The next steps for all supervised organisations
Bernadine Reese and Stuart Campbell set out the action plan they recommend following the publication by the FCA of its priorities and programmes in its business plan for 2019/20 published on 17 April 2019 (which can be found here).
The FCA’s business plan provides an opportunity for FCA supervised organisations to review and align their own priorities and plans to ensure that supervisory priorities are considered and addressed.
The FCA’s business plan focuses on sectoral and cross-sectoral themes in support of the FCA’s key objectives of promoting good customer outcomes (reducing harm to customers) and reducing costs for consumers.
The FCA’s 2019/20 plan centres on the following two broad areas across all sectors:
Technology: Addressing the opportunities and risks that technology change brings by:
- Reducing the regulatory burden through the use of technology in regulation and using RegTech in data exchange, tackling AML and financial crimes and helping vulnerable consumers (including reducing consumer exclusion resulting from technological barriers).
- Continuing focus on the operational resilience of organisations through:
- Policy proposals on Operational Resilience (expected in Q4 2019);
- Continued work on oversight of critical third party service providers;
- Reviewing approaches to change management and its contribution to operational incidents;
- Expanding use of ethical hacking to test firms systems and cyber resilience;
- Conducting thematic work on Cyber risk management (feedback expected in Q1 2020);
- Communications with smaller firms to increase awareness of cyber-attacks.
- Examining the use of data and their impact on customers’ interests such as understanding of Data Ethics.
Conduct, culture and governance: Addressing rising consumer expectations for protection, avoidance of harm and the safe operation of markets, through:
- Encouraging organisations to have the leadership capability that creates and maintains healthy cultures:
- to take personal responsibility for consumer and market outcomes,
- to do the right thing competently and
- to speak up and to listen to others.
- The completion of the extension of the Senior Managers and Certification Regime.
- Addressing how loyal customers are treated by home and motor insurers and by banks where new customers are offered more favourable terms.
- Supporting, identifying and understanding vulnerable customers:
- who suffer disproportionally from high charges especially in overdrafts;
- caught in high-cost credit products;
- those newly able to access their defined contribution pensions susceptible to unscrupulous or ill-advised investments;
- who can arise across different generations and require different treatment depending on circumstances (as well as in digital channels).
- Overseeing compliance with:
- The Market Abuse Regulation;
- The Markets in Financial Instruments Directive II;
- The Payments Services Directive 2 and Open Banking.
- Addressing financial crime:
- Making use of the information in Annual Financial Crime Data Returns (such as the volume of SARS);
- the risks of scams;
- sectoral work on fraud;
- raising standards in professional body supervision.
- Reviewing how claims management organisations are adapting to supervision by the FCA.
- Continuing to focus on how MiFID II has been implemented and arrangements for the transition from LIBOR to new risk-free rates.
The FCA needs to deal with the uncertainty of a departure from the EU. In its 2019/20 business plan, the FCA signals (not unsurprisingly) its expectation of the need to simplifying and future proofing its rulebook and (rather intriguingly) for having an operational response that “delivers a more dynamic, agile and efficient environment for UK consumers and firms”.
Action Plan for risk leaders
Bernadine and Stuart have identified the following next steps for organisations supervised by the FCA:
- Map and assess where and in what way the FCA business plan impacts on your organisation;
- Communicate with relevant management the supervisory priorities and themes relevant to their sector and management responsibilities;
- Consider what if any change is required to organisational and functional plans and priorities especially in IT change and transformation;
- Ensure operational resilience goes beyond the technology function and is a standing item at business unit, executive management and Board level;
- Assess current cultural and leadership practices on a firm and function level to ensure they are not barriers to maintaining and developing healthy cultures (such as promoting innovation and competently doing the right thing);
- Challenge the organisation’s understanding of its customers’ needs reflecting changing demographics and differences in terms of wealth and vulnerability; and
- Encourage collaboration with the FCA on innovation and use of technology to help you comply with regulations (RegTech);
Protiviti has the individuals with the right skills and experience and the tools and methodologies to support you to take these steps.