Contact Sales
Digital Learning & Compliance

The top 3 focus areas for financial services and regulated industries in 2021

Understanding the Financial Conduct Authority’s focus

We’ve all been living through a wild year without equal and now, as the tide hopefully turns on Covid-19, we find ourselves moving forward with renewed impetus, despite the pandemic and the effects of Brexit remaining a big part of the picture. With those factors and others in mind, this article’s going to think about the Financial Conduct Authority (FCA) and three clear areas of regulatory focus that it’s currently concentrating on:

  • Governance, culture and individual accountability
  • Conduct and enforcement
  • Operational and financial resilience

Now, we anticipate that all of these matters will generate increased FCA scrutiny – and enforcement action – in the months ahead, so they’re certainly subjects worth discussing. To help me do so, I’m delighted to be able to draw upon the insights and expertise of Philippa Grocott, Managing Partner at the financial services training and consultancy firm FSTP.

Risk & Compliance Software Financial Services

Posted 13/04/2021

Governance, culture and individual accountability

In the second half of last year there were 25 open FCA investigations, all relating to senior managers and with most concerning misconduct and rule breaches, but this in fact formed part of a relatively quiet enforcement period. So, what are the relevant issues to consider against that backdrop?

“Let’s think about the accountability aspect of the Senior Managers and Certification Regime [SM&CR],” suggests Philippa. “This has been in place for banks, building societies, large designated investment firms and credit unions for five years now, and there’s an expectation from the regulator that it’s been long enough now for it to be embedded in firms’ DNA. So as far as senior management is concerned, it’s about leading from the top and understanding where your responsibilities and accountability are because it’s so much easier for the regulator to understand who holds the responsibility in a firm now.”

Of course, we know that SM&CR came about as a response to the financial crash of a decade or so ago when authorities couldn’t pinpoint who’d made key decisions that fuelled that crisis. “So now, for senior managers and leadership teams within firms, it’s going to be about whether you’re doing the right thing,” continues Philippa. “Are you leading your firm in the right way and are you cascading that down throughout your organisation? There’s going to be a lot more focus on individuals and put simply, the FCA will inspect what they expect, so gone are the days of pointing to a policy and expecting a tick in the box – now they want to see how things work in practice, to look under your carpets if you like. In terms of outcomes, you’re going to need strong governance frameworks that allow the right culture to drive decision-making, as well as the implementation and maintenance of the SM&CR, including Conduct Rules. If you have those frameworks and you align what you do to them, along with the right culture, it tends to permeate through the whole business, with the right processes and procedures in place to help you avoid, for one thing, making decisions on the hoof. Another point is that many firms don’t appreciate how much record-keeping SM&CR entails, as you have to evidence your claims including that people are competent, fit and proper etc. So having effective systems in place to ensure these records are well kept is essential.”

It’s worth mentioning too that the FCA’s ‘Approach to Supervision’ articulates that the key cultural drivers in firms are: purpose, governance, leadership and the approach to reward and managing. Some key practical steps firms could take in this area therefore include: thinking about what’s said and how it’s expressed, whether it comes from a Senior Management Function (SMF), certificated individuals or other senior figures; having clear accountabilities for activities that affect consumer outcomes; having a robust risk framework in place; and having strong independent board oversight, with scope for it to be objectively challenged.

Conduct and enforcement

Now, there have been a lot of instances of regulatory forbearance recently, with the FCA holding back on searches and warrants – in fact, statistics show the lowest number of fines since the FCA’s establishment in 2013. The risks and rule-breakers are still out there, of course, so it’s worth remembering that a good indicator of a firm’s culture is its response to compliance issues and instances of potential misconduct.

“One of the things to bring out here is that the FCA are more worried about having a nil return for conduct rule breaches than they are if they see breaches, because if they see them, then they know that they’re being monitored and addressed. If there’s a nil return, it raises questions about whether firms are picking up breaches and taking the issue seriously. So it’s making sure that you’re doing the things that you should do when nobody’s looking – that’s what good culture is about,” states Philippa.

I’m going to mention here a few additional areas experiencing a greater focus from the FCA at the moment. Firstly, market abuse e.g. the handling of confidential information and personal account dealing. In addition, there’s the whole ‘working from home’ issue and how that poses particular challenges in terms of monitoring the conduct of remote staff effectively, for all concerned. Furthermore, there are increased regulatory attention towards non-financial misconduct, particularly where that takes place outside of the workplace (following the ‘Me Too’ movement in 2018, diversity and inclusion are now integral to the FCA’s assessment of a firm’s culture).

It’s a lot to think about, but some practical steps that can be taken to help within this broad area include: checking that your firm has a robust process to ensure that SMF and certification staff are ‘fit and proper’; reviewing your firm’s processes for the handling and escalation of misconduct cases, and considering whether your firm’s remuneration structure incentivises appropriate behaviour.

Operational and financial resilience

Let’s move on to the last of our three categories, one that the FCA will undoubtedly continue to keep a keen eye on. Past statements issued to firms have outlined its expectations on financial crime and information security systems and controls, while in summer 2020 they also issued a mandatory Covid-19 impact survey to gain a more accurate view of firms’ financial resilience. So there’s a distinct desire to shift mindsets and it’s partly driven by public interest (thinking of some of the high-profile banking and IT failings of recent times).

“A lot of this should be seen in the light of the financial crash. It’s making sure that firms have enough capital adequacy to cope with situations – and remember that there hasn’t been as much business for some firms recently as there has been for others. For example, a lot of consumer credit firms, including the motor finance industry, have had to deal with a huge number of calls from customers saying they’re in financial difficulties and can’t make payments, and they’ve had to make adjustments as a result. The number of vulnerable customers has gone through the roof and authorities want to know what firms are coping with and what the impacts might be, because obviously, and sadly, not all companies will come through the other side of the pandemic and some are also still riding the storm of Brexit,” Philippa comments.

Of course, the FCA’s focus is wider than the pandemic and Brexit. It has indicated that it will implement its own version of the ‘Investment Firms Regulation’ on 1st January 2022 and also published final guidance on a framework to help financial services firms ensure they have adequate financial resources. There’s been a specific note, too, that the crisis underlines the need for all firms to have adequate resources in place and to assess how those needs may change. Having taken all this on board, a couple of practical steps to take might include: reviewing your firm’s business continuity plan and risk assessments – for example, making sure any risks associated with ‘working from home’ are incorporated and mitigated, and revisiting the assessment of its adequacy regarding financial resources.

Concluding thoughts

I want to thank Philippa for her invaluable contributions to our regulatory reflections and, finally, leave you with three tips to stay on top of:

  • Don’t get lured into a false sense of security from a regulatory perspective, having largely made it through such a tough year or so.
  • Whilst it was an unprecedented year, the FCA have by no means given firms freedom when it comes to regulatory compliance.
  • It’s in 2021 that we expect to see action from the FCA towards those firms that did not meet its expectations.

Check out our complete course collection, which includes an SM&CR suite.