Market participants are urging firms to continue to comply with the FCA’s Senior Managers and Certification Regime (SMCR) whilst switching to remote working, particularly as reduced monitoring from the regulator could cause further risks of misconduct.
The SMCR – which aims to hold individuals within regulated firms accountable for their conduct and competence – is bound to be affected by remote working habits. The increasing usage of applications such as Whatsapp, for instance, are more difficult to monitor, according to the regulator.
“When you get to remote working, you get to this stage where a key portion of the compliance arsenal breaks down because not everybody will be relying on landlines,” says James Kaufman, partner at Howard Kennedy.
In October, the FCA’s director of market oversight Julia Hoggett highlighted the rising risk of market abuse caused by firms working remotely, reiterating the regulator’s expectation for new working arrangements to remain equal as misconduct will not be tolerated.
The FCA stressed its ambition to provide support for market participants in “keeping markets clean” and “identifying the risks associated with the new environment.”
Brenton Pollard, managing associate in the financial regulations group at Linklaters, says the new working environment has generated risks and compliance challenges with regards to the supervision of employees and detection of misconduct.
“What may have been easier to detect in an office environment may now go unnoticed in the absence of adequate controls,” he said, via email. “For example, the risks associated with misuse of price-sensitive information is more acute in a home-working environment where individuals can readily access personal devices and take personal calls than it would be in the office environment.”
Supervision will also become more difficult as processes are implemented and monitored, says Evan Wright, partner in JMW’s business crime & regulation team.
“Remote workers are doing things that firms just aren’t monitoring. There’s a lack of supervision and a lack of understanding as to how compliance is with remote workers.
“We’re also likely going to see more GDPR and data protection breaches as well because not all firms are geared up for remote working in the same way.”
Above all, Wright says failure to comply with SMCR is due to the lack of support provided to remote workers by firms. Staff training is therefore paramount for firms to adapt, according to Pollard.
“In this new way of working it is important that firms continue to communicate clearly with staff on what is expected of them and consider how existing controls may need to be adjusted to reflect the new risks arising from working from home,” he said.
“Training and tone from the top are key in this regard. Appropriate messaging from senior staff about the challenges faced by working from home and the importance of adhering to the firm’s policies and values even in a remote environment is critical to set clear expectations.”
But while responsibility lies with firms to adapt, Wright believes the FCA must also be more collaborative and less confrontational to encourage good conduct.
“Firms and industries know their job, but firms are less willing to go to the FCA and say, ‘we’ve got issues,’ because they fear the FCA will enforce rather than collaborate.”
If firms adopt the remote working environment in the long-term, the regulator will need to amend its regime, including rules for phone recording, according to Kaufman.
“If it were to remain, people will be working from home partly as a way to get around the rules, or people will be discouraged from working from home because they wouldn’t have the opportunity to be recording calls,” he warns.
“I don’t view SMCR as a series of rules that the firm will breach, I view it more as the framework that the firm has to operate within, it’s almost like SMCR represents new reality.”