FCA to crack down on remote-work ‘breaches’

man working from home

The FCA has warned finance companies whose staff work remotely that they have to be able to prove they are able to do so securely.

It says it is even prepared to make sport checks to ensure firms can prove that the lack of a centralised location won’t affect their ability to meet regulation thresholds. 

Companies should ensure that remote working does not affect their ability to oversee its functions, adversely affect consumers, increase financial crime or reduce competition. 

It also warns of the need for companies to have robust IT safeguards, such as security for laptops used away from the office.  

“Firms considering remote or hybrid working will be evaluated by us on a case-by-case basis,” the FCA said in a statement, adding:

“It’s important that firms are prepared and take responsibility to ensure employees understand that the FCA has powers to visit any location where work is performed, business is carried out and employees are based, including residential addresses, for any regulatory purposes. This includes supervisory and enforcement visits.” 

Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach

Sridhar Lyengar, Managing Director, of Zoho Europe, felt the FCA was right to warn financial services firms about the risks. While the pandemic has forced through many positive changes in working practices, “far too many companies still lack the training and assessment of personnel and the IT infrastructure and systems to ensure complete compliance”.

He added: “Moving forward, organisations seeking to build a truly safe and secure hybrid working culture must look towards operating systems that can offer key applications to manage everything from collaboration and finance, to analytics and customer engagement. This will bring a new level of safety and security to remote working, helping to keep companies compliant.”

Security specialist Tim Sadler, CEO of Tessian said, “A hybrid working model brings with it huge benefits in terms of employee wellbeing, cost saving and flexibility, but also substantial cyber risks.

“As well as ensuring the right security systems are in place, it’s essential that staff are fully trained about the risks posed in terms of data security around incorrectly addressed email correspondence as well as external threats like phishing emails, ransomware attacks.

“Financial services organisations manage valuable and critical data, and it’s so important that they do not allow flexible working practices to put them at risk of a breach.”

Cyber expert Chris Ross, SVP International at Barracuda Networks said: “With ransomware attacks on the rise, keeping companies fully aware of their regulatory responsibilities when managing remote working models is an essential step, alongside the necessary security systems and training for staff.

“Our recent research has shown that 81 per cent of IT leaders admitted that their organisation had suffered a security breach in the last 12 months. Worryingly, companies operating a remote or hybrid working model had a substantially higher breach rate, at 85 per cent compared to office-based businesses where the figure was 65 per cent.”