The Financial Conduct Authority (FCA) has issued new guidance to businesses operating remote or hybrid working models.
According to the FCA, the new directive underlines that companies will be evaluated by the organisation on a case-by-case basis, with the firms required to be able to prove that the lack of a centralised location or remote working does not or is unlikely to affect its ability to meet the threshold for the regulated activities it has or will have permission for.
The guidance details that businesses should be careful to make sure that remote working doesn’t hinder the ability of the company to oversee its functions, cause detriment to consumers, damage market integrity and increase financial crime or reduce competition.
Further advice in the proposals highlights a need for companies to ensure they have necessary planning in place. This involves recommendation to ensure that businesses have the systems and controls, including the necessary IT functionality to support the above factors being in place, as well as making sure these systems are robust. Firms should also make sure they have considered any cyber, data and security risks, particularly as staff may move confidential material and laptops more commonly in a hybrid working arrangement.
Finally, companies should also consider the complete legal dangers for themselves in this type of working model and how key functions will be performed, based and overseen. They are also advised to manage systems and controls effectively, including digital capabilities such as the ability to access records and systems.
Zoho Europe managing director Sridhar Iyengar said, “The FCA is right to warn financial services firms about the risks associated with hybrid working, particularly around challenges such as regulatory requirements, data compliance and accountability. The Covid-19 pandemic has forced through many positive changes in terms of working practices, yet far too many companies still lack the training & assessment of personnel and the IT infrastructure and systems to ensure complete compliance.
“Moving forward, organisations seeking to build a truly safe and secure hybrid working culture must look towards operating systems that can offer key applications to manage everything from collaboration and finance, to analytics and customer engagement. This will bring a new level of safety and security to remote working, helping to keep companies compliant in line with FCA standards.”
Barracuda Networks SVP of International Chris Ross added, “Hybrid working brings with it many security challenges, particularly for firms operating within the financial services sector, so this guidance from the FCA is a welcome step for helping businesses reduce risk. With ransomware attacks on the rise, keeping companies fully aware of their regulatory responsibilities when managing remote working models is an essential step, alongside the necessary security systems and training for staff.
“Our recent research has shown that 81% of IT leaders admitted that their organisation had suffered a security breach in the last 12 months. Worryingly, companies operating a remote or hybrid working model had a substantially higher breach rate, at 85% compared to office-based businesses where the figure was 65%. Worse still, three quarters of those surveyed stated that they had been the victim of at least one ransomware attack. It’s therefore vital that all companies operating hybrid working models remain compliant and acutely aware of potential security risks at all times.”
A recent survey by Entrust has found that while hybrid working is popular with employees and leaders alike, the security concerns around the model are high with business leaders.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst