—
U.K. regulators and compliant communications
Are businesses worried about increased action from U.K. regulators?
Global Relay’s Industry Insights: Compliant Communications 2023 Report asked respondents whether they were anticipating that U.K. regulators would be next to enforce against recordkeeping non-compliance. After almost two years of sustained enforcement activity from U.S. regulators, CityAM had reported that the FCA was “actively discussing personal device use with a range of U.K. authorized firms” in light of regulatory action in the U.S..
38.5% of respondents said that they were anticipating action and taking proactive steps, while 10.3% said that they were worried as U.K. regulators may be next to act, and they weren’t prepared.
In April 2023, shortly after our 2023 Report was published, U.K. energy regulator Ofgem issued a £5.4 million fine to Morgan Stanley & Co. International for recordkeeping failures. Ofgem found that, between January 2018 and March 2020, Morgan Stanley had failed to record and retain electronic communications relating to wholesale energy product trading.
In particular, many of these exchanges had taken place via private WhatsApp conversations, contrary to Morgan Stanley’s policies.
Also in April 2023, the Prudential Regulation Authority (PRA) censured Wyelands Bank Plc for its failure to retain WhatsApp messages.
While survey respondents were right to have worried that U.K. regulators would be next to act for non-capture of WhatsApp, they likely did not expect that the PRA or the energy regulator would be leading the charge.
Speaking at Global Relay’s offices in February 2024, the FCA’s Head of Secondary Market Oversight, Jamie Bell, sought to level the debate by suggesting the FCA would not take a hard-line approach akin to that of its U.S. counterparts, and that instead it wants to see robust policies that are adhered to. In May 2024, Thomson Reuters reported that a Freedom of Information request uncovered that the FCA has opened no investigations into recordkeeping compliance between 2020 and 2023.
Despite warnings from the U.K. regulator that there is “nowhere to hide” for non-compliance, and for organizations to get their “ducks in a row now,” the extent to which U.K. firms are concerned about regulatory action for recordkeeping has understandably diminished.
In 2024, 31.3% of U.K.-based respondents have said they are anticipating action and taking proactive steps, a decrease of 7.2% year-on-year (YoY). Notably, the number of respondents opining that they are not worried because they are compliant has risen by 22.9%, from 12.8% in 2023 to 35.7% in 2024.
Similarly, the FCA has highlighted several priority areas for 2024, including non-financial misconduct, insider dealing, and consumer protection – which may mean recordkeeping fines are off the cards, for now. However, it is still likely that FCA examinations will ask questions about how firms are achieving full recordkeeping and monitoring compliance of relevant communications.
I think ‘not worried’ may be bravado or group speak when in reality, it is at best a case of ‘less worried!’
One has to question whether this is driven by the relatively low number of fines in the U.K. due to eComms surveillance failures. One is never at a stage when one is NOT worried about compliance and the regulators, that is the lot of a compliance officer. What we see against this result is a combination of the two key answers, a coming together of clear regulatory expectation which the vendor community has responded to. However, I think the compliance environment is now mature and despite being under constant forward momentum, it has a very clear understanding around the level of expectation from the U.K. regulator.
Regardless of the size, complexity, or nature of your business, I think the industry really does know what they need to be ready to deliver, even in the most rudimentary form. With various Market Watch notices, we have been advised about the expectation of not just operating ‘out of the box’ systems and it would be hard to say, “we didn’t know.” Ignorance will be no defense, as it has never been. The tools are more effective now and despite the warning from the regulator, even an ‘out the box’ solution will provide a company with a sufficient level of comfort.
Martin Gaterell, Associate Director: Private Side Advisory with Monitoring & Surveillance, Unicredit GmbH
