15 May 2015
Two years after its launch, it is time to review our financial regulation
It is two years since the launch of our incumbent financial regulatory framework and the newly created FCA and PRA. The programme of activity since then has been nothing short of frenzied. For those working in governance and compliance, this milestone offers an appropriate juncture to pause and take stock, not just on what has been achieved to date, but more importantly what comes next.
One of the biggest challenges for compliance professionals is understanding and assessing regulatory priorities. The current regulatory framework was launched with an ambition to deliver, among other things, greater accountability and transparency, but fast forward two years and the challenge has become more acute, not less.
The FCA in particular has been criticised for failing to explain its policies and priorities sufficiently. In December 2014, HM Treasury stated that the regulator must do more in terms of communicating enforcement actions. In March 2015, the Treasury Select Committee criticised the FCA over its culture, including the botched media interview on plans to investigate the life insurance industry, which led to the Davis Review.
Given the speed and complexity of regulatory development, it is hardly surprising that there have been growing pains along the way. A lack of guidance regarding priorities is something that research from BDO identified in 2014. Firms across the financial services sector felt that both the FCA and PRA were not clear about their priorities and had not done enough to assist firms in dealing with the scale of regulatory demands placed on them. The result was a strong view that the new regulatory regime was actually damaging the UK’s position as a leading financial centre.
More than ever, a balancing act is needed between dealing with the here and now and looking to the longer term. With a constantly increasing level of regulatory expectation both domestically and internationally, it has been hard for compliance functions to keep pace. The reality is that the relentless flow of regulatory requirements has meant that preparing for the long term has been difficult.
Key to keeping on top of regulatory matters is ensuring that compliance professionals understand their business and the risks it presents in relation to the regulators’ objectives and to customer outcomes. Equally, professionals need to equip themselves with the necessary tools to be able to deal with future regulatory developments alongside dealing with day-to-day issues. That means horizon scanning for relevant regulatory hot topics to ensure the business is prepared for what is coming and to prioritise resourcing around specific areas of vulnerability. Furthermore, it requires the right balance of internal and external expertise and advice to equip the compliance function with the tools and resources it needs.
Looking at the longer term, the publication of the FCA 2014/15 Business Plan in March provided a useful insight into the big issues still to be resolved and where compliance professionals will need to focus. Martin Wheatley, Chief Executive of the FCA, described the report as an ‘evolutionary point’ for the regulator in terms of transparency. This might however be overstating things as much of the business plan and risk outlook is an extension of the previous plan, with a continued focus on culture and outcomes but with deeper thematic reviews and cross-market studies.
Arguably the most high profile issue will be the launch of the Senior Managers Regime (SMR) in March 2016, designed to ‘make individual responsibility in banking a reality’, following recommendations by the Parliamentary Commission on Banking Standards. The SMR will have a major impact on firms, not least allowing greater scrutiny and disciplinary action on senior staff when things go wrong.
Those focused more on PRA-related activity should expect an increased emphasis on forward-looking risks through measures such as stress testing and resolvability, i.e. contingency funding plans and recovery and resolution plans. This could include further use of supervisory reviews (SREPs and L-SREPs) and s166 reviews, including a focus on risk management frameworks with formal policies and documentation. An explicit area for scrutiny will be liquidity management, following the implementation of CRD IV liquidity rules on 1 October 2015.
Technological innovation, particularly in the banking sector, continues to be a huge challenge for the regulator and compliance professionals. The proliferation of online and mobile banking brings a need to protect and educate customers on the cyber risks associated with their use.
As with any technology system, weak links will be targeted and many customers will not have the knowledge to protect themselves without assistance. Cloud solutions, meanwhile, can bring benefits to an organisation, but can bring compliance issues, such as managing an outsourced provider, as well as the added dimension of controlling where data is physically stored.
The introduction of customer and risk data aggregation and reporting means that banks are using techniques, often inefficient, to bring together information from disparate reporting ‘silos’. This increases the pressure to develop information systems capable of meeting the increased regulatory demands.
The proliferation of new alternative models, like peer-to-peer finance and crowdfunding, is set to continue and it is clear there is unfinished business in terms of developing appropriate levels of regulation to protect consumers while enabling the industry to grow. There will be considerable pressure from politicians to deliver a regulatory framework that fosters genuine competition and sustainability with a strong onus on more challenger banks. Likewise, there is pressure on compliance functions within challenger banks and a need to ensure structures and a methodology are in place which align with the FCA and PRA’s regimes and good practice – prior to and post authorisation. As new entrants to the market, challenger banks and alternative finance platforms can also be more susceptible to fraud and cyber attacks. Therefore compliance professionals face an increased level of pressure to implement robust anti-money laundering and Know Your Client processes, and IT systems that assist with preventing financial crime.
One could argue there is a danger that challengers and alternative finance providers, in trying to loosen the hold of the big four banks, might inadvertently drive a culture of mis-selling by encouraging the sale of unsuitable products to drive profitability, and increase their market share. Compliance professionals at these firms need to think about putting controls in place to mitigate these risks.
An obvious question is whether we will see a marked change in how much money financial services firms are spending on compliance. After the Libor scandal, one might have assumed that the threat of fines and public scrutiny would have made compliance functions in banks look closer at defining and mitigating their conduct risk at ground level. However, recent foreign exchange rigging fines indicate that investment in identifying and mitigating such risk is not high enough. For example, despite conduct risk being high on the FCA’s agenda, a recent Thomson Reuters report found that 84% of respondents did not yet have a working, firm-specific definition of their conduct risk.
There is further argument that compliance functions at banks and financial services firms are underinvesting in effective risk management systems. Between 2010 and 2015, JP Morgan, Blackrock, Transact, Barclays and most recently BNY Mellon have all been fined for client money (CASS) failures.
This is surprising considering the regulator’s continued rhetoric since the insolvency of Lehman Brothers in 2008, which has urged firms to put systems in place that adequately record and protect safe custody assets. The FSA also wrote to compliance officers in March 2009 and chief executives in January 2010 about its concerns regarding the management of client assets and asked firms to confirm that they were fully compliant with the rules.
Although firms are heavily investing in compliance in monetary terms, they are not investing enough time and expert resource to identify and mitigate the conduct risk specific to their firms, and in implementing effective risk management frameworks.
Fiona Raistrick is Financial Services Partner at BDO