FCA Review On 'Off-Channel Communications' – Key Takeaways

Background

In August, the FCA published the findings of its multi-firm review of wholesale banks into the use of 'off-channel communications' – business-related messages sent outside of approved systems, for example via personal email, WhatsApp or Signal. Such communications may be a breach of the FCA's record keeping rules set out in SYSC 10A and also firm policies and procedures.

The topic of off-channel communications has been a key area of focus for the SEC in the US, resulting in multiple enforcement actions so this is an area many global sponsors will be familiar with.

Who do the record keeping rules apply to and what is required?

Taking a step back, the FCA's record keeping rules apply to UK-regulated firms which undertake certain types of regulated activities (including arranging deals in investments, dealing in investments and managing investments). These rules were gold plated by the FCA when MIFID II was implemented, expanding the previous scope. As such, on the face of it the rules may apply to private fund advisers.

Whilst helpful guidance was issued by the FCA in a policy statement on MIFID II, firms should check whether their activities are subject to these rules. If the rules apply, firms need to record telephone calls and electronic communications in relation to transactions conducted because of these activities.

The FCA's findings

The review covered 11 wholesale banks and identified 178 breaches of internal communication policies in the last 12 months. 41% of those breaches involved directors or senior managers. The FCA highlighted that repeated non-compliance at senior levels raises questions about firm culture (this is particularly relevant given the FCA's focus on culture).

The FCA did, however, acknowledge progress. Policies have been broadened to address emerging technologies such as smartwatches and many firms have now issued corporate devices more widely. Surveillance systems are becoming more sophisticated with the ability to capture voice notes, emojis and attempts to move conversations to unmonitored channels. Some firms have also adopted AI tools to improve monitoring.

Nonetheless, the FCA explained that weaknesses remain. Firms continue to face challenges with third-party vendors, including inaccurate transcriptions and system outages, and there is significant variation in the quality of management information produced. The FCA reminded firms that ultimate responsibility for compliance under the rules cannot be outsourced.

Practical implications

Firms should treat the FCA's findings as a clear signal to reassess their arrangements. In particular:

• Firms should check they are in scope of the record-keeping rules. This is particularly important if a firm's investment strategy has evolved since MIFID II was implemented.
• Review and refresh policies and training so that staff understand which channels are permitted and why.
• Ensure senior leaders exemplify the expected behaviours and reinforce a culture of compliance.
• Provide convenient, approved communication tools and devices to remove barriers to adherence.
• Test surveillance systems regularly to ensure they capture modern forms of communication and hold vendors to account where service levels fall short.
• Apply consistent and proportionate consequences for breaches to reinforce accountability, including at senior levels.
• Ensure global policies can be effectively supervised from the UK and comply with UK rules.
• Ensure policies are proportionate. The FCA highlighted that breaches of firm policies may not mean a breach of the specific FCA rules. However, repeated breaches of policies could give rise to concerns (even if this doesn't constitute a breach of the FCA rule).

Khadijah Hasan, Paralegal, also contributed to this article.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.