Law360, London (January 28, 2021, 5:32 PM GMT) -- The Financial Conduct Authority's recent demand that traders and bankers working from home should record their communications has put finance companies on notice that the City watchdog is investigating potential misconduct arising from the shift to remote working during the COVID-19 pandemic.
The City regulator has reminded finance companies that the increase in remote working amid the pandemic does not change their recording obligations. (iStock)
Finance businesses must ensure that employees must record their conversations on programs such as WhatsApp if they are used for regulated activities on business devices.
The warning is the latest from the FCA that lawyers believe signals a crackdown on market abuse. It would not be the first time the FCA has brought enforcement action over alleged misconduct that involved the use of WhatsApp to arrange deals and provide investment advice.
"The way the FCA issues its guidance and market updates can be cryptic sometimes. It suggests they are aware of active cases but also that the risk of misconduct has been heightened because of home working," Azizur Rahman, senior partner at Rahman Ravelli, said.
Active investigations include civil proceedings launched in May against allegedly unauthorized investment advisers. They were suspected of sending trading signals recommending whether to buy or sell currencies on foreign exchange markets at specific prices and making investment recommendations to clients via WhatsApp and other social media platforms.
The risks posed by apps such as WhatsApp are not new — the FCA handed out penalties for disclosing confidential information on WhatsApp in 2017. But Bambos Tsiattalou of Stokoe Partnership Solicitors said the FCA has clearly decided that is a risk that has radically increased in the past year.
The economic fallout from the pandemic has caused a huge amount of market volatility and economic disruption — effectively a stimulus for fraud and regulatory violations — at the same time as working from home on encrypted networks provides the opportunity.
"Clearly, the FCA is concerned that a perfect storm of market volatility, homeworking and the increasing use of encrypted networks has arrived," Tsiattalou said. "The FCA's concerns are not unreasonable. If insider trading is arranged via a WhatsApp chat on personal phones, and it is later deleted, there may be no evidence of the communication whatsoever."
That's a risk the FCA knows all too well. The watchdog has recently brought — and lost — a case accusing an investment banker of destroying WhatsApp messages he allegedly knew or suspected were relevant to its investigation of insider dealing. That probe was ultimately dropped and a jury later acquitted the banker on charges of destroying evidence.
Konstantin Vishnyak, a former banker at Russia's VTB Bank, argued in his defense that he deleted the application in a panic to hide his chats with prominent politicians and businesspeople, including chats with a Russian politician suspected of killing dissident Alexander Litvinenko.
"The case highlights the evidential importance that the FCA attaches to information contained on WhatsApp and other instant messaging applications," said Tim Harris of Cohen & Gresser LLP. "The FCA expects that if these applications contain information that they would be interested in that they must be preserved."
Harris predicts that in 2021 investigations into suspicions of regulatory or criminal corporate conduct will put chat applications at the heart of the data strategy.
Failure by a financial services provider to enforce its stated policy on the use of chat applications will expose it to the risk of violating its regulatory obligations to the FCA. And it could also breach wider legal requirements on providing material required by law enforcement, Harris said.
For instance, it could violate U.K. law if a bank became aware that a chat application was being used in breach of the rules and conduct amounting to bribery was discussed, and the lender did nothing about it. That could make it a corporate crime to fail to prevent bribery.
"A company exposes itself to significant risk if it turns a blind eye when aware that employees were using chat applications to discuss business but is unable to monitor and recover these communications," Harris said. "In the worst case, this could prevent the company from establishing it had the necessary controls in place to prevent criminal conduct carried out on the company's behalf."
The FCA said in its update that banks should continue to take "all steps" to prevent market abuse, including conducting retrospective reviews of the months since the pandemic began and ensuring that recording policies can identify calls and communications that directly relate to regulated activities.
A broad range of activities are included, such as arranging deals and dealing as principal or agent in investments. It includes managing investments, as well as managing mutual funds, alternative investment funds and establishing, operating or winding up a collective investment scheme.
"In regulated financial services industries, when it becomes the norm for people to be on encrypted networks to which their employers have no access, the risk of fraud increases," Tsiattalou said. "The merest hint of an impending IPO or an important new development, such as the approval of a new product, can amount to insider trading."
The best way for companies to do the kind of monitoring the FCA wants is for them to ban employees from using third-party apps for work purposes. But given the ubiquity of chat apps this approach would be impractical, Harris said.
Employers should consider allowing employees to download a chat application suitable for, and controlled by, the firm and clearly state what platforms can and cannot be used for business activity, he said.
Large financial services providers are launching their own WhatsApp-style systems for internal communication. They are working with external platforms to enable WhatsApp and WeChat through their own systems for contact with other institutions or clients.
"The safest approach is for firms to outlaw their use for business — but that risks driving the issue underground, given their inherent utility". Harris said. "Some companies are 'onboarding' chat applications onto their own systems, especially those firms which have an obligation to monitor and record calls and electronic communications."
But firms without their own proprietary systems can also find that privacy questions about processing personal data can create problems. How do they monitor the chats, given how the conversations are stored, and how to get them to produce them to the FCA or other authorities?
"It is near impossible to differentiate between monitoring an employee's work and private life," Rahman said. "Therefore it is very difficult to monitor devices without violating employees' right to privacy, and must in any case require the express consent of the employee or be aware through disclaimers."
From the FCA's perspective, the responsibility for having adequate systems and controls in place falls on senior managers. However, the reality of the increased risk of such app usage is that businesses are less able to effectively monitor such communications, according to Rahman.
"Firms need to make sure they are set up to ensure that no employees are induced or tempted by a situation whereby they are having to use personal devices for in-scope activities that should be recorded," Rahman said. "This means making sure all applicable employees have the adequate equipment and suitable software set up for their needs."
Lines between work and home have become blurred, and this brings the risk that employees are sharing potentially sensitive or confidential information. And bosses are less able to monitor communications effectively away from the office.
The use of such channels therefore increases the risk of misconduct and the risk that finance firms, not just individuals, could be on the wrong end of a regulatory probe.
"This is something of great concern to the FCA, as they not only are nervous about how prevalent such activity will be, but even more troubling is how near-impossible any proactive FCA investigation into such app misuse will be," Rahman said.
--Additional reporting by Lucia Osborne-Crowley. Editing by Ed Harris.
For a reprint of this article, please contact firstname.lastname@example.org.