The policy is believed to have been signed off by the office of then CEO Andrew Bailey, who is currently governor of the Bank of England, and has been used to keep track of employees considered to be a “nuisance”, according to a report by The Times.
The ICO concluded last month that the FCA had “infringed their data protection obligations”, after a former employee complained about the policy to the data protection regulator.
‘No intention’ of retrospective action in FCA’s proposed non-financial misconduct rules
Emails from certain individuals were diverted from reaching their recipients, including more confidential lines of business such as whistleblowing and independent reviews, and were intercepted by a designated employee within the FCA.
The individual had to choose whether to forward the correspondence to the intended recipient or not.
The policy was set up in 2016 and now the regulator is facing calls to compensate those impacted by its breach of data protection rules.
The employee who sent the complaint told The Times the policy “compromised the integrity of the FCA’s confidential channels” while leaving people’s personal and confidential data exposed. The individual added they had warned the FCA several times about the illegality of the policy.
The policy was also widened to go beyond employees and include “vocal members of the public”, the employee said. “It was a way of tracking reputational risk by monitoring people who raised concerns and were considered a nuisance.”
FCA urges firms offering high-risk investments to retail investors to review promotion practices
The individual added the policy also created conflicts of interest, as senior managers “could, and did, intercept and divert correspondence that raised concerns about matters they were personally connected to”.
The people sending the emails and/or complaints were not made aware that their emails were being intercepted or diverted.
The FCA has been contacted for comment.