FCA finds senior managers among those breaching communication policies

Wholesale banks record staff communications to help them spot misconduct. The UK FCA has found breaches of firms’ recording and monitoring policies across all levels of seniority. Although it is not necessarily the case that FCA rules have been breached, the FCA encourages firms to engage with the relevant data around policy breaches and react to trends.

Room for improvement for off-channel communications

On 7 August 2025, the FCA published the results of its review into firms’ approach to "off-channel communications" – namely, communications which are neither monitored nor recorded by firms. This includes using encrypted apps on personal devices.

FCA rules require certain firms to record, monitor and ensure the auditability of communications where they relate or lead to the regulated activities in scope of the rules (e.g. dealing, arranging and managing investments). These firms also need to take reasonable steps to prevent the use of communication channels by employees that they can neither record nor copy.

The FCA’s review looked at relevant policies and management information at 11 wholesale banks. Data showed that breaches occur across all staff grades, with 41% involving individuals at the director grade or above. The FCA concludes that all firms can improve their approach.

For example, firms should assess whether:

• employees understand their individual responsibility to record relevant communications; 
• leadership has created a culture encouraging compliance with the FCA rules on the recording of communications; 
• firms effectively monitor third-party vendors who assist with the monitoring and recording of communication channels; 
• management receives adequate management information for the purposes of ongoing compliance monitoring; and 
• UK senior managers have sufficient oversight over the implementation and outcomes of a global policy framework for communications, including off-channel communications. 

Some improvements to frameworks and surveillance processes

UK wholesale banks have been improving their processes for communications in recent years following high-profile fines in other jurisdictions. The FCA notes that policy enhancements have included: 

• ensuring new technologies (e.g. smart watches) are captured;
• improving the process for employees to submit self-disclosed off-channel messages; and 
• using a dedicated helpline to guide staff on off-channel communications and using FAQs to inform ongoing training. 

Firms have also improved their monitoring processes to:

• update surveillance lexicons to cover new communication channels, including non-text communication methods, and identify “channel hopping” (the practice of moving from recorded to non-recorded channels);
• update their surveillance technology to incorporate natural language processing to maximise accuracy;
• monitor and analyse low usage of approved applications as potentially evidencing off-channel activity; and
• provide corporate devices to client-facing staff for the purposes of work-related communications. 

Third party risks need managing

The FCA has seen an increase in firms using third parties to help them monitor and record staff communications. Some firms reported challenges including service outages. As firms cannot outsource their regulatory responsibilities under SYSC 10A, firms need to closely monitor the performance of third-party vendors.

The importance of good management information

Examples of management information employed by firms for the purposes of ongoing oversight and remediation of communications-related frameworks include: 

• breach data;
• framework effectiveness assessments (including training completion rates); 
• third-party vendor KPIs; and 
• corporate device and BYOD monitoring to detect potential non-compliance.

Senior management should assess not only metrics relating to breaches of policy but also underlying trends. For example, a high number of breaches may indicate effective detection systems and a low number does not necessarily suggest the framework is effective.

Next steps

Although the review focused on wholesale banks, the outcome provides insights relevant to firms in other sectors as well. Firms should consider the FCA’s latest findings alongside the relevant rules and Market Watch 66 which sets out the FCA’s expectations on the recording of communications including in the context of homeworking.

The FCA warns that repeated breaches of a firm’s internal policy may warrant supervisory attention, even if individual breaches may not necessarily contravene FCA rules.