Financial Conduct Authority review finds ongoing off-channel communications breaches at wholesale banks including 41% involving directors

The Financial Conduct Authority published findings from a multi-firm review of firms’ approach to off-channel communications, focusing on communications that take place outside monitored and recorded channels permitted by the firm. Across the eleven wholesale banks surveyed, all could evidence improvements to their frameworks over the past two years, but most continued to identify breaches of internal policies, underscoring the need to address behaviour as well as detection. The FCA reiterated that SYSC 10A requires firms to record and monitor in-scope telephone and electronic communications so they are auditable, including conversations leading to in-scope activities, and to take reasonable steps to prevent use of unrecorded channels. The review highlighted examples of actions taken across policy and controls, surveillance (including updated lexicons, detection of ‘channel hopping’ and use of advanced analytics), and governance and management information, alongside increased use of third-party solutions and associated risks such as outages and missing or inaccurate data. Breach data for the prior 12 months showed three firms reported no breaches, while eight disclosed 178 breaches in total, with 131 concentrated in three firms; 41% involved individuals at director grade or above. The FCA cautioned that internal policy breaches are not necessarily breaches of FCA rules, but noted that repeated breaches, particularly involving senior leaders or rising trends, may attract supervisory attention. The FCA will continue engaging firms on their approach and discussing breach data to identify trends and where further action could be required.