In this edition, we include highlights from our two events with FCA and UK Finance in May: Senior Managers and Certification Regime (SM&CR) is an opportunity to establish healthy cultures and effective governance in firms by encouraging greater individual accountability with a new standard of personal conduct. However, although implementation is not as easy as A, B C, help is on hand. Read our blog from the events which incorporates your peers' thoughts from the live polling from the attendees. We also had the opportunity to hear directly from David Blunt of the FCA and Protiviti’s dedicated specialist team who have worked with many businesses like yours.
Other topical updates below focus on Operational Resilience, Conduct & Governance and Anti-Financial Crime - all areas that continue to be key areas of regulatory focus.
What We Are Reading
On 14 May 2019, the Bank of England (BoE) published a speech by Nick Strange, Bank of England (BoE) Director, Supervisory Risk Specialists, on the BoE's current operational resilience work programme. In the speech, Mr Strange states that there are two key aspects of the Bank’s operational resilience current work programme:
- Developing the supervisory approach to operational resilience in line with the discussion paper; and as part of that,
- Developing a cyber stress testing programme as part of the approach to operational resilience.
The joint regulatory fine given to Raphaels this month for failing to manage its outsourcing arrangements properly between April 2014 and December 2016 demonstrates the continual focus on both outsourcing frameworks and operational resilience. Sam Woods, Deputy Governor for Prudential Regulation and Chief Executive Officer of the PRA, said: ‘Firms’ ability to manage outsourcing of any critical activities is a vital part of maintaining their safety and soundness. Such outsourcing is an important part of a firm’s operational resilience, and particularly so in the case of Raphaels given the level of reliance on outsourcing in its business model".
On 28 May 2019, the FCA published its third "5 Conduct Questions" report in which it sets out wholesale banking industry feedback for 2018/19. The report has 3 sections. The first section provides the FCA's strategic observations after observing industry efforts over several years. The second section provides the FCA's observations, arising from supervision activity in the past year. The third section is a brief assessment of speak up culture and whistleblowing in wholesale banks. Key messages :
- Good conduct and culture are increasingly recognised as a competitive advantage.
- Framing conduct as an integral part of broad corporate goals has a positive impact.
- Non-financial misconduct needs much more attention from staff at all levels.
Although the report uses a sample of about 50 firms, the FCA states that the content is relevant for all firms in the financial sector, wholesale or otherwise. It encourages all firms to note its feedback.
The FCA confirms biggest shake-up to the overdraft market for a generation
As part its drive to address the impact of high cost credit, the FCA has confirmed that it is introducing reforms to the current overdraft market that the FCA refers to as dysfunctional. In its press release the FCA refers to the changes being ‘the biggest overhaul to the overdraft market for a generation’. These changes are intended to make overdrafts simpler, fairer, and easier to manage and will protect the consumers that use overdrafts.
The changes published in the FCA policy statement PS19/6 (https://www.fca.org.uk/publications/policy-statements/ps19-16-high-credit-review-overdrafts), include:
- stopping firms from charging higher prices for unarranged overdrafts than for arranged overdrafts;
- banning fixed fees for borrowing through an overdraft – no daily or monthly fees, or fees for having an overdraft facility
- requiring firms to price by a simple annual interest rate
- issuing new guidance to reiterate that refused payment fees should reasonably correspond to the cost of refusing payments and
- requiring firms to do more to identify customers who are showing signs of financial strain or are in financial difficulty and implement a strategy to reduce repeat use.
The new rules are expected to be in force by 6 April 2020, apart from the guidance on refused payment fees, which will take effect immediately, and the repeat use remedies which will come into force on 18 December 2019.
At the same time, in order to improve transparency and raise awareness on firms’ overdraft charges, the FCA is consulting on proposals to require firms to publish a range of overdraft prices and fees along with their quarterly service metrics. CP 19/18 was published on 7 June 2019 and the consultation period ends on 7 August 2019. https://www.fca.org.uk/publications/consultation-papers/cp19-18-overdraft-pricing-remedies-competition
The FCA supervisory findings and Dear CEO letter about principals and appointed representatives in investment management sector
The FCA emphasises firms' obligations around managing third parties and identifies significant shortcomings in principal firms' understanding of their regulatory responsibilities for their appointed representatives. Most principal firms the FCA reviewed had weak or under-developed governance arrangements in place, including a lack of effective risk frameworks, internal controls and resources. In addition, many principals did not identify conflicts of interest inherent in their business model or make attempts to manage them. The FCA has concluded there is a significant risk of harm to consumers and to the market arising from the activities of ARs operating in this sector.
Representatives of the Financial Services Compensation Scheme (FSCS), the Financial Ombudsman Service, the Insolvency Service and Scotland’s Accountant in Bankruptcy joined the FCA to discuss approaches to tackling phoenixing and how they can work together more closely by sharing data and intelligence on individuals and firms.
Phoenixing in this context involves firms and individuals deliberately seeking to avoid their liabilities to consumers or poor conduct history by closing down firms – or resigning senior positions – only to re-emerge in a different legal entity. The practice can have a significant impact on the individual consumers concerned and a knock-on effect on the wider economy.
Firms should review and assess their business againt the PRA's updated version of Supervisory Statement 21/15: Internal governance. The statement sets out its expectations in relation to how firms should comply with the rules regarding General organisational requirements, skills, knowledge and experties, compliance and internal audit, risk controls, outsourcing and record keeping. The statement includes an additional section on ‘Risk control and governance’ relating to the expectations of the Chief Risk Officer and risk committee.
The UK continues to support the wider European objective of containing cyber attacks with the introduction of the The Cyber-Attacks (Asset-Freezing) Regulations 2019 which puts into place the UK’s domestic enforcement regime for a new sanctions regime. The EU agreed to adopt new restrictive measures to deter and respond to cyber attacks. Including: the freezing of funds and economic resources of persons responsible for, or otherwise providing financial, technical or material support to cyber-attacks or attempted cyber-attacks.
UK government launched a consultation on transposing the 5th AML Directive (5AMLD) into UK law, for which the deadline is 10 January 2020. Transposition will not be affected by Brexit negotiations.
5AMLD demonstrates increased scrutiny by regulators along with greater transparency of AML and KYC. One of its major impacts is on the way cryptocurrency exchanges/or similar services conduct their AML and KYC checks. Exchange service and wallet providers will have to be registered and will have to implement necessary customer due diligence controls, monitor transactions and report any suspicious activity to the relevant national authorities. One effect of the directive is to reduce anonymity in the financial sector.
These regulations around crypto-currencies highlight the European Union’s focus shifting towards addressing the growing significance in the use of crypto-currencies and distributed ledger technology.
As organisations move to agile delivery, risk, compliance and business control teams will need to rethink their interaction models for executing credible challenge and advising the business in near real-time methods. Risk and compliance functions can use forward-looking risk metrics to understand the impact of changes and tailor their oversight programmes to align with new business needs, thereby optimising effective challenge while maintaining agility. Essential tactics for all.
Read how in our latest whitepaper Managing Risk in an Agile Organisation.