As we enter a new year, and with the pandemic continuing new compliance guidance has been issued by the FCA (Financial Conduct Authority) to reflect the unique regulatory challenges faced by homeworking.
The pandemic has significantly effected how organisations and businesses function, with increased remote working and changes to technology, some of which may be long-term.
The FCA states that "We expect firms to continue to comply with the recording obligations in our Senior Management Arrangements, Systems and Controls sourcebook (SYSC 10A), which remain the same." meaning that even with the changes to the workplace, regulatory compliance is still expected.
Homeworking can provide increased risks to misconduct, with the use of unmonitored or encrypted communication applications such as WhatsApp there is a chance that potentially sensitive data is shared outside of the organisation. These platforms also make effective monitoring and auditing difficult.
For any organisation using apps as part of their business activities, the activity must be recorded and auditable. This includes, but is not limited to arranging deals and investments, managing investments, as well as managing a UCITS, an AIF and/or establishing, operating or winding up a collective investment scheme.
"We have acted against individuals and firms for misconduct which involved the use of WhatsApp and other social media platforms to arrange deals and provide investment advice. This included transmitting lists of trades to copy (‘trading signals’) and making other investment recommendations to clients. We view these actions as serious and have sought orders preventing such individuals from carrying out these activities in the future. We expect this to remain an area of focus."
Firms must proactively review their policies and procedures for recording every time there is a change to the environment or context of how they operate. Regardless of the size or scope of the organisation, there must be a rigorous monitoring process in place to contend with the increased risks associated with working outside of a controlled office environment.
If there is a lack of effective monitoring and recording processes there is a real risk of a loss of surveillance and monitoring capabilities which can lead to businesses facing difficulties in dispute resolution if no evidence can be produced. It is also critical that recording and monitoring are in place to help deter and detect market abuse and to facilitate enforcement.
All communications made with received, or sent on equipment provided or permitted to be used for businesses purposes must be recorded.
Any organisation operating within the scope of SYSC 10A recording regime must take all reasonable steps to record and store all electronic communications of activities falling within the recording rules. This includes telephone calls, instant messaging and web chats.
Firms must ensure that their recording policies can identify calls and communications that directly relate to the performance of in-scope activities.
Communications leading up to these activities or when there is a reasonable prospect of these activities being performed should also be identified. This may also include internal conversations depending on the circumstances.
Organisations must have effective, up to date recording and archiving policies in place. These must be demonstrable to the FCA, upon request and they must meet the recording rules. This includes policies and procedures adopted for remote working.
Policies should identify which electronic communications and telephone conversations are subject to recording requirements along with procedures to follow if breaches or gaps are identified.
When new or amended recording policies are implemented, these must be clearly defined in writing, documented and signed off under appropriate governance. Additional measures deemed necessary by the business should be implemented before the deployment of a new form of communication.
Businesses should already have a robust BYOD policy in place, but this should now include access policies and controls for the use of privately owned devices where they are connected to their organisation's networks or are used to access work-related systems and potentially confidential or sensitive data. There must be sufficient scope for effective recording on these devices.
This may be a blanket ban on the use of personal devices for business purposes where recording is not possible. Regardless of the communication medium used, recording policies must be adhered to, even in the new homeworking landscape.
TeamsLink Call Recording provides a secure, complete compliance solution for recording, archiving, retrieving, searching and monitoring multiple modes of communication across Microsoft Teams meetings, from voice calling to video conferencing, screen sharing, and chat conversations.
Secure compliance capture enables regulated organisations to confidently meet strict record-keeping, communications monitoring and reporting requirements.
|
|
|
We have partnered with Verint to provide our Call Recording. Verint is a global leader in Actionable Intelligence® solutions. Today, over 10,000 organizations in more than 180 countries, including over 80 percent of the Fortune 100 companies and government agencies worldwide, use Verint Actionable Intelligence solutions to power their customer engagement and cyber intelligence operations.
