Since the UK was first plunged into lockdown, the Financial Conduct Authority made numerous allowances for IFAs having to overhaul their way of operating, but in October it announced moves to monitor businesses looking to make these arrangements more permanent, with more guidance expected by the end of the year.
Quite rightly, the regulator put the onus on business owners to ensure every one of their advisers is compliant and able to deliver high-quality outcomes. However, the news left many across the industry suddenly realising quite how many new liabilities remote working had created for them.
Clearly there is more than one way to be compliant with the rules, and what may work for one firm might not work for another. To help anyone struggling to make sense of where their responsibilities start and end however, we explore some of the key conversations we have had with our own advisers since the start of the pandemic.
Are there any restrictions around post and advisers conducting meetings at their home address?
IFAs are well within their rights to have a different correspondence address depending on where they are actually working, but any email footers or business cards etc must still feature the company’s registered address.
Meetings at home are also perfectly acceptable, but bring a number of security considerations into play. If others are likely to be in earshot, then steps should be taken to ensure the home meeting space appropriately soundproofed and that confidential documents do not fall into the wrong hands.
Regardless of how much you trust the people you are living with, a high-quality combination safe would also be a worthy investment to protect any sensitive paperwork.
What changes do I need to make with regards to data protection?
The Information Commissioner expects each business to make their own assessments with regards to the level of security needed, so the extent to which each business implements measures is up to them.
For starters though, every business should have strict password policy in place that requires all staff to change their password at a minimum of once per quarter. All personal and shared devices should be segregated too – no member of staff should have client information on their personal phone, for example.
Implementing a clear desk policy is also a very good idea. At the end of each working day or when leaving the home workspace for a few hours, all staff should be required to clear their desks of papers and any files containing personal or business-sensitive materials.
Aside from this, every company should have their business continuity plan reviewed to ensure it is equipped to withstand the host of new risks that come with staff working remotely. Key to this should be having an action plan in place in case a member of staff is burgled or loses a work device containing sensitive files.
What insurances do I need?
Most home insurance policies cover people who work from home, but this will change if the home becomes the registered address. As such, it’s important that advisers review their policy terms closely and notify the insurance company of any changes to their circumstances as early as possible.
The main thing with having clients in your home is getting public liability insurance, to ensure you are covered in the unfortunate event of an accident taking place during their visit.
Should I adapt the way I am monitoring?
While much more difficult to achieve in a remote-working environment, the FCA will be looking for concrete evidence that companies’ monitoring is up to scratch and that owners have strong oversight on what is going on across the business, and ultimately how well clients are being served.
Recording a meeting with a client is a good idea, but this in itself not enough. While it may seem excessive, monitoring a series of sample phone calls, emails and other communications on a monthly basis would be a good step towards ensuring that they are meeting their extended responsibility to look after clients.
What responsibilities do I have to my staff?
First and foremost business owners need to make sure everyone is aware of the new risks remote working brings and what’s expected of them from a security point of view.
Aside from this, standard employment contracts do not typically allow for home working, so it may be worth reviewing existing documents to ensure they are completely clear on where you expect people to be and when.
Health and safety procedures also need to be considered. Today, this means so much more than making sure that people plug things in safely. Even if a boss is not seeing their staff every day, they still have a duty to ensure that all employees are well looked after both physically and mentally in the home workspace.
The above concerns, while among the most common, are merely the tip of the iceberg, so anyone who is unsure about their responsibilities should be seeking the advice of a compliance expert or other professional who can pinpoint any gaps their processes.
Governance is never the most joyous of tasks, but we all have a responsibility to clients to ensure our processes stand up to regulatory scrutiny.
Steven Poulton is risk and compliance director at Beaufort Group
