The Financial Conduct Authority (FCA)’s recent step towards “inbox zero” has proved to be a ground zero for more criticism of the regulator, with industry and legal figures raising questions about its proposal to introduce a new policy to automatically delete “unnecessary” staff emails after a 12-month period.
What is the FCA’s 12-month email deletion policy?
The FCA’s current email retention policies see Microsoft Outlook emails retained indefinitely for employed staff. However, from April 1, 2025, a new approach will see emails deemed “unnecessary” deleted automatically should they remain in an inbox for over a year. This policy would apply to emails sent or received after April 1, meaning current historic emails will not be automatically deleted.
The organization-wide policy, approved by the FCA’s executive committee, aims to reduce “the legal and reputational risk” the regulator faces from long-term email retention. An FCA spokesperson clarified the purpose of the policy:
“This is about deleting unnecessary emails, which means we will be able to retrieve information more efficiently.”
The regulator confirmed that important emails will be kept, and that:
“Any emails that should be retained to comply with regulatory and legal requirements, including the Freedom of Information Act, will be saved.”
These important emails will be saved in the FCA’s official data repositories, where any information created or received in the course of the regulator carrying out its duties are kept for a retention period of 25 years.
“One rule for the regulator …”
Despite the FCA’s clarifications on the policy, it has been met with concern and criticism from those working in and around the finance space – and from within the Authority itself.
Charlotte Hill, a partner at legal firm Charles Russell Speechlys, suggested the approach is “very much at odds with what [the FCA] expects the industry to do,” adding “imagine if a bank announced this.” Harvey Knight, partner at Withers, opined that “it appears to be one rule for the regulator and another for the regulated,” suggesting that “it only seems fair … if the FCA also propose to amend their own handbook and remove the requirement” for regulated firms to keep records of communications.
Currently, the FCA requires regulated firms to retain relevant records for a range of minimum periods, including at least five years for investment firms, three years for other companies, and ‘indefinitely’ for pension transfer specialists.
An anonymous internal FCA source expressed concerns that email deletion may affect the regulator’s ability to fulfil Freedom of Information requests, which played an integral part in investigations into the 2023 debanking scandal, as well as external investigations into the regulator, such as the 2024 investigation into FCA chair Ashley Alder’s mishandling of the regulator’s own whistleblower policy. The FCA source also raised the possibility that a 12-month deletion time limit might hamper regulatory case work, as “some enforcement cases can go on for a number of years.”
Commenters have raised that the new policy could frustrate efforts to hold the regulator to account in future. Andy Agathangelou, head of the Transparency Task Force campaign group, said:
“If it transpires that the FCA is attempting to delete emails over 12 months old, then those who believe the FCA to be dishonest will wonder if their motivation for doing so is to cover up dishonesty; and if so there could be one or more scandals that it is trying to hide its handling of.”
Junk mail
While the FCA has worked to assure the industry that staff are being trained on the policy to make them aware of which emails need to be stored under the Financial Services and Markets Act and that this is all part of efforts by the regulator to “improve [its] record management approach through better use of technology,” the policy has been poorly received by the industry.
Comments on coverage of the story point out that the approach is “slightly different to the policy requirements for regulated firms,” and that the proposals give a sense of a “do as I say, not as I do” stance from the regulator. They raise questions such as “how will the regulator know whether an email is important?” as “something that might seem very un-important today could be critically important a few years down the line.” A particularly unflattering response accused the FCA of:
“Derriere covering of the highest ordure.”
The FCA currently finds itself in something of a “rock and a hard place” situation, caught between calls from the government to support its growth agenda, and consistent criticism of its previous proposals to “name and shame” firms under investigation, with its every move under increasing scrutiny.
FCA chief executive Nikhil Rathi has promised a “different relationship” with The City going forward, which has so far involved the regulator outlining that it won’t be issuing prescriptive rules around off-channel communications, and may well see scaled back commitments to non-financial misconduct (NFM) rulemaking and a shelving of its “name and shame” proposal. Considering the strength of feeling around this latest tête-à-tête with the industry, we might see the 12-month email policy consigned to the junk folder.
