Before working remotely, firms and employees need to think about a number of things from the regulatory perspective:
● Does system infrastructure already exist? It may do so because FSA systems and controls (SYSC) rules require firms to have in place business continuity plans. In some cases, this may mean firms already have systems enabling employees to work remotely – if premises are flooded, for example. But if your disaster recovery site is also in the City or Docklands that may not take you too far.
● Are systems secure? A look at FSA enforcement activity in recent times makes it immediately apparent that there have been a number of fines for data security breaches. Firms need to ensure that information is safely encrypted, that laptops are password protected and paper records are disposed of securely.
● Is personal data protected? The Information Commissioner’s Office (ICO) has teeth too – the Data Protection Act (DPA) 1998 requires that personal data is protected, including ensuring that firms have systems capable of protecting personal data from access by criminals. DPA breaches can lead to substantial fines from the ICO. Remote working will make this much harder to police.
● Is my mobile phone recorded? Firms providing or sanctioning dealing, arranging and executing activities using mobile technology need to ensure they can record calls and access records, hence many City houses’ prohibition on conducting such business on mobiles. As a general rule, those working on taped lines in the normal course of their day should expect to be remote working on taped lines.
● Are you just too risky? Many firms are unlikely to allow trading outside of office systems and controls for risk control reasons.
● Or too important? Employees performing roles in compliance, finance and operations may simply have no choice but to be in the office, since their not being there at the right time and in the right numbers may put the firm at risk of a SYSC breach.
Paul Anderson is a partner at Squire Sanders, specialising in employment law within financial services.