FCA issues warning to businesses over hybrid working risks

The guidance states that companies should be careful to ensure that remote working does not affect the ability of the firm to oversee its functions, cause detriment to consumers, damage the integrity of the market, increase financial crime or reduce competition.

The expectations apply to existing firms, firms applying to be regulated and firms proposing to submit further applications such as a variation of permission or change of control.

Other advice contained in the proposals include the need for companies to have the necessary planning in place. Recommendations state that firms need to ensure they have the systems and controls, including the necessary IT functionality, to support the above factors being in place, and these systems are robust. Additionally, companies are told they should also ensure they have considered any data, cyber and security risks, particularly as staff may transport confidential material and laptops more frequently in a hybrid arrangement.

Companies are also warned to consider the full legal implications for their business of this type of arrangement and how key functions will be performed, overseen and based.

Tim Sadler, chief executive of security platform, Tessian, said: “A hybrid working model brings with it huge benefits in terms of employee wellbeing, cost saving and flexibility, but also substantial cyber risks. The FCA is right to raise awareness of the need for companies to carefully consider how they manage remote working operations to ensure they remain compliant at all times.

“As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence as well as external threats like phishing emails, ransomware attacks. Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”

Chris Ross, senior vice president at security solutions provider, Barracuda Networks, added: “With ransomware attacks on the rise, keeping companies fully aware of their regulatory responsibilities when managing remote working models is an essential step, alongside the necessary security systems and training for staff.

“Our recent research has shown that 81% of IT leaders admitted that their organisation had suffered a security breach in the last 12 months. Worryingly, companies operating a remote or hybrid working model had a substantially higher breach rate, at 85% compared to office-based businesses where the figure was 65%. It’s vital that all companies operating hybrid working models remain compliant and acutely aware of potential security risks at all times.”

In the latest issue of Credit Strategy, the chief executive of the Consumer Credit Trade Association looks at whether the FCA is up to scratch and is available to view online now.