The Financial Conduct Authority (FCA) has issued guidance to companies operating a remote or hybrid working model.
Under the new directive, firms will be evaluated on a case-by-case basis and should be able to prove that the lack of a centralised location or remote working does not or is unlikely to affect the company’s ability to meet the threshold for the for the regulated activities it has or will have permission for.
The guidance states that companies should be careful to ensure that remote working does not affect the ability of the firm to oversee its functions, cause detriment to consumers, damage the integrity of the market, increase financial crime, or reduce competition.
Recommendations suggests firms need to ensure they have the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are robust. Additionally, companies are told they should also ensure they have considered any data, cyber and security risks, particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.
Security specialist Tim Sadler, CEO of Tessian said: “A hybrid working model brings with it huge benefits in terms of employee wellbeing, cost saving and flexibility, but also substantial cyber risks. The FCA is right to raise awareness of the need for companies to carefully consider how they manage remote working operations to ensure they remain compliant at all times. As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence as well as external threats like phishing emails, ransomware attacks. Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”
More on Hybrid Working