FCA’s Business Plan sets out regulatory priorities for 2017-18

The FCA have published in April their Business Plan for 2017-18 (the Plan) setting out how they will use their resources to meet the evolving challenges, and the Plan identifies seven priorities for short and medium terms.

The Plan explains how FCA are developing a sustainable approach to regulation and managing priority risks. It also incorporates FCA’s assessment of the Risk Outlook, which highlights the context within which they operate and the risks in the market as they see.

As a result of the FCA’s assessment detailed in the Risk Outlook, they have identified seven cross-sector priority themes as part of the Plan. These form the primary focus of the FCA’s discretionary work over the medium term and therefore remain broadly the same as the key priorities set out by them last year.

• Firms’ culture and governance
• Financial crime and Anti-Money Laundering
• Promoting competition and innovation
• Technological change and resilience
• Treatment of existing customers
• Consumer vulnerability and access

These priorities form a significant part of the regulatory work done by the FCA and are used to drive FCA’s decisions about the thematic projects and market studies besides helping in determining the areas the FCA will pay particular attention to in conducting their core supervisory activities.

The Plan shows that the theme of ‘culture and governance’ is at the very top of the regulatory agenda for firms across the entire financial services spectrum. It contains a clear message that the FCA would like to see firms managed in a way that promotes appropriate culture and behaviours. This regulatory focus requires firms’ governance and culture to contribute to delivering good outcomes for customers and market integrity, and to promote effective competition in the interest of consumers.

In this context, the FCA expect firms to have effective governance arrangements in place to identify the risks they run in their business models and operations, and a strategy to manage and mitigate these risks to deliver fair outcomes to customers, clients and market integrity. The FCA expect that “firms’ senior managers have a crucial role in demonstrating that they are accountable and responsible for their part in delivering effective governance, including taking responsibility and being accountable for the decisions they make and exercising rigorous oversight of the business areas they lead”.

This year’s Business Plan also identifies areas of regulatory focus within specific sectors such as wholesale financial markets, retail banking, retail lending, investment management, pensions and retirement income, retail investments and general insurance and protection.

All regulated firms are required to assess specific risks to their businesses and should carefully review the FCA’s expectations and the outcomes they seek within each areas of regulatory priority set out in the Plan, further details of which can be found at:

https://www.fca.org.uk/publication/business-plans/business-plan-2017-18.pdf

FCA’s Mission 2017 focuses on consumer harm

The FCA have published their new Mission paper in April 2017 after a series of consultation with the relevant stake-holders. The Mission 2017 sets out the FCA’s decision-making framework, the reasoning behind their supervisory work and the way they select and design the tools to carry out their regulatory oversight of firms.
The paper sets out that “The decision-making framework begins with the FCA clearly defining the issue involved and how it may harm users of the relevant financial service”. Through on-going supervision and intelligence gathering, they identify instances where financial services markets or firms are harming users or have the potential to do so including where they are working poorly and not providing sufficient benefit to users. They have grouped ‘harm’ in financial services into five high-level categories linked to their three statutory objectives, as below.

Type of harm Regulatory Objective
1. Confidence and participation threatened by unacceptable conduct such as market abuse, unreliable performance or by disorderly failure Market integrity, Consumer protection and Effective competition
2. Buying unsuitable or mis-sold products; customer service/treatment Consumer protection and Effective competition Consumer protection and Effective competition
3. Important consumer needs are not met because of gaps in the existing range of products, consumer exclusion, lack of market resilience Consumer protection and Effective competition
4. Prices too high or quality too low Effective competition
5. Risk of significant harmful side-effects on wider markets, the UK economy and wider society, eg crime/terrorism Market integrity

Explaining the regulatory process of information gathering, the paper says “the FCA gather information from a range of activities to identify potential harm. These include day- to-day supervisory contact with firms, calls from consumers to the firm contact centre, analysing intelligence from whistle-blowers and analysing complaints data”.

They have clarified that, as a supervisory authority, the FCA are not only responsible for setting principles and rules but to act when things go wrong with the aim of:

• Maximising the degree and extent to which firms and market participants comply with FCA rules, so the harm those rules are designed to mitigate occurs less frequently
• Anticipating potential problems in individual firms and markets by monitoring activity in financial markets, and
• Intervening to prevent them from occurring

FCA’s new guidance on ‘Conduct Risk’ for all firms

The FCA have published regulatory guidance in April 2017 to set out regulatory expectation in relation to ‘conduct risk’ and help firms to implement effective conduct risk programmes within their businesses. The FCA have advised that firms should tailor their conduct risk programmes based on the following:

• Size (of operations)
• business model
• geographic reach

While the FCA do not provide a right or wrong answer for any specific conduct plan, the guidelines issued by them provide examples of the features within a firm’s conduct risk management programmed that would be regarded as effective:

• Highly visible CEO sponsorship together with engagement and challenge by the Board
• Senior executives taking leading roles in programme design
• Programmes that cover both front office, control and operational functions
• Detailed roll-out plans with clearly defined short-term and long-term goals
• Clear ownership and responsibility for programme implementation by senior executives, sometimes supported by conduct specialists within the organisation
• Programmes integrated within strategic or operational risk management frameworks
• Use of a standardised conduct risk self-assessment process across the firm
• A firm-wide taxonomy for conduct risk types, enabling consistent data capture and risk reporting
• A forum to compare conduct risk across business lines and functions
• Regular discussion at Board level of conduct, culture and programme implementation
• Active engagement in the programme by internal audit, including monitoring the programme’s early stage effectiveness
• Training, promotion, performance management and remuneration all linked to conduct and culture objectives
• Long-term conduct risk initiatives becoming fully embedded in business as usual
• For international firms, adoption or at least support of the UK programmes from the head office

They have also said that the programmes with the following features are unlikely to generate the desired results, suggesting that such plans would be regarded as inadequate and ineffective by the FCA:

• One-off or stand-alone projects with a short timeframe
• Compliance or the COOs being the primary driver of the programme
• Top-down mapping of desired conduct outcomes to business-level risks that were not balanced by similar bottom-up efforts by business units to identify where conduct risks could arise
• Disjointed or uncoordinated efforts by different business units
• Significant business units, control or operational functions being excluded
• Not examining if conduct risk arising in one area could arise in another
• Programme focus being limited to front office senior personnel, with limited or no involvement from middle and back office, risk, control and other support functions

[Firms requiring any assistance in developing an appropriately tailored ‘Conduct Risk’ framework are welcome to get in touch with us by emailing to: ragarwal@lightfoots.co.uk or inorman@lightfoots.co.uk ]

Guidance for fair treatment of mortgage customers in a payment shortfall

The FCA issued finalised guidance FG 17/4 in April 2017 to confirm their proposals initially set out in GC 16/6 in relation to the practice followed by some mortgage lenders who automatically include customers’ payment shortfall balances within their contractual monthly instalment (CMI), following a calculation trigger, such as an interest rate change. The FCA’s concerns arose from the fact that these firms were treating the payment shortfalls as still outstanding which they continued to pursue with the customers separately through their collections processes. The FCA called this practice as ‘automatic capitalisation’ and therefore in breach of the applicable MCOB rules and accordingly asked firms to stop this practice and remediate any affected customers appropriately.

This guidance sets out a possible framework firms can use when providing customer remediation. The FCA do not require firms to adopt this particular approach and it is for firms to determine their own approach to give fair outcomes for customers.
The framework helps firms to identify a range of affected customers through a set of filters. It indicates potential resolutions, and suggests how to calculate appropriate compensation.

The FCA have suggested two alternative remediation method viz. ‘reconstitution’ and ‘extinguishing arrears’. For both open and closed mortgage accounts with an additional payment greater than £10, a ‘reconstitution’ of the mortgage account, to put the mortgage account back in the position it would have been in if payment shortfall balances had not been automatically capitalised.

The other possible approach would be for a firm to reset the payment shortfall balance to zero – extinguishing the payment shortfall – from the point of the CMI calculation (including payment shortfall balances). This is the process for a formal capitalisation where firms consider the customer’s individual circumstances and agree to treat the payment shortfall as if it was part of the original mortgage balance with customer’s consent.

The FCA considered suggesting that firms should look at mortgage accounts both ways to see which produced the best outcome for the customer. They have recognised that there could be some customers who would obtain compensation under the ‘extinguishing’ approach not available under the ‘reconstituted’ approach. However, their case analysis found that the extinguishing arrears approach might be appropriate in a relatively small number of cases, mainly because most customers affected fell back into payment shortfall very quickly – suggesting that they could not afford to keep paying the higher CMI.

For the above reason and following consideration of consultation feedback received, the FCA’s recommended framework proposes that the ‘reconstitution’ approach can be followed in all cases with CMI increases above the suggested £10 threshold.

OFSI gets new powers to impose penalties on firms for breaches of Financial Sanctions Regime

The Treasury’s Office of Financial Sanctions Implementation (OFSI), created on 31 March 2016, is the UK’s Competent Authority for implementing financial sanctions. It works with a wide range of individuals, businesses and not-for-profit organisations who could be impacted by financial sanctions to: raise awareness of financial sanctions, improve compliance, and detect and address breaches.

From 3 April 2017, OFSI has acquired new powers to impose penalties for financial sanctions breaches. These can be, for a material breach, up to £1 million or 50% of the breach, whichever is higher.

This new power is one of a series of measures in the Policing and Crime Act which will strengthen the government’s response to financial sanctions breaches. The penalty powers apply to offences committed after 1 April 2017. In 2016, just over one hundred suspected breaches were reported to OFSI, 95 of which were actual breaches, totaling around £75 million.

Monetary penalties are a new way of responding to offences. The UK currently imposes financial sanctions in 27 sanctions regimes and live, updated consolidated list of these sanctions will continue to be available on the HMT/OFSI website. Breaching sanctions is a criminal offence and the most serious cases could shortly incur prison sentences of up to seven years.

PRA’s advice for contingency Brexit planning

Sam Woods, the CEO of the Prudential Regulation Authority (PRA), has written a Dear CEO letter in April 2017 to banks and other PRA regulated firms with cross-border activities between the UK and the rest of the EU to undertake appropriate contingency planning for the UK’s withdrawal from the EU, in light of the UK Government’s decision to trigger Article 50.
The UK Government has made clear that it is aiming for a comprehensive new trade relationship with the EU, coupled with an implementation period. But given that a wide range of outcomes is possible at this early stage, the regulators expect firms to plan for a variety of potential scenarios.

Explaining the main purpose of the letter, Mr Woods said that “The PRA would like to ensure that all firms are making, and stand ready to execute in good time should the need arise, contingency plans for the full range of possible scenarios such that the safety and soundness of their UK operation is assured and the risk of any adverse financial stability impacts on the UK economy is mitigated”.

According to Mr Woods, many firms are well advanced in their planning and have engaged closely with the PRA as part of that process. However, PRA have observed that the level of planning is uneven across firms and plans may not be sufficiently tested against the most adverse potential outcomes – for example, if there is no trade agreement in place when the UK exits from the EU, and the UK and EU do not reach agreement on issues such as implementation periods, mutual recognition of standards, and co-operation in financial regulation or supervision.

Depending on the outcome negotiated by the UK government, Mr Woods stated that “the new legal framework may result in a statutory and regulatory regime with a large number of firms – currently either physically based in the UK or providing services within the single market via passporting arrangements – coming directly under PRA authorisation and supervision”.

In particular, the PRA have advised that “firms currently relying on passporting arrangements to undertake business in the UK should take into account the need to apply for authorisation from the PRA, which may be required in order to continue operating either as an incoming branch or as a subsidiary after the UK’s withdrawal from the EU. As part of this, firms should develop contingency plans for authorisation, including possible structural changes such as setting up a subsidiary”.