FCA Enforcement Risk: The Year Ahead
The FCA’s Business Plan for 2020/21 comes at a time of great uncertainty in the financial markets. The FCA’s primary focus will be on mitigating the impact of COVID-19 on the markets and protecting consumers in this regard, so much so that the FCA confirms it will only focus on other regulatory areas where it will not dilute its focus on the impact of COVID-19.
However, notwithstanding the FCA’s starting position, firms should not assume that the FCA will be adopting a light touch approach to regulatory enforcement. The Business Plan sets out a road map for the FCA’s strategic objectives and areas of focus in the year ahead, and provides an insight for firms as to likely areas of enforcement risk.
We have analysed the Business Plan and set out a summary of the key regulatory areas and actions on which firms should concentrate.
Financial crime and money laundering
Combatting financial crime is often high on the FCA’s agenda and this year is no exception. Following commitments made in the UK’s 2019 National Economic Crime Plan, the FCA will implement changes to reduce financial crime, including making greater use of data to identify firms or areas that are potentially vulnerable. The FCA expressly confirms that it will continue to take enforcement action in this area, particularly where there is a high risk of money laundering, whilst seeking to further strengthen its rules to prevent money laundering. The FCA will also consult on extending the Financial Crime Data Return to more firms to help strengthen its risk-based supervision as part of its wider anti-money laundering (AML) strategy.
It is imperative that firms ensure they have effective systems and controls to detect, disrupt and reduce the risk of financial crime. To mitigate the risks of any enforcement action, firms must equally be able to point to documentary evidence and records to show that this is the case.
Cryptoassets will also be subject to greater regulatory scrutiny, with the FCA implementing a new registration and supervision regime for cryptoasset activities. This mirrors the position of the FCA set out in a recent speech in which it was recognised that the “risk of money laundering using cryptoassets is serious and real…to ensure the policies on paper match up to the procedures in practice, we intend to actively supervise firms in this space.”1
Whilst the FCA’s crypotasset AML regime is still in its infancy, it is guided by the approach taken by other international regulators to cryptoasset regulation, in particular the U.S., for example: (i) the Securities and Exchange Commission’s guidance on the Ethereum Decentralised Autonomous Organisation (DAO), published in 2017;2 (ii) the Commodity Futures Trading Commission's 2018 guidance on cryptoasset derivatives;3 and (iii) the Financial Crimes Enforcement Network's 2019 guidance on custodial and non-custodial cryptoasset business models.4 The FCA noted that “these documents are not just useful for the market, we also find that they help inform our regulatory thinking in this fast-moving space.”5
The FCA will continue to prioritise effective governance in the investment management industry and expects that firms will implement the Senior Managers and Certification regime (SMCR) to help deliver this outcome.
This is reflected in two ‘Dear CEO’ letters for asset managers and alternative investment firms which were published by the FCA on 20 January 2020. In these letters the FCA commented that standards of governance had been falling below their expectations. The FCA then set out what it considered to be the key risk areas for consumer/market harm in the asset management industry, along with its supervision strategy for addressing those risks, including for example:
1. Asset managers
a) Governance – The FCA will evaluate the effectiveness of firms’ governance in the first half of 2020, with a particular focus on steps taken to improve governance in line with the SMCR.
b) Operational resilience – Firms are expected to manage their technology and cyber risk appropriately, with adequate oversight of third party firms and intra-group service providers. Firms are expected to notify the FCA if they suffer material technological failures or cyber-attacks, and the FCA expects to undertake further proactive work in this area in the coming months.
2. Alternative investment firms
a) Financial crime – The FCA intends to review firms’ systems and controls to mitigate the risk of financial crime. The FCA in particular stressed the importance of conducting due diligence on third parties and Know Your Customer checks.
b) Market abuse – Market abuse controls must be sufficiently comprehensive and tailored to their individual business models (the FCA having noted that there was significant scope for improvement across the sector). In the coming year, the FCA may conduct further visits to firms and continue to issue firms with questionnaires to assess the adequacy of their market abuse controls. Enforcement action will be considered where firms fail to comply with the Market Abuse Regulation.
Firms would be well advised to focus on the areas of concern highlighted by the FCA, which are likely to be the subject of enhanced FCA scrutiny over the coming year, to ensure that their governance and systems and controls in those areas are operating effectively.
The FCA will also continue to assess asset managers’ exposure to LIBOR risk. Firms should ensure that they have strategies and plans in place to manage the risks, including conduct risks, as the FCA will be monitoring how firms implement these plans.
Culture and accountability
The FCA recognises that a firm’s culture shapes the outcomes for consumers and markets. The FCA will continue to focus on the four key culture drivers in firms, namely (i) purpose, (ii) leadership, (iii) approach to rewarding and managing people, and (iv) governance, and their effectiveness in reducing the potential harm from firms’ business models and strategies.
It is essential that firms ensure that issues of culture and conduct are being taken into account at the highest levels of management, and that decision making which evidences the consideration of such issues is clearly documented.
Individual accountability remains a key focus for the FCA, with the FCA reiterating that all solo-regulated firms (i.e. those firms which are only governed by the FCA) are expected to comply with the SMCR, notwithstanding certain relaxations to the rules in light of COVID-19.6
Wholesale financial markets
The FCA intends to achieve a number of outcomes in wholesale financial markets, including:
1. Markets meeting users’ needs – The FCA plans to enhance governance and accountability through the SMCR to improve market effectiveness. In addition, the FCA has undertaken a review of remuneration practices in the wholesale broker sector. The FCA expects to introduce a more risk-sensitive prudential regime for investment firms in 2021, and it remains to be seen how onerous the new requirements will be.
2. Data use and access – The FCA published a Call for Input (CFI) on 9 March 2020 to better understand how wholesale financial participants are accessing and using market data and advanced analytics. The closing date for responses to the CFI has been extended to 1 October 2020, following which the FCA will issue a feedback statement setting out its findings.
3. Orderly transition from LIBOR – In light of the prospective retirement of LIBOR at the end of 2021, the FCA is supporting the transition to alternative risk-free rates.
Following on from the Final Notice issued to R. Raphael & Sons Plc in May 2019 for regulatory failings in relation to its outsourcing arrangements, for which the company was fined £775,100 by the FCA and £1.1 million by the PRA (both post-settlement), the FCA plans to set new requirements that strengthen operational resilience. The FCA has made it clear that it expects firms to take ownership of their operational resilience, and to prioritise plans and investments based on their public interest impact.7 Firms should therefore consider how disruption to their business services could cause harm to market integrity and their customers, and it is essential that firms have effective contingency plans in place to deal with major events.
Use of technology
The FCA is committed to making faster and more effective decisions, using its regulatory tools with greater “pace and decisiveness.” To this end, the FCA proposes to make more effective use of the information and intelligence it receives, in part by exploring the use of artificial intelligence (and machine learning more specifically) and by investing in new technologies.
Firms can expect earlier interventions from the FCA where regulatory or compliance failures have been suspected or red flags raised. As such, firms themselves will need to become more responsive to issues when raised, ensuring that remedial actions are undertaken and communicated to the FCA in a timely manner.
In the short term at least, the FCA will (rightly) be dedicating its resources to combatting the myriad of issues that are and inevitably will be caused by COVID-19. However, firms should not interpret this to mean that less attention can be paid to regulatory matters and in particular those which might lead to consumer harm. Indeed, the FCA comments: “There may be some who see these times as an opportunity for poor behaviour – including market abuse, capitalising on investors’ concerns or reneging on commitments to consumers. Where we find poor practice, we will clamp down with all relevant force.”
The FCA’s expectations for firms to adhere to best practice and have effective systems and controls to mitigate the risk of consumer harm remain high. Firms can expect continued scrutiny in respect of the regulatory areas set out above and where failings are found, enforcement action may be likely to follow.
It would therefore be prudent for firms to assess how well they are performing in each of these areas. For example, firms should be asking themselves:
1. Is the firm able to quickly and effectively identify and prevent financial crime?
2. What steps are senior management taking to instill a good culture within the firm and how is their approach perceived?
3. How effective are the firm’s contingency plans to ensure operational resilience?
And perhaps most importantly in the current environment:
4. Is the firm able to meet its regulatory obligations notwithstanding the operational restrictions that COVID-19 might be having on it?
If firms can show that they have considered these types of issues and sought to remedy any weaknesses, this will place them in far better stead to avoid possible FCA enforcement action in the future.
1) Speech by Therese Chambers, Director of Retail and Regulatory Investigations at the FCA, titled Unstable coins: cryptoassets, financial regulation and preventing financial crime in the emerging market for digital assets, dated 5 March 2020.
2) Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: the DAO, dated 25 July 2017, release no. 81207.
3) CFTC Staff Issues Advisory for Virtual Currency Products, dated 21 May 2018, release no. 7731-18.
4) Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies, dated 9 May 2019.
5) Speech by Therese Chambers, Director of Retail and Regulatory Investigations at the FCA, titled Unstable coins: cryptoassets, financial regulation and preventing financial crime in the emerging market for digital assets, dated 5 March 2020.
6) FCA Statement titled Senior Managers and Certification Regime (SM&CR) and coronavirus (Covid-19): our expectations of solo-regulated firms, dated 3 April 2020.
7) See the FCA’s Consultation Paper (CP19/32), published jointly with the Prudential Regulation Authority and the Bank of England, titled Building operational resilience: impact tolerances for important business services and feedback to DP18/04, dated December 2019. The consultation period is open until 1 October 2020.