Insight

Home Office Inspections and Permissions Accuracy: What Firms Should Know About the Latest FCA News

The Financial Conduct Authority (FCA) recently released two statements that should have regulated financial services firms in the UK paying attention.

In October, the FCA released a briefing note to set expectations that it may start inspecting home offices. Special attention is being paid to hybrid and remote working environments now that it’s clear these will persist past the pandemic. The FCA reminded firms that it has “powers to visit any location where work is performed, business is carried out and employees are based (including residential addresses) for any regulatory purposes. This includes supervisory and enforcement visits.”

Here’s what you need to know about the FCA’s expectations for remote or hybrid systems and controls.

Firms should be able to prove that remote office work does not (or is unlikely to):

  • Affect their ability to meet threshold conditions for the regulated activities they have permission for
  • Prevent the FCA from receiving information about the firm
  • Reduce the accuracy of the Financial Services Register (for example, if consumers cannot contact the firm at the address shown on the FS Register)
  • Affect the ability of the firm to oversee its functions (including any that are outsourced)
  • Cause detriment to consumers
  • Damage the integrity of the market
  • Increase the risk of financial crime
  • Reduce competition

Firms must also show that they’ve put thought and planning into how they will manage remote or hybrid work. Requirements stipulate that firms must:

  • Review and implement a plan before any temporary arrangements are made permanent, and examine that plan periodically to identify new risks
  • Enact appropriate governance and oversight by senior managers under the Senior Managers Regime, and maintain that level of governance in remote or hybrid working conditions
  • Provide a path to cascade policies and procedures that reduce the potential for financial crime under the new working arrangements
  • Maintain an “appropriate culture”
  • Allow control functions like risk, compliance and internal audit to carry on their work unaffected
  • Implement a robust set of systems and controls, including any IT functionality necessary, to support the above efforts

The list above is not exhaustive, so firms should review FCA documentation directly for any additional requirements. But the important point is this: any new ways of working that remove data security and established compliance protocols from a physical office should never compromise a firm’s ability to follow regulatory standards.

Put simply: “WFH” should not impact your ability to maintain a robust compliance programme.

This should come as no surprise, as the FCA is continuing its emphasis on understanding the activities of regulated firms. An area of particular interest this autumn is how firms generate revenue, and whether they use the permissions they’ve been granted by the FCA.

On 9 September 2021, the FCA published a Consultation Paper highlighting changes to the Handbook and Enforcement Guide. New powers granted to the FCA under the 2021 Financial Services Act allow them to move more quickly to cancel statutory permissions held by firms who conduct FCA-regulated activities. If a firm isn’t conducting the regulated activities they have permission for, and if they don’t reflect their true activities on the Register, the FCA can issue a notice. The firm must respond to that warning within 14 days.

The FCA’s primary objective is to correct any misleading permissions on the Register that might imply a higher level of protection to customers than a firm truly offers. Firms must confirm each year that their information on the FS Register is correct.

With this added attention from the FCA comes the necessity for firms to cancel any unused regulatory permissions promptly, and to add permissions they require as their firm expands in scope. The FCA can now make faster and more effective decisions about regulatory violations in the new environment, and firms with permissions that have gone unused for 12 months or more risk having them cancelled.

Wondering where your firm stands in the new landscape of remote or hybrid regulatory compliance? We can help. Contact IQ-EQ today.