Susannah Hammond, Chartered FCSI, senior regulatory intelligence expert at digital communications governance solution provider Theta Lake, outlines the FCA’s expectations of firms regarding communications with clients
Communication and collaboration tools are now inherent in the modern, hybrid workplace. Despite the productivity and efficiencies of these tools, they are not without their challenges, particularly when it comes to the unauthorised use of personal devices.
UK financial regulators remain focused on all aspects of record-keeping and require financial services firms to capture, retain and be able to retrieve all relevant records. These requirements increasingly mean that communications must be expressly identified and included in a firm’s suite of systems and controls, policies and procedures.
Enforcement actions
The regulatory focus extends to enforcement action, with the associated lessons for firms. In April 2023, the Prudential Regulation Authority (PRA) censured Wyelands Bank for wide-ranging significant regulatory failings between December 2016 and May 2020, which spanned breaches relating to large exposure limits, capital reporting, governance and risk controls and the PRA’s own initiative requirements (OIREQs) and, for the first time, failure to capture and retain WhatsApp messages. The seriousness of the breaches justified a fine of £8,515,000. However, since the bank is in wind-down, the PRA imposed a public censure as a warning shot to the industry more broadly.
The PRA enforcement action clearly states that all firms need comprehensive record-keeping to capture and enable complete context retrieval of all electronic communications. Among the other concerns, the PRA made a robust point that the bank had failed to implement effective document retention and record-keeping policies or procedures for its business that took into account technological advances such as those relating to instant messaging platforms (e.g. WhatsApp).
