FCA warns advisers of using encrypted messaging applications due to increased potential for misconduct in post-pandemic home working.  

The Financial Conduct Authority (FCA), in the context of increased remote working since the pandemic, has raised concerns around “heightened risks from misconduct” arising from improper use of encrypted or unmonitored messaging applications such as WhatsApp, Signal and Telegram.

As regulator for financial services and markets in the UK, the FCA can, as part of its supervisory role, review all communications relating to in-scope activities at regulated firms, including messages on encrypted apps on both business and sometimes personal devices.

As a result of hybrid working, more regulated work has been taking place outside of a controlled office environment. The effect of this is firms can then lose track of – or may be completely unaware of – advice and communications that are transmitted on encrypted messaging apps, meaning the company has insufficient oversight over certain activities and are unable to deliver up to the FCA communications they ask to review. This could ultimately lead to regulatory breaches and associated penalties for the firm and the individual(s) involved.

Lack of oversight over communications can also mean that firms are unable to monitor potential cases of consumer exploitation, insider trading and data breaches, alongside other serious threats to market stability and fair trading. The inability to monitor these areas effectively can mean that firms are unable to prevent breaches and that the consequences may be more severe if they do occur.

An article in City AM pointed out that another issue faced by firms is the blurring of boundaries in relationships between their employees and firm clients. What starts out as an amicable discussion on an encrypted or unmonitored messaging app between (for example) a trader and a client can quickly stray into professional discourse which should be recorded, but instead goes unnoticed by employers. As the FCA highlighted, the risk of this happening has risen significantly because of home working and a lack of general, company-wide supervision and understanding around professional communications within financial services.

US regulators have already issued substantial fines to two major investment banks over the improper use of encrypted or unmonitored messaging apps and by failing to adhere to recording obligations. The FCA warns that companies should have effective controls and oversight in place to ensure that recording obligations are met and similar penalties avoided.

Regulated companies should review their communications and recording policies, handbooks and training, particularly in relation to encrypted communications apps. A review of communications training and social networking policies is also advised, as well as providing refresher training to staff – particularly those who frequently work outside of an office environment – on the importance of keeping track of all in-scope communications and using only company approved platforms. Firms should consider their use of technology and media and conduct a full risk assessment of all corresponding obligations.

For assistance in reviewing and updating communication and social media policies, as well as company technology policies, please do contact us. We are also able to review the potential risks arising from recording obligations and assess your firm’s exposure to in-scope communications going untracked. Please do not hesitate to contact us for further information or a discussion on the above. 

Content from the Deloitte Legal blog can now be sent direct to your inbox. Choose the topic and frequency by subscribing here.