Three Things To Prepare For The Upcoming FCA Handbook Changes

The FCA have plans to implement changes into their Handbook, which will impact your FCA regulated firm.??

At the end of 2024, the FCA published Consultation Paper CP24/24 which proposes transferring requirements from the MiFID Org Regulation into the FCA Handbook. This includes introducing significant changes to communications monitoring requirements.??

These proposed changes affect all firms who are required to comply with the FCA Handbook, along with some firms who are authorised and regulated by the PRA.?

In this article, we’ll summarise the proposed changes to your communication monitoring requirements along with steps your regulated firm can take to prepare.??

Current FCA Handbook Communication Requirements??

Currently, the FCA’s requirements around telephone and electronic communications are outlined in their Handbook under SYSC 10A. The main requirements include:??

SYSC 10A.1.6 | A firm must take reasonable steps to record phone conversations and keep a copy of electronic communications that relate to financial activity that are made with, sent from, or received on equipment provided by the firm to an employee or contractor; or the use of which by an employee or contractor has been accepted or permitted by the firm.?

SYSC 10A.1.7 | A firm must take all reasonable steps to prevent an employee or contractor from making, sending, or receiving relevant telephone conversations and electronic communications on privately-owned equipment which the firm is unable to record or copy.?

For a full rundown of global regulatory requirements for communications monitoring, read our communications monitoring regulations guide.??

Proposed Changes To FCA Handbook Communication Requirements??

The FCA are now moving beyond the basic requirement to record and retain all communications. Now, the regulator wants to see firms outline the structured procedures they will follow to identify, investigate and report on the potential risks that may be evidenced in their communications. They are asking firms to move away from a reactive approach to risk management (finding the information after misconduct) and move towards a proactive approach to monitoring.?

The FCA’s proposed changes to their Handbook include:??

10A.1.15 | A firm must establish, implement and maintain an effective recording of telephone conversations and electronic communications policy, set out in writing, and appropriate to the size and organisation of the firm, and the nature, scale and complexity of its business. The policy must include the following content:?

1. The identification of the telephone conversations and electronic communications, including relevant internal telephone conversations and electronic communications, that are subject to the requirements in accordance with this chapter; and?
2. The specification of the procedures to be followed and measures to be adopted to ensure the firm’s compliance with SYSC 10A.1.6R?

(4) A firm must periodically evaluate the effectiveness of the firm’s policies and procedures and adopt any such alternative or additional measures and procedures as are necessary and appropriate at a minimum when a new medium of communication is accepted or permitted for use by the firm;?

(7) A firm must monitor compliance with the recording and record-keeping requirements in accordance with this chapter, by periodically monitoring the records of transactions and orders, including relevant conversations, subject to those requirements in a proportionate and risk-based manner; and?

(8) A firm must demonstrate to the FCA, at the FCA’s request, the policies, procedures and management oversight of the recording rules.?

What Can You Do To Prepare For These Proposed Changes???

1. Establish A Written Communications Monitoring Policy?

The main proposed requirement is the implementation of a written communications policy, which should identify all electronic and phone communications which must be monitored along with the procedures that are to be followed to ensure compliance with SYSC 10A.1.6R.?

The best communications policies should identify a set of high-risk behaviours that your communications should be monitored for and outline a process on how your compliance team will search for these behaviours and further investigate and report on high-risk activity.??

If your firm does not have a dedicated communications policy in place, we have created a template communications policy in collaboration with our compliance consulting partners. This template policy can be used as a starting point to help you create an industry-relevant policy for your firm.

Download Fingerprint's Communications Policy Template here. ?

If you need further guidance on what should be included in a regulator-ready communications policy, then you can read our Advice From A Consultant: Reviewing Your Compliance Policies & Procedures article, written in conjunction with a Senior Compliance Consultant at Bovill-Newgate.?

2. Ensure All Communication Channels Used to Conduct Regulated Activity Are Being Monitored??

The FCA is mandating that firms need to clearly demonstrate that they are effectively and proportionately monitoring all communication channels used to conduct business. These channels must be identified within their communications policy, and if any new channels are used at work, these must be identified in future policy versions.??

Due to the prevalence of hybrid and remote working, and a shift to digital mediums for consumer communications in 2025, many regulated firms now use a range of channels to communicate including phone calls, email, Teams, WhatsApp, Slack, Bloomberg and more. Understandably, many compliance teams struggle to monitor all of these channels using their existing processes.??

The prevalent use of ‘off-channel’ communications in financial firms in recent years, especially unmonitored WhatsApp use, has led to regulators such as the SEC handing out fines totalling $2bil. Firms found in breach of these regulations have also suffered from severe reputational damage. The shift in the way we work and communicate, as well as regulatory action taken across the pond, has most certainly been a catalyst for the FCA to propose changes to the Handbook to suit the current operating environment.??

3. Evidence That Your Communications Policy Is Being Followed??

As outlined in your policy, the procedures that your compliance team follows to identify and report on the relevant risks within your communications must be evidenced consistently.?

Your team’s monitoring work will only be as good as their reporting. If these proposed changes are implemented and the FCA comes knocking, then providing a communications policy with no other evidence of your procedures being followed will fall short of expectation.?

Your team should be tracking and reporting on all monitoring work from start to finish including:??

• Their searches through communications channels to identify high-risk activity??

• Recording the number of items they review??

• Flagging suspicious items for investigation or reporting these items up to higher management??

• The process of further investigation of these suspicious items??

We recommend that your team produce monthly or quarterly monitoring reports to ensure that there is consistent evidence that your policy is being followed and procedures have been implemented to support compliance to regulations.?

Consider Adopting RegTech To Help Satisfy Requirements??

Monitoring communications in today's digital age is incredibly difficult with a small compliance team and limited resources. The sheer volume of data that flows through a business, plus the complexity of data normalisation to gain any form of actionable insight, makes the task almost insurmountable with manual or ad-hoc processes.?

With compliance teams across the industry understaffed and overloaded with work, many turn to communications RegTech to ensure that their firm remains compliant with the regulators’ increased expectations. Firms are finding that monitoring tools are a worthy investment, which allow them to achieve exceptional communications compliance while saving hours of time through automation-driven processes and AI-enabled insights.??

In summary, the FCA are moving beyond the basic requirement to record and retain the ‘usual’ communications (calls and emails). In these proposed changes, the regulator wants to see firms establish a written communications policy that outlines the structured procedure they will follow to identify and mitigate the potential risks across ALL their communications, which are now varied and mostly digital.??

To meet these changes, firms should look to create a robust and thorough communications policy, ensuring all channels used to conduct regulated business are being monitored, and evidence that their policy is being followed with consistent monitoring activity and reporting. Adopting RegTech to assist in monitoring your large range of communication channels is a worthy investment to ensure your firm stays compliant with these changes in our current digital operating environment.?

How Fingerprint Can Help Your Firm Become Compliant With These Updated Regulatory Expectations?

Fingerprint’s communications RegTech can help you satisfy these proposed requirements. Using the Fingerprint Communications Compliance platform, your compliance team can:?

• Monitor all communications in one platform for unified and full data coverage?

• Benefit from an in-platform communications policy and structured workflows to support effective investigation of the applicable risks across your communications data?

• Save hours of time using Fingerprint’s automated risk identification features?

• Pinpoint risk within your firm’s communications assisted by in-platform risk ranking, so you are addressing the most pressing potential issues quickly and effectively?

• Evidence work easily with insightful reporting and activity tracking which can be set up with a simple click of a button?

If you think our RegTech might help your firm, then do get in touch, we’d love to help!???