The Financial Conduct Authority says in new guidance for firms with remote workers that it has the power to visit residential addresses for both supervisory and enforcement visits.
The guidance has been published because the FCA believes that remote and hybrid working is likely to continue, and because of this firms can expect to be evaluated on how they can uphold their regulatory responsibilities in doing so on a case-by-case basis.
It makes the point that remote working does not remove existing responsibilities, and that the undertaking of “satisfactory” planning in allowing staff to work from home must be provable.
“It’s important any form of remote or hybrid working adopted should not risk or compromise the firm’s ability to follow all rules, regulatory standards and obligations, or lead to a failure to meet them,” the guidance says.
The regulator also explains that firms will, in some cases, have to inform it of any changes to working arrangements and that all details on the FS Register must be updated.
“We should be able to access firms’ sites, records and employees. It’s important that firms are prepared and take responsibility to ensure employees understand that the FCA has powers to visit any location where work is performed, business is carried out and employees are based (including residential addresses) for any regulatory purposes. This includes supervisory and enforcement visits,” it says.
As well as cyber risks, the guidance reveals the regulator is worried over a lack of oversight by senior employees, maintaining effective record keeping, firms being exposed to legal risks, and ‘softer’ areas, such as the mental wellbeing of staff.
Barracuda Networks senior vice president Chris Ross comments: “Our recent research has shown that 81% of IT leaders admitted that their organisation had suffered a security breach in the last 12 months.
“Worryingly, companies operating a remote or hybrid working model had a substantially higher breach rate, at 85% compared to office-based businesses where the figure was 65%.
“Worse still, three quarters of those surveyed stated that they had been the victim of at least one ransomware attack. It’s therefore vital that all companies operating hybrid working models remain compliant and acutely aware of potential security risks at all times.”
