The regulator will be evaluating firms on a case by case basis
The FCA has issued new guidance for businesses operating a remote or hybrid working model, where employees split their working time between a central office and their home.
The guidance warned that companies should be careful to ensure that remote working does not:
- Affect the firm’s ability to oversee its functions.
- Cause detriment to consumers.
- Damage the integrity of the market.
- Increase the risk of financial crime or reduce competition.
The guidance applies to all existing financial firms - including insurance businesses - firms applying to be regulated and those proposing to submit further applications, such as a waiver, variation of permission or change of control.
The FCA said these expectations will evolve as more is understood about how firms intend to operate.
However, firms will be evaluated by the FCA on a case by case basis and will have to prove that the lack of a centralised location or a remote working model does not, or is unlikely to affect the company’s ability to meet the threshold for the regulated activities it has, or will have permission for.
The guidance also flags the need for companies to have the necessary planning in place to properly utilise a remote or hybrid working model. For example, firms need to ensure they have robust systems and controls, such as the necessary IT functionality.
Businesses must also consider the full legal implications of hybrid working arrangements, how key functions will be performed and overseen, how to access records or systems - whether physical or digital - and what security is needed for these tasks.
In addition, companies must also ensure they have analysed any data, cyber and security risks, particularly as staff may transport confidential material and laptops more frequently when using a hybrid working arrangement.
Chris Ross, cyber expert and senior vice-president, international at IT security firm Barracuda Networks, said, “Hybrid working brings with it many security challenges, particularly for firms operating within the financial services sector, so this guidance from the FCA is a welcome step for helping businesses reduce risk.
”With ransomware attacks on the rise, keeping companies fully aware of their regulatory responsibilities when managing remote working models is an essential step, alongside the necessary security systems and training for staff.”
Barracuda Networks’ recent research found that companies operating a remote or hybrid working model had a substantially higher breach rate (85%) compared to office-based businesses (65%).
“It’s therefore vital that all companies operating hybrid working models remain compliant and acutely aware of potential security risks at all times,” Ross added.