Central Bank finds investment firms risk market abuse over work-from-home communications

Regulator said firms had failed to adequately monitor how staff communicate when working outside the office

The regulator said it expected that firms would continue to focus on improving their safeguards. Photograph: iStock
The regulator said it expected that firms would continue to focus on improving their safeguards. Photograph: iStock

Investment firms and credit institutions involved in securities markets activity have failed to adequately monitor how staff communicate while working from home, raising the risk of market abuse, the Central Bank has warned.

The regulator previously warned in March of the risk of abuse-related conduct arising from the use of unmonitored, unauthorised or unencrypted telephone and electronic communication devices when employees are working remotely or as part of a hybrid model.

The bank said on Thursday that a recent assessment had found that none of the firms included had made amendments to recording of telephone and electronic policies or procedures despite moving from a largely in-office environment during and after Covid lockdowns.

Policy breaches

“Monitoring and testing conducted by firms did not meet the Central Bank’s expectations,” it said in a new industry communication document.

READ MORE

“While the majority of firms conducted some form of monitoring of electronic communications, there was an absence of a systematic approach to monitoring telephone communications in some firms.”

Only a small number of breaches of policies and procedures were identified by firms, indicating that their monitoring functionalities are not working effectively to identify potential breaches, the regulator found, adding that firms’ own disciplinary procedures were not followed in the majority of cases where breaches were identified.

The lexicons used for the monitoring of electronic communications were not “appropriately calibrated”, it said, meaning firms were “heavily reliant on default system lexicon words and phrases”, while an analysis of firms’ electronic surveillance systems observed that a “large volume” of electronic communication alerts had not been reviewed.

“Some firms did not have a clear policy or procedure in place in relation to the escalation of breaches. In addition, alerts generated through monitoring functionality, designed to highlight breaches, were closed without any rationale being attributed to the closure.”

The cost of climate change: ‘almost like driving another budget through public finances’

Listen | 38:51

The assessment did identify that some firms exhibited good practices in ensuring that all telephone and electronic communications are recorded and retention periods are set in accordance with EU requirements.

But a minority of firms did not maintain a list of staff in possession of corporate devices and personal devices that have been approved for use by the firm.

Bank’s expectation

The regulator said it expected that firms would continue to focus on improving their safeguards and that the assessment results should be brought to the attention of all board members, senior management and relevant staff by year-end.

“It is the Central Bank’s expectation that firms should continue to focus on driving continuous improvement in their frameworks regarding telephone and electronic communications.”

Ireland is a major centre for the fund management industry, a regional hub for a number of international banks and has a domestic financial sector, all of which are regulated by the Central Bank.

— Additional reporting: Reuters

Laura Slattery

Laura Slattery

Laura Slattery is an Irish Times journalist writing about media, advertising and other business topics