Hybrid working can pose compliance risks
Peer-to-peer lenders have been urged to assess if their risk management systems are up to scratch amid the shift towards hybrid working.
The Financial Conduct Authority (FCA) issued an alert to all regulated firms last month to be aware of the risks presented by home working, which has increased due to the pandemic.
The City watchdog said it should be informed using a principle 11 notice if there has been a substantial change in the way a firm operates.
Dena Chadderton, partner at compliance consultancy Adempi Associates, said fintech and P2P lending firms have an advantage compared with other financial businesses as their product is already online but they still need to assess the staff risks.
Read more: Fintechs and compliance firms launch data security framework
“If I was a P2P lender, I would worry about aspects such as complaints handling, how you are monitoring conduct and your vulnerable customer policies,” she told Peer2Peer Finance News.
“Are you monitoring the outcomes on both sides?
“Culture is a difficult one to manage remotely. How do you make sure people at home are kept included, you may not know for a while that you have poor outcomes like demotivated staff?
Read more: Remote working ‘increasing risk of financial crime’
“There are also responsibilities under the data protection act, how are you stopping people saving private information onto computers or making sure family members don’t see it?”
She said it can be hard for firms to know if a principle 11 notification is needed and Adempi is holding a roundtable for clients this month to highlight how to approach this.
“We don’t know many firms, if any, who are fully back to the office, does that mean every regulated firm should make a principle 11 notification?” Chadderton said.
“Firms need to update their risk assessment, consider if their working model has a significant impact on their risk profile and then decide if a notification is necessary.”
Read more: Additional P2P regulation predicted
She added that the FCA does not always make binary rules, although firms would certainly find that easier.
“If there is a significant change such as moving your head office to your private residence then there are notification requirements,” she added.
“The onus is on the firm to make the decision and inform the FCA.
“Our general rule is, if in doubt make a notification, if you don’t and the FCA decides you should have done then the consequences will in all likelihood be more severe.
“In extreme circumstances, if the FCA spots a breach and says you should have notified it of a change then there could be a fine.”