Hybrid working in financial services Hybrid working in financial services Hybrid working in financial services

Regulatory guidance and good practice are emerging to help inform financial services firms that are adopting hybrid working.

At the onset of the pandemic and wide-ranging lockdown measures, financial services firms had to adapt very quickly to large-scale remote working. In our 'Remote governance and controls' paper published in August 2020, we highlighted the evolving regulatory agenda in this area, the need to recalibrate risk and controls and the pivotal role of a firm's culture.

Now, over a year later, some firms are calling their staff back to the office, while others are exploring hybrid working models. In this article, we look at regulatory guidance, emerging practice and emerging conduct risks as firms adapt their ways of working and seek to augment their controls.

Regulatory guidance

The UK Financial Conduct Authority (FCA) recently issued its remote or hybrid working expectations for firms with the caveat that these may evolve as more is understood about how firms intend to operate. 

Some of the FCA expectations are very broad and obvious - that firms should be able to prove that neither remote working nor the lack of a centralised location causes detriment to consumers, damages the integrity of the market or increases the risk of financial crime.

More specifically, the FCA expects that firms should be able to prove there is satisfactory planning, reviewed periodically, that ensures:

• appropriate oversight by Senior Managers and the Board
• that controls functions can carry out their functions unaffected
• that policies and procedures can be cascaded to reduce any potential for financial crime arising from working arrangements
• that there are robust systems and controls, including necessary IT functionality to support the above

On 'softer' issues, the FCA expects that appropriate culture can be put in place and maintained in a remote or hybrid working environment and firms have considered the impact of working arrangements on staff, including wellbeing, training and diversity and inclusion.

IOSCO has also been reviewing (PDF 335 KB) the effects of firms' remote working on retail investors highlighting the impacts on risk management, client communication and complaints handling. In 2021-22, IOSCO will do further work on enhancing investor protection in relation to COVID-19 misconduct risks.

A joint paper (PDF 315 KB) by the Monetary Authority of Singapore and the Association of Banks in Singapore on Risk Management and Operational Resilience in a Remote Working Environment sets out the key actions that firms are encouraged to adopt to manage remote and hybrid working risks. Familiar themes emerge on ensuring an adequate control environment, cybersecurity and the impact of the changed working environment on people and corporate culture.

The Hong Kong Securities and Futures Commission has also issued regulatory standards for managing the potential risks of remote working, such as off-premises trading and information security. The paper (PDF 397 KB) suggests techniques and procedures to help firms comply with these standards.

Industry guidance

The Financial Services industry has begun to look in more detail at the issues of hybrid working and how to harness its benefits while mitigating the risks. The FICC Markets Standards Board working group on remote working risks (in which KPMG participated) has published a review of Hybrid working risks in wholesale fixed income, currencies and commodities (FICC) markets. (PDF 536 KB) This outlines steps that firms can take to promote equivalent conduct outcomes in a hybrid working environment given that regulatory obligations have not changed.

After exploring the benefits and risks of hybrid working, the review considers conduct risk themes and possible risk mitigants. As the themes are broad, covering cultural change, supervision and control impairments, execution risks, sharing of confidential information and threats to market effectiveness, there is useful material for all firms including those operating outside FICC markets.

KPMG has published two further papers on the risks emerging from the transition to hybrid working. These consider new or heightened retail conduct risks that should be identified, mitigated and managed effectively by firms so that they can continue to deliver good customer outcomes. 

One paper focuses on the UK, while the second looks at more broadly across the EMA regions.

Emerging practice

From discussions with clients and reviews of their control frameworks, it appears that, in most cases, adapting existing controls to a hybrid environment is not too difficult as most run on IT systems that can be accessed remotely or from the office. There is also some feedback that formal governance meetings work better via video conference as material can more easily be shared, quora are more likely to be met and a wider range of participants are likely to be heard.

The bigger issue faced by firms is how to ensure that employees acquire the skills and knowledge to help them make the right judgements in 'grey' or more nuanced areas. This can be through understanding the firm's culture and purpose, hearing other colleagues' conversations leading to better understanding of decision-making processes, participating in 'across the desk' discussion and debate and understanding when and how others escalate issues. These interactions and learnings can be more limited in a hybrid environment.

Regulators expect firms to consider the impact of hybrid working on their culture as well as their operations. As firms consider the different models and practicalities of implementing hybrid working, it is important that these 'softer' cultural aspects are fully reviewed and considered.