FCA focuses on risks associated with unmonitored communications, including the use of unencrypted apps, such as WhatsApp, for sharing potentially sensitive or confidential information when working from home.
In its most recent Newsletter Market Watch 66, the FCA sets out its expectations on firms for recording telephone conversations and electronic communications when alternative working arrangements are in place, including increased homeworking. This heralds the end to the leeway the FCA gave to firms last year when they were relocating to an alternative site or increasing home working in order to cope with the pandemic. In particular firms should comply with the recording obligations in the Senior Management Arrangements, Systems and Controls sourcebook (SYSC 10A), wherever their workers are situated.
The FCA are concerned that compliance teams and managers are less able to monitor those who are homeworking, which in turn increases the risk of the use of unmonitored or unencrypted apps, such as WhatsApp, for sharing potentially sensitive or confidential information. The FCA identifies that the use of such apps can be a significant compliance risk and that any such use for in-scope activities needs to be recorded and auditable.
The FCA reminds readers that it has “acted against individuals and firms for misconduct which involved the use of WhatsApp and other social media platforms to arrange deals and provide investment advice.”
Although not specifically referred to in the newsletter, examples of such action include in March 2017, when the FCA fined a former investment banker for breaching Statement of Principle 2 (failure to act with due skill, care and diligence) for sharing confidential information over WhatsApp. It was accepted that there was no actual or anticipated dealing related to the disclosures. Then in September 2019, a former banker at VTB who was under investigation for suspected insider dealing offences, was charged by the FCA over deleting his WhatsApp messages in 2018. He was found not guilty in September 2020 following a trial at Southwark Crown Court.
In this edition of Market Watch the FCA reminds firms that, as the technological and working environment changes, the onus is on them to review their recording policies and procedures and that this includes having robust and effective policies and procedures for homeworking arrangements. Such policies might need to cover the use of privately owned devices and the scope for effective monitoring and recording communications on them. If such a review results in the revision of policies and/or guidance on the use of technologies, there is an expectation from the FCA that this will be introduced with an appropriate level of training.