Early plans for the phasing-out of Libor, plans to make banks more resilient in the face of 'third-party risk,' the use of commercial IT to combat money laundering, the inevitable Brexit issue, follow-ons from the Asset Management Market Study...all these and more feature in the Financial Conduct Authority's business plan for 2019/20.

According to the FCA, 2019/20 will be marked by changes – technological innovation that changes the way in which firms do business; changes in the needs and weaknesses of consumers; the UK's forthcoming departure from the EU and the regulatory landscape of its future; and changes in public expectations. This year’s Business Plan looks forward to these changes and many others and sets out the implications for the FCA’s priorities and activities.

The regulator will clearly have to make some difficult choices, as its remit is growing and the considerable demands of Britain's withdrawal from the EU are taking their toll on its finite resources. The themes are not new and should come as no surprise.

Suggestions for firms

• Make early progress towards your plans to stop using the London Inter-bank Offered Rate (LIBOR), the deadline being 2021.
• Be sure to consider 'resilience' and act upon your conclusions, particularly as regards change management and third-party risk management.
• Price all your products fairly, taking account of the FCA’s willingness to intervene to change prices that existing customers have to pay.
• Consider the risks that you might run when using new technology, both in the way in which you do business and in the way in which you deal with customers.
• Use technology and data to improve the effectiveness of your financial crime controls.

Overarching priorities

It is understandable, in view of the complexities and uncertainties surrounding Brexit, that this will be the most immediate challenge for the FCA over the coming year. However, it is reassuring that the FCA remains focused on its continuing cross-sectoral priorities (culture and governance, operational resilience, financial crime and the fair treatment of existing customers) and strategic challenges (including innovation, data and data ethics, and - a new subject for 2019/20 - demographic change).

The FCA’s other new strategic challenge for 2019/20 is the future of regulation, which is appropriate because the UK's independence is bound to cause changes. Key priorities for the FCA include its proposal to impose duty of care on certain people, its work in tandem with HM Treasury to determine the future of the UK's financial services law, its study of the cost of regulation (including ways in which IT can improve the FCA's rulebook) and various issues to do with the perimeter of regulation. Firms should be ready to talk to it.

Although the FCA is working jointly with the Prudential Regulation Authority (PRA) and Bank of England in a new Climate Financial Risk Forum, climate change is not a specific FCA priority for 2019/20. However, with the PRA having set out its expectations regarding the management of the financial risks that spring from climate change in a supervisory statement for banks and insurers, we could well see climate change become a priority for the FCA in 2020/21.

Banking and capital markets

The wholesale sector will concentrate mainly on the UK's independence from the EU over the coming year. The FCA will continue to work against market abuse and will emphasise the importance of firms ceasing to use LIBOR. The protection of consumers of all kinds from sharp practice remains one of its key priorities and it aims to support consumers who want to (or ought to) switch their mortgages. It wants to ensure that payment services are accessible, safe and reliable.

Wealth and asset management

Following on from its Asset Management Market Study (AMMS), the FCA’s wants to ensure that asset managers are providing consumers with access to a range of products that are of good value. It will do more in the upcoming year to improve 'stewardship' in capital markets. In the retail investment sector it is still worried about the suitability of advice that people receive, particularly when they are thinking of transferring from defined-benefit pensions to defined contributions and when they are thinking of taking on highly risky investments. The FCA has sent a number of ‘Dear CEO’ letters to firms that provide contracts for differences – a sure indication of its serious concern in this area.

Insurance and pensions

In line with recent findings published by the FCA, its main priority in the insurance and pensions sector is to protect consumers from sharp practice (or the consequences of their own inexperience) by imposing fair pricing strategies on firms and forcing them to deal in products that give customers value-for-money. Above all, it wants to understand pricing practices, the distribution network and consumers' access to products.

In conclusion, one of the overarching messages in the FCA Business Plan 2019/20 is that the status quo will not be an option for either firms or regulators. However, as the Business Plan says, change brings both risks and opportunities. Just as the FCA is changing, firms have their own opportunities to forge ahead of one another by conforming to the FCA's 'conduct' policy. Firms that can help the FCA to change things for the better, rather than follow the leader, are likely to be able to stand out from the crowd.

Brexit

In the event of a 'no-deal Brexit,' the FCA would, overnight, have to start supervising trade and securitisation repositories and credit-rating agencies. Alongside this, the various "temporary permissions regimes" would begin for firms registered in the European Economic Area (EEA) that operate in the UK. The Business Plan dwells on wholesale financial markets and general insurance, which need particular attention because of the scale and nature of their cross-border business. At the same time, the FCA would have to advise its owner, HM Treasury, about whether this-or-that foreign jurisdiction ought to be held to be 'equivalent' to the UK for various purposes. Beyond these immediate concerns, it is taking a long-term look at the UK’s post-Brexit regulatory landscape. It will try to keep up its world-leading regulatory standards while staying on the lookout for new trading opportunities. Brexit-related costs for the FCA for this year are budgeted at £21.9 million, slightly down from last year’s £30 million.

Firms' culture and governance (1)

The FCA is very interested in making firms assess their own cultures. In doing so, it wants them to look at the purposes that they serve, the ways in which their leaders operate, their management talent, remuneration and incentives.The phenomenon of 'purpose' is one of its key themes and it proposes to go on exploring the causal link between healthy cultures and business models and the effects that these things have on consumers, markets and firms. We already know that the FCA expects every firm to concentrate on good results for customers and to embed an obsession with this in its culture and the way it makes decisions.

The FCA has warned firms that if they fail to take stock of its priorities, it might decide that they have failed culturally.

What this means for your firm

Your firm should ask itself the question: "are our strategies and business models designed to make results better for customers rather than simply commercial interests?" It should consider how to work out whether its culture is healthy or not – and how to demonstrate the results to the regulator.

It should also balance the incentives that it offers to various people in order to make them behave well.

Firms' culture and governance (2)

The Senior Managers and Certification Regime (SM&CR) will apply to all firms regulated solely by the FCA in December. By this means, the FCA will make people at firms more accountable and aware of issues to do with 'conduct.'

The FCA is also setting up a public directory which will contain information about individuals in important jobs who are not included on the SM&CR register. Firms will be responsible for the timely and accurate reporting of information to the FCA that is destined for the directory.

What this means for your firm

Firms regulated solely by the FCA will have to set things up in such a way that they can show the regulator that they can control allocated accountabilities effectively. This entails the 'mapping' (outlining) of responsibilities, the allocation of prescribed responsibilities and handover procedures and the evolution of training methods to help their staff conduct themselves well in such a way that people can assess at least annually.

At every firm, the senior manager who is responsible for certifying staff will be responsible for maintaining "directory records," whatever that phrase means.

Firms' culture and governance (3)

The FCA is resolved to oversee firms’ remuneration practices more and more onerously. It expects firms to ensure that their incentive schemes do not cause people to behave in such a way that harms consumers or markets.

What this means for your firm

Your reward structures ought not to concentrate solely on short-term or financial performance.

Performance management (the activity and set of processes that aim to maintain and improve employees' performance in line with their organisation's objectives) should concentrate on customers, promote good results for them and be easy for them to understand.

Operational resilience (1)

On the basis of reported incidents and outages, it has identified "change management and third-party risk management" (see below) as the two main risks to the resilience of the financial services sector.

Over the past year, poor 'change management' (when managers make changes to an organisation's goals, processes or technology) has been the largest cause of operational disruption in finance. The FCA is likely to set increasingly demanding standards in respect of "change control environments," whatever it means by that term.

Operational resilience (2)

The regulator will go on assessing the ways in which firms offset the risks that third-parties (suppliers/contractors) pose to their compliance, looking at they use data and the Cloud and the ways in which they test things. Despite the long-running FCA preoccupation with "third-party risk management," for which it published specific guidelines in 2014 and 2016, this area remains a source of disruption in the industry.

A 'resilient' financial system, according to the FCA, is one that can absorb shocks rather than contribute to them. The regulator holds a firm to be 'resilient' if it can adapt and recover when things go wrong.

What this means for your firm

Your firm should find out who its crucial suppliers are and should never cease to make sure that they are 'resilient.'

In doing so, it ought to ensure that all the data that it keeps about third parties' performance allows the reader to assess all the risks that those parties pose to its resilience.

Operational resilience (3)

The FCA, the PRA and the Bank of England will club together to publish a consultative paper later this year that will outline the things they expect of firms’ senior managers as they try to govern and oversee the things that make companies resilient.

What this means for your firm

Your firm should allocate various responsibilities to people and list the skills that it requires, aligning them to Senior Manager Functions. People cannot oversee various practices that promote resilience if their firms do not set out clear reporting lines.

Operational resilience (4)

Last July’s Operational Resilience Discussion Paper was the first paper that the FCA, the Bank of England and the PRA published together. This clearly signals the intent of the regulators to co-ordinate their efforts to improve the resilience of the financial sector. European regulators are taking a similarly co-ordinated approach.

What this means for your firm

Your firm should probably use "enhanced (CBEST-style) penetration testing" to test their cyber-resilience.

Fraud, scams and money laundering

The FCA intends to explore the possibility of using IT and data to test things better. It will expect firms to monitor the effectiveness of their own systems and explore the ways in which regulatory technology (RegTech) can tackle financial crime, including money laundering.

Consequently, it is thought that firms should prepare for more technology-driven effectiveness testing by the FCA. They should be aware of the things that their own systems can do and provide the FCA with quick access to their systems and their data.

The FCA is collaborating more and more with other governmental agencies to help it take an intelligence-led approach to supervising firms. Its interest in collaborating in this way should signal to the industry that it expects firms to share information in better ways and to co-operate on initiatives of their own to combat financial crime.

Consequently, professional regulatory advisors are telling their customers that each firm should try to make its own people collaborate with each other more closely. It should also collaborate more closely with other firms by sharing data and intelligence and promoting 'best practice' in other countries.

Market abuse and fraud are prominent on the FCA’s agenda. Consequently, in our view, firms to think of bringing insider dealing, market manipulation, fraud and tax evasion under the aegis of their financial crime controls.

This could include merging risk assessments and understanding the governance and controls in place to offset emerging risks.

The FCA wants to take a more data-driven approach to supervision and will rely more and more on the data to be found in the annual Financial Crime Data Returns that firms have to send it.

Consequently, many consultants believe that firms should try to improve the quality of their data – especially the data that goes into their returns.

The fair treatment of existing customers

The FCA is still investigating the fairness of firms’ pricing practices and is worried about competition not working effectively for consumers in a range of markets. With this in mind, it is looking for ways to improve results for customers, concentrating especially on existing customers. It is thinking of dictating prices to a number of firms.

The result of the General Insurance Pricing Practices Market Study and the Fair Pricing Discussion Paper are scheduled for later in the year.

What this means for your firm

Firms, according to consultancies various, ought to go beyond simple compliance with the rules. The FCA will keep on looking at their pricing strategies, governance, policies, systems and use of data. Every firm should make a "fair pricing appetite statement" and should review the insights that it gains from complaints.

Innovation and data

The FCA has said that vulnerable customers, who are abundant in the HNW world, suffer disproportionately from firm’s business models. It wants to find out how IT might support these customers. Numerous FinTech products have emerged that can push vulnerable customers towards better results. These range from customer-facing budgeting and personal finance management programmes to internal software that helps financial institutions to interrogate their own data to understand people's weaknesses.

Each firm, in the view of many consultants, ought to find out which technological propositions can support processes that aid vulnerable customers. It should consider whether it is set up to work with FinTech firms, perhaps in procurement and compliance. It should then come up with some strategies for developing IT, for example by forming partnerships and weighing up the 'build or buy' dilemma.

An expert sums up

Simon Turner, a partner at the accountancy firm of EY, told Compliance Matters: “The FCA has made it clear that they will not allow Brexit uncertainty to deter them from their main priorities in 2019/20. It has set out key factors that will shape regulation in the post-Brexit world. These include the role of purpose in culture, inter-generational shifts, and the use of technology and data. The FCA’s challenge is how it will be able to implement such a wide and diverse range of topics.

"The most eye-catching new announcement was that the FCA will publish a perimeter statement alongside its annual report. Operational resilience and Brexit continue to be leading issues the FCA is focusing on.

“It has budgeted £22 million on Brexit related costs for the year ahead, compared to a budget of £30 million 12 months ago, and £2.5 million in 2017. This cost reflects the extra resources needed to deal with increased engagement with international bodies and increased demand for authorisations.

“On operational resilience, the regulator has pledged to make clearer its expectations regarding the use of third parties such as cloud providers. Recent outages and an on-going TSC inquiry into banking IT failures mean this issue is already a high board priority throughout the financial sector.

“The FCA has also demonstrated its leading role in technology regulation, with further guidance to be released around Open Finance, data ethics and RegTech to ensure that changes work in the best interests of consumers.”