Regulatory hurdles for the UK financial sector to consider
THE Olympics Delivery Authority (ODA) predicts 20m trips by spectators during London 2012, including some 3m on the busiest day. The resulting inevitable transport chaos is prompting businesses and employees to look closely at how best to keep operating efficiently, in particular working from home. Many financial services sector staff work in Docklands and the City – right at the heart of the excitement. So just how feasible is it to work remotely while still operating in a manner compliant with the applicable FSA regulations?
Before working remotely, firms and employees need to think about a number of things from the regulatory perspective:
● Does system infrastructure already exist? It may do so because FSA systems and controls (SYSC) rules require firms to have in place business continuity plans. In some cases, this may mean firms already have systems enabling employees to work remotely – if premises are flooded, for example. But if your disaster recovery site is also in the City or Docklands that may not take you too far.
● Are systems secure? A look at FSA enforcement activity in recent times makes it immediately apparent that there have been a number of fines for data security breaches. Firms need to ensure that information is safely encrypted, that laptops are password protected and paper records are disposed of securely.
● Is personal data protected? The Information Commissioner’s Office (ICO) has teeth too – the Data Protection Act (DPA) 1998 requires that personal data is protected, including ensuring that firms have systems capable of protecting personal data from access by criminals. DPA breaches can lead to substantial fines from the ICO. Remote working will make this much harder to police.
● Is my mobile phone recorded? Firms providing or sanctioning dealing, arranging and executing activities using mobile technology need to ensure they can record calls and access records, hence many City houses’ prohibition on conducting such business on mobiles. As a general rule, those working on taped lines in the normal course of their day should expect to be remote working on taped lines.
● Are you just too risky? Many firms are unlikely to allow trading outside of office systems and controls for risk control reasons.
● Or too important? Employees performing roles in compliance, finance and operations may simply have no choice but to be in the office, since their not being there at the right time and in the right numbers may put the firm at risk of a SYSC breach.
Paul Anderson is a partner at Squire Sanders, specialising in employment law within financial services.