Employees in the financial service sector have been subject to high levels of workplace monitoring for some time, due to regulatory reporting and recording rules placed on many firms. This including firms arranging and/or entering into deals in financial instruments, providing investment advice and similar services, and managing investments for example. Further detail for ‘in scope’ firms is available below.
This article advises when recording and monitoring obligations apply in the workplace and what firms in the financial services sector need to consider when monitoring staff.
Broadly, recording and monitoring obligations apply to employee conversations and communications made with, sent from, or received on, equipment provided or permitted to be used for business purposes.
Firms must take reasonable steps to record conversations and keep communications related to performance of its regulated activities. Firms must also be able to identify similar steps leading up to those activities, so this could include monitoring of internal and external communications.
Firms must also take reasonable steps to ensure employees don’t use private equipment to make, send, or receive relevant conversations and communications. Further, the Financial Conduct Authority requires firms to keep records for a minimum of 5 years and potentially up to 7 years, which must also be provided to clients on request.
It's important a firm has appropriate recording and monitoring policies and gives careful thought to issues deriving from these requirements within its risk assessments. Effective recording and monitoring controls are critical to ensure accurate maintenance of transaction logs and terms, for managing client expectations and assisting to deal with disputes and complaints. This recording and monitoring also enables firms and the Financial Conduct Authority to deter and detect issues of market abuse and facilitate enforcement action.
Firms should also ensure that appropriate training is provided to employees. This should cover the use of technologies and risks that may arise as a result of recording and monitoring, or if new or amended policies are introduced.
In order to ensure that they are complying with data protection legislation, in scope employers will need to provide clear and transparent privacy notice information to employees, to ensure that employees understand how their communications will be monitored.
For further reading, a list of ‘in scope’ firm types and activities, together with rules and guidance on this topic is available in the FCA Handbook (SYSC 10A). The FCA Market Watch newsletter, Issue 66 (January 2021) also provides commentary on risk and approach to recording obligations in the era of remote working.
For more information, please contact Oliver Woodhouse.
Guidance on responsible AI in recruitment: helping to navigate data protection compliance
‘Not another one!’ When can employers refuse to respond to an employee’s vexatious subject access request?
Data protection webinar: privacy considerations for workplace monitoring
We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.
Sign up
