line control.
At the same time, FCA also believes that the new policies should prevent the use of privately owned devices for relevant activities when it is impossible to follow call recording FCA protocols and record SMS messages, monitor phone calls or archive WhatsApp messages.
FCA has also categorically mentioned that new communication mechanisms that are used to archive WhatsApp communications, record SMS messages and monitor phone calls must have controls in place wherever required and their use for complying to call recording FCA protocols must be approved by firm management.
FCA’s market guidance
FCA has said that it will continue to make use of its range of powers in monitoring, making inquiries investigating and if necessary, take enforcement action if firms don’t strictly follow call recording FCA regulations.
Call recording MIFID standards require you to record all calls that may result in a transaction, notify your customers that their calls are being recorded and keep in safe custody the records for a minimum of 5 years. It is also required, as per call recording MIFID standards to reproduce quickly all communications leading to a particular transaction or a time period.
FCA compliance guidelines for WhatsApp also require all UK financial firms with employee mobile BYOD policies to record such devices. As per MiFID II standards for WhatsApp, financial firms have to capture and securely archive all communications. In this regard, FCA notes that monitoring systems of the firms must be “adequately and appropriately calibrated” to face the heightened risk arising out of the new situation of increasing work-from-home and employees using personal WhatsApp for their business transaction activities.
Complying with MiFID II standards for WhatsApp in the present work-from-home situation would be challenging for financial firms. On the basis of FCA compliance guidelines for WhatsApp, experts believe that FCA will ask firms to provide information within a time frame, which could be a challenge to firms with inadequate surveillance systems.
Clients expect their financial advisers to communicate with them using different ways, including instant messaging apps like WhatsApp and WeChat. Such communication will get renewed significance during this work-from-home situation. FCA compliance guidelines for WeChat becomes critical in such an environment, so that you may prevent data breaches that could be detrimental to your business.
Financial firms with BYOD policies must make sure that they capture and retain WhatsApp and WeChat communications to comply with the FCA compliance guidelines for WeChat. FCA’s warning to banks and other financial institutions on providing the same standard of surveillance of staffs who are working from their homes as in the office environment provides a bigger challenge to firms vis-à-vis FCA compliance guidelines for WeChat.
Fines and warnings from FCA
FCA uses regulatory tools like financial penalties, suspensions, restrictions, conditions, limitations, public censures and disciplinary prohibitions.
FCA’s power for imposing sanctions include
(1) It may publish a statement
(2) It may impose a financial penalty
(3) It may impose a suspension, limitation or other restriction
(4) It may impose a suspension, condition or limitation on an approved person under section 66 of the Act
(5) It may impose a disciplinary prohibition on an individual under section 123A of the Act
TeleMessage captures and retains mobile content, including mobile SMS messages, voice calls, and WeChat conversations from corporate or BYOD mobile phones to ensure compliance with various data protection regulations. The messages are securely and reliably retained within TeleMessage servers or forwarded to your choice archiving data storage vendor.
Our mobile archiving products securely record content from mobile carriers and mobile devices for various ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving solutions, you can always find the right tools or blend for your requirements:
TeleMessage offers cross-carrier and international mobile text & calls archiving for corporate and BYOD phones. Visit our website at www.telemessage.com to learn more about our mobile archiving products.