It wouldn’t be a financial services article if we didn’t start by telling you how much has changed over the last 18 months. What we are looking at particularly, is how firms have adapted in their physical working practices and the utilisation of working from home as a standard model of working.
Many firms and individuals have seen the benefit of this model (and no not just to be able to sign for our parcels!), but some have taken a hybrid approach with staff utilising both home and office working. There are benefits and disadvantages to any model of working, but the associated risks with this model are what the FCA have turned their attention to.
In March 2020 it wasn’t a choice for businesses, firms of all sizes had to immediately adapt their business model to allow for their staff to work from home. I’m sure we’ve all put those memories of March 2020 setting up systems to work from home deep into Room 101. But now it is a choice for firms to utilise these models and the FCA wants to ensure that the choice has been considered from all angles – prompting thoughts regarding the practicalities, and securities around working from home.
As ever, the FCA are concerned about firms causing detriment to consumers, damaging the integrity of the market and the possible increase of risk of financial crime. All of which could be seen to be heightened risks due to working from home.
So, what exactly does the FCA expect from firms?
To help combat these risks, regardless of what working environment a firm operates in (either office, home, hybrid), the FCA expects that firms should;
- Be able to meet their threshold conditions.
- Engage with the FCA where required.
- Ensure the register is correct (including place of business).
- Review any temporary arrangement plans put in place during the pandemic, and revise them should they become permanent. This should also be reviewed regularly.
- Ensure there is the appropriate governance and oversight and it has been considered how this will transpire during remote working.
- Consider their IT and data security arrangements.
- Promote the correct culture.
- Consider the effect on staff in terms of wellbeing, training and D&I.
Who does this apply to?
These new expectations apply to:
- Existing firms.
- Firms that are applying to be regulated.
- Firms proposing to submit further applications e.g. a waiver, variation of permissions, change of control etc.
What should firms be doing now?
Now is the time for firms to be reviewing their internal policies and procedures. Over the last 18 months, the FCA has essentially given firms a hall pass with their working from home expectations, but now that this model looks to stay for some firms, the FCA is going to expect policies to follow suit.
If you haven’t done so already, you need to be tightening your processes and ensuring your policies and procedures accurately reflect this. If you haven’t started already, at Apricity we think the following policies and procedures are a priority to ensure encompass the current ways of working;
- Business Continuity Plan – Does this accurately reflect your current working structure? What risks are there to those who work from home? What actions have been taken to mitigate those risks? Previously, business continuity plans haven’t been prioritised, but if a global pandemic is to teach us anything it is to plan for the unexpected. How cliché?!
- Data Security Policy – Do you have a policy in place that identifies the security steps to be taken at home in order to protect clients’ data? Is your antivirus software comprehensive? Can staff use their own laptops?
- PROD – Do you have a robust PROD in place to ensure staff are following similar advice processes?
- Training & Competency Plan – How do you intend to run the T&C scheme moving forward? How will one-to-ones or observation meetings be conducted? Can the supervisors truly assess advisers while working from home?
- Complaints Procedure – Do you have a procedure in place so if advisers were working from home? Have you considered any impact to complaint handling procedures?
- AML Procedures – How do you check clients’ ID now? Have you referenced FCA guidance on this?
- Vulnerability Procedure – Can you assess vulnerability as easily over video meetings? What if you identify a client as vulnerable, and they warrant face to face meetings?
- Specific working from home policy – If you are adopting this model, how are you mandating the conduct of staff?
There is a lot to think about when adopting a working from home or hybrid structure, and if the FCA does in fact come knocking, you need to be there to answer. You need to be comfortable you have the correct infrastructure in place to support your staff and ultimately protect client outcomes.
We are suggesting all the firms we work with review all of their current documentation and then do this on an at least annual basis. We’ve seen over the last 18 months just how fast things can move, so we recommend firms constantly consider the impact of their business models on their servicing levels.