FCA’s Off-Channel Communications Review: What’s New and Why It Matters Now

The Financial Conduct Authority (FCA) has published the results of its August 2024 review into firms’ management of off-channel communications – messages sent outside monitored systems, often on personal devices.

At first glance, this might feel like déjà vu. US regulators levied billion-dollar fines in 2022, and the UK has already seen enforcement against Morgan Stanley and PRA criticism of Wyelands Bank. But the FCA’s new review is different: it’s the regulator’s first consolidated statement on UK wholesale banks’ practices, and it sets the tone for future supervisory expectations.

What’s New in the FCA’s Findings

• High-level accountability is in the spotlight. 41% of identified breaches involved staff at director grade or above, underscoring that cultural issues are not confined to junior teams.

• Surveillance has become more sophisticated. Firms are deploying tools that can capture GIFs, emojis, and voice notes, and spot unusually low traffic on approved devices.

• Bright-line device policies. Some banks are issuing distinctively coloured work phones to make compliance obvious on trading floors.

• Vendor oversight matters. One third-party transcription service used in the sample was found to be “largely inaccurate”, highlighting the risks of outsourcing.

• Management information (MI) is uneven. The strongest firms produce MI that goes beyond raw breach counts to include root causes, trends, and governance actions.

Why This Matters Now

The FCA is making clear that off-channel comms are not just a record-keeping issue – they’re a conduct and culture issue. With upcoming rules on non-financial misconduct and the regulator’s sharper focus on Senior Management Function (SMF) accountability, failures in this space can quickly escalate into personal liability questions.

In other words, this isn’t about WhatsApp alone. It’s about whether firms can prove they have credible controls, a strong tone from the top, and reliable oversight of both technology and behaviour.

Questions Firms Should Be Asking

The FCA closed its review with a list of reflections, but in practice firms should now be asking:

• Do our senior leaders model compliant behaviour – or are they among the repeat offenders?

• Can we trust the output of third-party monitoring vendors, and how often do we test them?

• Is our MI telling the whole story – not just breaches, but systemic weaknesses and trends?

• Where breaches cluster at senior levels, are SMFs acting decisively to address cultural red flags?

Final Thought

This review isn’t a history lesson – it’s a line in the sand. The FCA has set out what it sees across the market, and firms now have a benchmark to test themselves against.

Given the regulator’s clear interest in cultural drivers of misconduct, boards and SMFs should treat this as an opportunity to recalibrate expectations. Strong policies and shiny surveillance tools are only part of the picture – the real challenge lies in changing behaviours, especially at the top.