In this second article on the FCA’s culture requirements, we look at the fall out from the pandemic, culture risk factors in light of the increase in hybrid working, and practical actions financial services firms can take to protect workplace culture.
The first article in the series here analysed recent developments in the FCA’s approach to culture within the financial services industry.
Have culture requirements changed during the pandemic?
In short, no. The FCA has been quick to point out the necessity of maintaining a healthy culture within firms, despite the practical issues posed by employees working from home. Firms are still expected to keep the aims and principles of the Senior Managers & Certification Regime (as referenced in article one) and the minimum behavioural standards in the Conduct Rules front of mind when devising and rolling out any new working arrangements.
In October 2020, the FCA’s Director of Market Oversight, Julia Hoggett, gave a speech where she identified potential risks and reiterated the clear message that has prevailed throughout the various UK lockdowns:
“Our expectation is that going forward, office and working from home arrangements should be equivalent.
“We expect firms to have updated their policies, refreshed their training and put in place rigorous oversight reflecting the new environment – particularly regarding the risk of use of privately-owned devices.”
Therefore, the fact that new hybrid working practices will involve senior managers and employees working from split office/home locations, does not change the underlying need to promote and develop the healthy culture that the FCA envisages and expects.
Personal responsibility remains a key factor in this regard, as the 2019/20 Report has flagged. Senior managers working from home are still expected to take personal responsibility for identifying where any harm may arise within the business.
Similarly, all necessary preventative action will also still need to be taken. Practically, this might include liaising closely with HR and compliance teams to improve reporting lines and conduct remote performance management, particularly if recurring performance errors are identified for example.
The risk factors from hybrid working
The risks that may arise from hybrid working clearly have the potential to derail a positive culture and must be seriously considered. The FCA is alert to this and has expressed concern about how well the Conduct rules will continue to influence positive behaviours where the close supervision that an office environment facilitates is missing. We highlight several potential issues:
A lack of direct face-to-face supervision can easily give rise to feelings of reduced accountability in some employees and may over time result in increased risk-taking. This can occur where employees feel insecure about their job and/or believe that they can achieve the same results by cutting some corners along the way.
Employees who are well aware of their regulatory obligations and attuned to conduct requirements may simply feel disconnected from colleagues if the usual office communication channels are no longer available.
Sticking their head round the office door has been replaced with the need to schedule a virtual call/meeting just to run something quickly past a colleague. Unfortunately, this means that the usual informal checks and balances can fall by the wayside and lead to increased conduct risk. Similarly, relaxed conversations with family and friends in the home environment may stray into dangerous insider information territory if an employee feels less alert to the regulatory risks.
Alongside the HR minefield that changing working patterns can create, the necessity of avoiding a two-tier workforce is an important consideration. Any sign of an “out of sight, out of mind” approach from managers should be nipped in the bud at the earliest opportunity. Pro-active and regular engagement with their entire team should be actively encouraged, no matter where their workplace is located.
It remains important to treat the workforce holistically when it comes to firm-wide policies, rather than allow a “them and us” culture to perpetuate when it comes to homeworking. Aside from the conduct risk associated with employees who fall through the net when it comes to appropriate supervision, any perceived disadvantage associated with homeworkers (such as work allocation, decision-making ability, or reduced remuneration) can give rise to the risk of employment claims.
Homeworking may often be favoured by employees with protected characteristics under the Equality Act 2010 (such as women, disabled or older employees), therefore discrimination risk is also a relevant business factor to be aware of.
It goes without saying that a two-tier workforce could quickly lead to cultural fragmentation. While some fragmentation may not always be a bad thing (for example, if it successfully eliminates negative employee behaviour), it remains important to bolster positive behaviour, such as a “speak-up” culture and collegiate approach to compliance awareness.
The risk of employees using personal phones and laptops to conduct regulated activities at home will remain high as hybrid working continues. It is impossible to understand the extent of collusion between homeworking colleagues over Whatsapp, or whether screenshots are being taken of confidential business information.
Any breach of confidentiality and non-financial misconduct leading to a breach of the Conduct Rules could also be inadvertent, or clumsy. An example might be where an employee forwards internal confidential paperwork to a personal email address to allow them to work on it at home.
Monitoring employee behaviour and performance at home is a big challenge for regulated employers and it can be a legally complex issue, given the UK’s data protection regime and employee expectations of privacy at home and to some extent, also in the office.
PwC introduced facial recognition software to employee laptops in 2020 to address its perceived FCA supervisory obligations in this regard but faced public criticism as a result. The myriad of sophisticated monitoring options available to FCA regulated firms can certainly assist with minimising conduct risk, but we would recommend bespoke advice before rolling-out more intrusive technology.
Practical action points to protect culture
As new hybrid working policies bed down for the long-term, HR and senior management teams should keep FCA cultural requirements front of mind. Practical employee relations action points to bolster existing cultural progress might include the following:
While FCA enforcement action against individual employees is not necessarily a given (to date, this has only occurred in a handful of cases), there is a clear expectation that firms will use internal processes to call-out offending employees and given that Conduct Rule breaches must be recorded on a Regulatory reference, the industry is essentially policing itself.
If you have any questions about these issues in relation to your own organisation, please contact a member of the team or speak with your usual Fox Williams contact.
You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications.