With remote working being the norm for so long since the start of the pandemic, many firms will have invested significant time and effort over the past few months getting ready for a return to the office – including preparing for ongoing remote and so called ‘hybrid’ working arrangements. For firms regulated by the FCA, this has included ensuring all regulatory requirements can still be met.
To add to the mix, the FCA has recently published its expectations for those firms it already regulates, those applying to be regulated and also those proposing to submit further applications, including variations of permission and changes in control. They are here (Remote or hybrid working expectations for firms | FCA) but may well change over time as the FCA understands more about how firms intend to operate.
The expectations will be applied on a case by case basis and the FCA has been very clear that what they have set out are indicative considerations and they will assess firms on a case by case basis. Whilst it may not change what you are doing as a regulated firm, it will be important to ensure that the FCA’s approach is kept under tabs and built into internal programmes.
They key considerations are:
- The FCA expects to see proper planning in place, with notification to the FCA of any material changes to firms’ operations under their Principle 11 and/or SUP 15.3 obligations.
- Firm’s risk management systems will need to be updated to reflect risks associated with new working arrangements. Control functions such as risk, compliance and internal audit will be expected to carry out their functions unaffected.
- The FCA will need to be, and remain, satisfied that remote working, or move to a non-centralised location, doesn’t affect the ability to meet threshold conditions or oversee its functions, including outsourced functions.
- The FCA needs to be able to have ongoing access to firms, records and employees. This is wherever they work including at home!
- Working arrangements must not harm consumers and market integrity, increase the risk of financial crime or reduce competition.
- Firms should consider the effect of new working arrangements on their staff, including wellbeing, training and diversity and inclusion matters.
At the heart of ensuring that these are met is governance and culture, which of course falls on Senior Managers under the SM&CR. This means demonstrating that there has been appropriate planning and that there are sufficient controls in place to manage and mitigate risk. Senior Managers under the SM&CR are specifically cited as having responsibility for the governance and oversight in place.
This goes further than carrying out risk assessments and having the right policies, IT systems and information cascades in place. Staff will need clear communications and expectations so that all on the ship are sailing to the same place and everyone is in fact onboard. Senior Managers, again, will be responsible for ensuring that the right culture exists to allow both hybrid working, commercial success and all regulatory expectations to be met.
Time will tell how the FCA approaches what its sees as a failure of expectations but it would seem pretty clear that it will be monitoring firms closely and will take robust action where it finds failures.
About the author(s)
Sushil Kuner is a London-based principal associate who advises on all aspects of financial services regulatory law, having spent eight years working within the Supervision and Enforcement Divisions of the Financial Conduct Authority (FCA).