The familiar city office environment that has been the home of the trading community has suddenly and unexpectedly shifted to staff working from home (WFH).
Aspects of traditional risk management including surveillance have been developed, built and operated around these fixed central office environments. The universal shift to working from home has challenged many of the risk management customs and practices as well as presenting challenges for IT and security.
One of the areas that has been seen as a challenge is the voice recording of traders. It has been a long-established requirement to voice record the desk and the landlines of traders. These recordings being used to resolve transaction disputes and support market abuse investigations.
Working from home has required the relocation of phone lines and the means to record the conversations. Most phone communication being no longer tied to a landline.
Typically telephone calls operate via an internet connection from a laptop and with the phone number tied to a computer login. There has also been a trend towards use of video conferencing applications where high definition camera images, email, documents, spreadsheets and PowerPoint presentations are shared. This provides a mobile and secure connection from any internet-connected location. However much of the existing trading floor call recording and surveillance is not integrated with this technology. This presents challenges with WFH.
One of the main challenges of having traders and fund managers WFH is providing a secure physical environment where conversations and documents remain strictly confidential. Many home environments will have other adults present. Maintaining the confidentiality equivalent of the office is often not possible. This would present challenges with any work where disclosure of information could present Market Abuse Insider issues or a UK criminal offence. This could be disclosure of a large order or trading position or disclosure of confidential information on debt restructuring, merger and acquisition activity or voting intent at AGMs as well as company performance, significant sales, pharmaceutical approvals or mining exploration results.
From a Risk perspective, it would be essential to maintain a register of individuals who are party to market-sensitive non-public information and review their personal situation and plan how best to manage confidentiality when working from home or outside of the security of the office.
The challenges of call recording that firms are facing is a reminder of the challenges that mobile phones place on surveillance. A smart mobile phone has voice and traditional messaging as well as internet access, email and encrypted messaging applications.
Mobile phones are used extensively for business and are used in the office environment. However, many firms do not operate adequate mobile phone recording. The regulations specifically require recording of telephone conversations. There is a specific exemption for firms that provide services solely or mainly to retail firms. However, even in these cases notes of the communication are required.
The FCA handbook SYSC 10A.1.6 states that:
A firm must take all reasonable steps to record telephone conversations, and keep a copy of electronic communication that relate to the activities in financial instruments referred to in SYSC 10A.1.1R(2) (and that are not excluded by SYSC 10A.1.4R), and that are made with sent from, or received on, equipment:
A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.
One approach to improving compliance would be to either prohibit business related communication on a mobile device or use a personal mobile device where the firm provides monitored applications for voice telephone calls, emails and messaging. The latter would be a significant step towards compliance and would simplify the task of investigating suspected market abuse cases. This could be supplemented by training and control processes that require call recording of any personal calls that are potentially business related and copies or notes of any messages retained as a matter of policy on company controlled secure storage. Smart mobile devices support user-initiated recording of phone calls and support screen capture of messaging which would facilitate this process. A policy requiring end user acceptance to exclusively only use the supplied application for all business related mobile phone communication and notify of any exceptions would ease compliance.
From compliance perspective, the challenges of key staff working from home can be eased by reviewing each individuals personal circumstances, in terms of confidentiality and communications, and putting in place technology and controls to assist in maintaining confidentiality and keeping copies of communication.
Integrating mobile technology into the existing surveillance framework would make the communication challenges of working from home or conducting business outside of the office environment significantly less of a regulatory compliance challenge and would ease the monitoring challenges of Market Abuse.