Suitability and effective governance
The regulatory spotlight was turned on the financial advisory, alternative investment and wealth management worlds in January, with three “Dear CEO” letters issued by the Financial Conduct Authority (FCA). In each case, the FCA has outlined its approach to tackling key areas of concern and summarised the action it expects firms to undertake.
Suitability and effective governance are central elements of the FCA’s supervision strategy. In the alternatives investment sector, this means that firms must adequately consider the appropriateness of investments for their target investors. In relation to financial advice, this requires firms to ensure the advice they provide to consumers is suitable for their needs. In each sector, the FCA will also be focussing on firms’ standard of governance, and their efforts to implement the Senior Managers and Certification Regime (SM&CR), where applicable.
New financial services directory
The FCA is due to launch a new financial services directory for banks and insurers in March 2020, which will operate alongside the existing financial services register. The directory will also apply to FCA solo-regulated firms from December 2020.
The directory will include all those who hold senior manager positions requiring FCA approval and those whose roles require firms to certify that they are “fit and proper” under the SM&CR. This includes those in consumer-facing roles, such as mortgage and investment advisers.
Doing the right thing for vulnerable consumers
The FCA plans to issue a response to its consultation on guidance for firms on the fair treatment of vulnerable customers in the first half of 2020.
The proposed guidance sets out the FCA’s view of what its Principles for Businesses require of firms to ensure that vulnerable customers are consistently treated fairly across the sector. It is relevant to all firms involved in the supply of products or services to retail customers even if they do not have a direct client relationship with the customers.
The FCA plans to use the guidance as a basis for monitoring and assessing firms’ practices, supporting both its supervisory and enforcement work.
In Focus | Responsible business
Which aspects of responsible business are driving the regulatory agenda?
Financial regulation is driven by the need to protect society from both systemic risk and risks posed by individual firms. There are more stringent rules, particularly in areas such as consumer finance, aimed at protecting more vulnerable sections of society.
One of the current areas of concern for the Financial Conduct Authority (FCA) is that firms increasingly depend on third-party providers and outsourcers (for example, cloud service providers) to perform certain processes, services or activities on their behalf. Such arrangements give rise to a risk of operational disruption and harm to consumers if they are not effectively managed. This risk is heightened where the outsourcing is concentrated in, for example, a limited number of technology providers. Badly conceived or executed outsourcing arrangements also increases regulatory risk and, in more complex situations, may result in firms having to hold additional capital to cover operational risk.
Addressing the risks of harm that could result from insufficient operational resilience in firms and poor governance of outsourcing and third-party service provision is a key priority for the Bank of England (BoE), Prudential Regulation Authority (PRA) and FCA. These regulators have recently launched co-ordinated consultations on the extent to which their existing policies should be supplemented to improve the resilience of the system as a whole, and to increase the focus on this area within individual firms.
Another major area of focus for the FCA is firm culture, stemming from criticisms that irresponsible practices within firms were a significant contributor to the financial crisis.
In an effort to drive greater responsibility and personal accountability in the financial sector, the FCA introduced the Senior Managers and Certification Regime (SM&CR). The SM&CR requires firms to clearly define the responsibilities and functions covered by senior managers, whose fitness, skill and propriety must be certified on an on-going basis. Conduct rules – including the requirements to act with integrity, to treat customers fairly and to exercise due care, skill and diligence – apply to nearly all staff within scope of the regime. That scope has been expanded, to now cover almost all regulated firms.
Are responsible business considerations having an impact on the tools that regulators are using?
According to the FCA’s Mission paper “Approach to Supervision” (April 2019), the FCA’s focus is on the drivers of behaviour and the role individuals play within firms. A firm’s managers are responsible for the firm’s culture and for preventing harm. Rather than laying down prescriptive rules, the FCA will look at the purpose of a firm to understand what it is trying to achieve in practice.
Under the SM&CR, the FCA has set out its expectations of firms and the behaviour of their employees in the form of five conduct rules that represent minimum standards of behaviour (see above). These five principles set the framework for establishing a culture of accountability for conduct at the heart of all firms’ activities.
The FCA has also published guidance for firms that fall within scope of the regime. This includes final guidance on how the FCA will enforce a Senior Manager’s Duty of Responsibility, and guidance within the FCA’s Handbook, for example, about the types of things firms should consider as part of assessing a person’s fitness and propriety.
Which of the recent or upcoming developments are based on international consensus or agreements?
The 2008 financial crisis sparked major changes in global financial services regulation with attention and resources focused on the behaviour of firms and senior individuals and how they conduct their business. Regulatory reforms have been designed and implemented globally to address accountability and conduct in financial services.
In line with this trend, the European Commission has, in its recent consultation on the implementation of Basel III reforms, raised the possibility of an “accountability regime” under the Capital Requirements Directive. This could result in an EU-wide individual accountability regime for banks, highlighting the Commission’s desire to tackle misconduct, poor culture and excessive risk-taking within the financial sector.
Achieving a better and more trusted corporate culture within the financial services industry was also a key pillar of the speech delivered by Christine Lagarde, managing director of the International Monetary Fund, in February 2019. In her view, it is not stringent legal sanctions or compensation and governance rules that will bring about the necessary cultural change. Rather, what is required is strong individual responsibility that is grounded in values and ethics.
What are the main challenges for businesses in complying with these developments?
In an increasingly complex and fast changing business environment, firms will need to be able to prevent, adapt, respond, recover and learn from disruptive operational incidents. To achieve this, firms will need to consider their dependency on services supplied by third parties and the resilience of these third-party services. This includes those third parties typically outside the regulatory perimeter, where firms retain responsibility for the delivery of their regulated services. The FCA has found that these concepts are not yet part of all firms’ thinking.
Similarly, being compliant with the SM&CR is not just about providing accurate and up-to-date records, ultimately it will require a cultural change within financial services firms to ensure that all staff understand where responsibility lies, and who is accountable when things go wrong. This may be challenging for many firms, particularly those that have evolved from start-ups in recent years, who may not have the formal structures in place to attribute responsibility in the manner envisaged under SM&CR. Being able to create firm-wide cultural change is an issue all businesses face, and in financial services there is no definitive rulebook to follow.
Dates for the diary
|March 2020||The FCA’s directory (the FCA’s proposed public register that enables consumers, firms and other stakeholders to find information on key individuals working in financial services) is expected to go live in March 2020 for banks and insurers.|
|3 April 2020||Deadline for comments on the PRA’s Consultation Paper: Outsourcing and third-party risk management (CP30/19) and the FCA, PRA and BoE’s joint consultation papers (CP 29/19) on operational resilience in the financial services sector.
The PRA intends to publish its final policy on outsourcing and third party risk management in the second half of 2020, in line with the final policy on operational resilience.
|Autumn 2020||Findings from the FCA’s Financial Advice Market Review and Retail Distribution Review (aimed to improve consumer outcomes from financial advice and guidance) are due to be published.|
|December 2020||The FCA’s directory will apply to FCA solo-regulated firms.|