The Financial Conduct Authority (FCA) has published the findings of a multi-firm review into how wholesale banks manage the risks of off-channel communications. The review offers a detailed examination of the progress made and the challenges that remain in managing eComms compliance, with a focus on governance, culture and accountability.
Off-channel communications are messages sent outside of firm-approved systems. These include the use of personal devices, encrypted apps such as WhatsApp or other platforms not captured by a firm’s compliance infrastructure. Because off-channel messages fall outside required surveillance and record-keeping systems, they create significant risks around the ability to both demonstrate regulatory compliance and monitor employee communications for potential misconduct.
What the FCA Review of Off-Channel Communications Means for Compliance in the UK
The FCA has made it clear that off-channel communication risk remains a priority area of supervisory scrutiny, and firms should act now to ensure they have the proper controls, supported by the right technology and aligned with the firm’s business model, in place.
Watch an on-demand webinar on Solving the Growing Challenges of Effective eCommunications Surveillance.
What Did the FCA Multi-Firm Review Cover?
The FCA surveyed eleven wholesale banks, asking them to submit data on:
- Policy enhancements have been made in recent years.
- Breach incidents involving staff at all levels.
- Management information (MI) and reporting are used to track compliance.
The regulator then followed up with firm-level discussions and industry panels to test how banks are embedding expectations across their organizations.
Key Findings of the FCA Multi-Firm Review
Eight of the firms surveyed disclosed a total of 178 breaches, with 131 of these breaches across three firms. The report includes the caveat that these numbers need careful consideration—a high number may mean that the firm has effective surveillance systems in place.
The review found that all eleven firms had strengthened policies and processes on off-channel communications within the past two years. However, the review found that significant weaknesses still persist:
- Breaches continue to occur, including at senior levels
- Governance and oversight remain inconsistent
- Cultural change has not been fully achieved
The FCA emphasized that while many of the incidents represented internal policy breaches and not necessarily a breach of FCA rules, firms should not treat them lightly. Persistent misuse of off-channel communications will continue to be a key indicator of shortcomings in staff behavior, accountability, and compliance oversight.
Firm Controls to Mitigate Off-Channel Communication Risk
Banks reported implementing a range of measures to mitigate off-channel risks, including:
- Policy updates to address new communication technologies
- Streamlined processes for employee disclosure and self-reporting
- Increased availability of approved communication channels
- Bans on using personal information in replies and directories
- Training programs to raise awareness of risks
- Updated lexicons to include the latest developments including emerging channels, channel-hopping and non-text communications
- Enhancements in monitoring and surveillance systems including AI and natural language processing
- Provision of corporate devices to covered employees.
The FCA acknowledged progress but stressed that firms must do more to identify repeat breaches and strengthen the role of senior managers in ensuring compliance.
Get the Message! Preserve eComms or Face Steep Regulatory Consequences
Senior Management Breaches
Why Senior-Level Misconduct Matters
The report called out that 41% of the breaches involved senior staff, including individuals at the director level. These incidents send damaging cultural signals, undermining firm-wide compliance initiatives and creating the perception that rules do not need to be consistently followed.
Senior Management Conduct Expectations
The regulator’s message is clear: senior management must be accountable for ensuring off-channel compliance and set firm standards by adhering to policy on their end. Firms are expected to:
- Demonstrate a clear tone from the top.
- Maintain robust escalation and disciplinary processes.
- Use management information to identify and address repeated misconduct.
- Ensure cultural change is embedded at all levels.
The report notes that training plays a key role in outlining and reinforcing policy expectations.
Taking the correct tone from the top is critical in maintaining compliance across all levels of the firm. Learn more in the on-demand webinar Beyond Wishful Thinking: Create a Thriving Culture of Compliance.
WhatsApp and Other Unapproved Communications Channels
A significant proportion of breaches identified in the FCA’s review involved the use of WhatsApp and other ephemeral messaging applications. Firms have struggled to monitor these platforms effectively, and prohibitions on personal devices have not been entirely successful in preventing misuse. Reliance on encrypted, unmonitored and short-lived messaging apps creates material compliance risks and undermines record-keeping obligations.
Ephemeral messaging, by design, allows communications to disappear after a set time, making them particularly challenging for surveillance, audit and retention. Learn more about the compliance challenges posed by these tools in our blog on ephemeral messaging.
FCA Regulatory Expectations on Managing Communications
The FCA’s expectations on managing electronic communications are contained in SYSC 10A of the FCA Handbook. Under SYSC 10A, firms are required to:
- Record communications relating to activities that fall within the scope of the Markets in Financial Instruments Directive (MiFID II).
- Retain those records in a durable medium that is accessible for inspection by the regulator.
- Monitor communications to ensure compliance with regulatory obligations and firm policies.
The FCA reinforced these expectations for effective management of eComms in Market Watch 66, including the need for robust policy, training, and monitoring and recording controls.
How MCO Helps Firms Manage Off-Channel Communications
Managing off-channel communication risks requires comprehensive compliance technology that combines monitoring, review and retention supported by robust workflows and alerts. The MyComplianceOffice platform enables firms to address FCA expectations with efficient and effective surveillance and archiving solutions:
- eComms Keep – Provides secure capture and retention of electronic communications across multiple platforms, ensuring firms can meet record-keeping and monitoring requirements even as communication technologies evolve.
- eComms Review – Automates surveillance of communications, with workflows that flag potential breaches, escalate high-risk cases and deliver actionable management information to compliance teams and senior leadership.
The MyComplianceOffice platform enables firms to connect surveillance data with compliance obligations, helping firms track misconduct, enforce policies consistently and demonstrate accountability to regulators. Sources including WhatsApp, Email, Zoom, Bloomberg, Reuters, ICE Chat, Skype, Signal, SMS, LinkedIn, Teams and more are supported.
With eComms Keep and eComms Review, firms can reduce their exposure to the risks identified in the FCA’s review—including the challenges of managing WhatsApp and other off-channel platforms—while strengthening culture, oversight and regulatory alignment.
Ready to hear how MCO is helping firms around the globe manage eComms compliance and off-channel communications in accordance with regulatory requirements around the globe? Set up some time right here for a conversation with our experts.
