Emma RadmoreThe FCA has carried out a review on how firms approach communications that take place outside of monitored and recorded channels. It carried out the review specifically with wholesale banks and other firms within scope of SYSC 10A in mind. SYSC 10A requires that all communications in relation to activities within its scope are auditable, and this includes conversations that lead to the activities. It also requires firms to take reasonable steps to prevent employees from using unrecorded channels.
The FCA carried out work using breach data it had been given in relation to 11 wholesale banks. It asked for policy enhancements and the MI they use to test compliance, but did not collect any staff personal devices to check content. It is concerned that, although SYSC 10A covers only certain investment activities, there may still be a need for supervisory intervention if employees, particularly senior ones, repeatedly breach internal protocols.
The FCA found that firms had made significant improvements in their policies and procedures. They were also making increasing use of third parties to help with their recordings – but the FCA reminds firms they will remain responsible. It also found that MI varied from firm to firm.
Of the breaches disclosed, 131 of the 178 breaches came from 3 firms, while 3 firms reported no breaches. 41% of breaches involved staff at director grade or above.
As follow up, the FCA wants firms to consider questions such as:
- do employees clearly understand policies and are these supported by senior management?
- are there any unreasonable barriers that prevent staff from following the policy framework effectively? and
- do accountable senior executives and management both receive appropriate MI to assess compliance and take appropriate prompt corrective action when they see patterns of non-compliance?