On 11th October, 2021 the Financial Conduct Authority issued a paper outlining its expectations for firms which have adopted remote or “hybrid” working arrangements in consequence of the global pandemic.
Since Q1 2020 the UK Financial Services sector has adopted a variety of inventive solutions to ensure continued service to customers and efficient operation of the market. These solutions have supported remote working and use of technology to facilitate this.
As pandemic restrictions have gradually been relaxed the sector has increasingly moved towards a “hybrid” operating model: a mixture of working from home (“WFH”) and attendance at the office. The trend is now particularly apparent within the London Insurance and Reinsurance Market. Reflecting this trend, the regulator has issued a guideline setting out its expectations for UK firms.
Broadly, the FCA expects firms to be able to demonstrate that adoption of a remote or hybrid model does not adversely impact their management, control and oversight of their businesses and operations or cause detriment to customers. Regulated firms must also be able to prove that they have a coherent plan which addresses all usual FCA requirements and given consideration to all pertinent legal and regulatory risks.
Scope and Implementation
The FCA’s expectations apply to all regulated firms. The paper does not involve any formal Rule or Handbook changes; nor is there a formal implementation date. Nevertheless, it may be assumed that the regulator will expect appropriate action to be taken immediately.
In addition to existing regulated firms, the expectations apply to firms applying for authorisation. The FCA also explicitly states that all firms must engage with the regulator in order to ensure that material changes are notified and recorded. This may include changes to the FS Register, including changes of responsibilities (under the SMCR) and any alterations to principal business locations or addresses.
The regulator has stated that there is no exhaustive list of requirements, and firms will be evaluated on a “case-by-case” basis. The normal High Level “Open and Honest” Principle (11) continues to apply. Core expectations include – but are not limited to:-
Firms must be able to demonstrate that remote or hybrid working does not adversely affect their:
• Continuing compliance with Threshold Requirements, including provision of accurate regulatory returns and maintenance of accurate information on the Financial Services Register;
• Ability to undertake adequate oversight of all functions including any that may be outsourced;
• Duty to customers;
• Conformity with high-level statutory objectives under the Financial Services and Markets Act: market integrity; reducing the level of financial crime; maintenance of a competitive Financial Services market.
A firm must have in place
• A formal remote/hybrid working plan, approved and regularly reviewed by senior management. This includes appropriate oversight by the Board and other governing bodies.
• Plans and controls to mitigate financial crime exposure, along with an appropriate business culture which can be maintained in a remote environment.
• Appropriate systems and controls, including effective 2nd and 3rd Line of Defence functions (Risk, Compliance, Internal Audit).
• Adequate IT systems (including, but not limited to, appropriate security mechanisms covering remote working).
• A considered approach to the well-being of its staff, and an assessment of any additional operational and legal risk exposures which may arise from staff working overseas.
While many firms in the sector may already be operating in conformity with the FCA’s expectations, it is worthwhile for senior management to step back from what may have started as ad-hoc arrangements and consider the impact of remote/hybrid working on a longer-term basis. It is still early days, but what began as very short-term and temporary measures may now be the new normal; and the FCA’s expectations document is a useful framework for consideration of how businesses may operate in the future.
Conclusions and Actions
In general, the Insurance/Reinsurance sector has responded positively to the challenges posed by the global pandemic. Good managers have already ensured during the past 18 months or so that the change to home working – and going forward into hybrid arrangements – has not significantly impacted appropriate governance, controls, management and oversight of their firms.
Nevertheless, complacency should be avoided, particularly in light of regulators’ explicit focus on remote/hybrid working. It is therefore recommended that firms review from a strategic and detailed point of view their new governance, controls, management and oversight arrangements – with particular attention to their Internal Audit, Compliance or Governance teams. It is further recommended that firms include this topic within the scope of their next Board Effectiveness or Governance reviews.
If you would like to find out more about this topic or discuss any aspect of the way your firm is responding, please feel free to contact any member of the ICSR Team in complete confidence.