Life Beyond Brexit – Key Aspects from the FCA’s Business Plan

Right in time for the long Easter weekend, the UK’s Financial Conduct Authority (FCA) last week issued its annual business plan for 2019/2020. On 56 pages it sets out the regulator’s main areas of focus, outlines priorities and describes how the FCA intends to tackle the issues it has identified. From supervisory priorities to market studies and the policy work it undertakes, it gives everyone with a stake in the UK’s financial industry an idea of what to expect from the FCA. Apart from the unexpected, of course.

Each year around Easter, the UK’s financial watchdog, the FCA, publishes its annual business plan. It is the document that describes its key priorities for the coming year. It is based on on-going work at the FCA and the analysis of what will be dominating subjects in financial services from a regulatory perspective. It focuses on short term objectives and long term strategies. As the uncertainty around Brexit continues, the preparations for an EU withdrawal have taken up significant time at the organization and since it “is the most significant change affecting financial services markets”, the business plan leaves no doubt that it will be the FCA’s most important and immediate priority. But life has to go on beyond Brexit and the business plan provides important guidance. After all, good compliance work means being prepared for the things to come as opposed to a reactive approach. Forwarded means forearmed.

Thus, the document sets out the priorities according to the seven sectors the FCA identified as well as eight cross-sector priorities where its work will impact on multiple sectors. And unless you are entirely interested in the specifics of your sector, this is where it gets interesting as it looks at the future of finance and regulation.

There are immensely important aspects to be found in this document concerning compliance with the Market Abuse Regulation, the continuing work on the most important EU regulation of recent times, i.e. MiFID II, or the extension of the FCA’s Senior Managers and Certification Regime to all firms. But if you get excited about innovation and the transformation of the financial industry like we do, you will look for insights on the development of RegTech or the prospect of regulation of cryptoasset. And you will not be disappointed by the Business Plan. So, let’s highlight the key elements in terms of innovation and disruption:

Further strengthening of international collaboration with other regulatory bodies

To start with – and we don’t get tired of stressing the importance of international collaboration when it comes to tackling the modern challenges of financial regulation – the report rightly praises the prominent role the FCA has played a in shaping financial regulation internationally. While Brexit signals a concerning trend towards (political) fragmentation, the FCA’s thankfully vows to continue to work in the opposite direction by seeking to “strengthen its
 strategic international engagement globally”.

In particular in respect of financial crime and money laundering, the need of international cooperation is paramount. Without a multi-agency and multi-national response no action against criminals can be effective, as financial crime does not know any jurisdictions and money launderers move funds around the entire globe to veil their illicit origins.

As such the FCA vows to share intelligence and to “engage closely with the Government, the Financial Action Task Force (FATF), other enforcement agencies, regulators and firms to share intelligence and respond to both old and new threats”.

RegTech

Money laundering cannot be fought alone by means of strengthening international cooperation though as described above. The FCA is cognisant that it also requires an improvement of itsanti-money laundering capabilities.

Amongst financial authorities, the FCA has embraced innovation in particular with a view to regulatory technology (RegTech). It claims to have taken a strategic approach and building on this, its RegTech activities in the year ahead will be focused around three priorities:

– Continuing exploration and experimentation with 
industry around how to improve the method of data exchange between industry and regulators and specifically the opportunities for expressing requirements in a machine readable and executable form:

– Further work around new technology solutions to achieve better, more cost-efficient outcomes in relation to anti-money laundering and financial crime compliance; and

– An expansion of its early activities in relation to vulnerable consumers, and how technology can help firms and consumers achieve positive financial outcomes, including for those consumers with specific health or financial needs.

The FCA also wants to further explore the opportunities technology offers, for instance, in respect of a machine readable and machine executable Handbook, and machine executable regulatory reporting. However, its work in the coming twelve months will largely be diagnostic in order to enabling the regulator to amend future handbook design and providing a better evidence base for how it estimates regulatory cost and benefit.

It is fair to say that through its extensive dialogue with the industry and stakeholders in RegTech start-ups, incumbent institutions, technology providers and academics, the FCA has developed an understanding of the status quo. Naturally, this requires more work and the FCA seems committed to do so with continuous efforts on experimental work such as delivering Digital Regulatory Reporting in conjunction with industry participants and the Bank of England and the hosting of industry events such as an upcoming international TechSprint on anti money- laundering (AML) and Financial Crime, during which nascent Privacy Enhancing Technologies will be tested.

The FCA is founding member of the recently launched Global Financial Innovation Network (GFIN) and while it does not explicitly say so in its Business Plan, it is likely to further work on its proposal to create a global sandbox, too.

FinTech

Instead the document expressly states that the FCA intends to use the GFIN to find to influence the global response to FinTech. Its objective is to encourage innovation that promotes the objectives of the group of regultors and
to share intelligence and best practice on the implications of innovation on financial markets. To do so, it will run a small pilot of cross-border trials alongside 17 other regulators and evaluate the efficacy of the GFIN approach, including barriers to innovation where regulatory approaches are inconsistent. The FCA believes that “cross-border trials should allow non-UK innovative firms greater access to the UK market without undermining consumer protection and market integrity”.

On the other hand, the FCA has in collaboration the Bank of England and the Treasury with regard to cryptoassets leaped to determine that strong action should be taken to address the risks associated with cryptoassets that fall within existing regulatory frameworks as a result of its review published in October 2018. Though the report came to the conclusion that while cryptoassets are not widely used in the UK and currently pose no material risks to financial stability, they pose a range of risks, notably to consumers (who may face large losses), market integrity (due to manipulation and other market-abuse style strategies) and financial crime.

The FCA had already announced a policy Statement on cryptoassets to be published in summer 2019 and a consultation on potentially banning the sale to retail customers of derivatives linked to certain cryptoassets. The business plan concretizes these ambitions by stating that following the consultation on cryptoassets, it will publish a Feedback Statement and finalised Perimeter Guidance. The FCA also intends to provide technical advice to the Treasury on extending the perimeter for utility and exchange tokens and on extending its financial crime provisions to certain activities related to cryptoassets.

“The Annual Cost of Cybercrime is estimated at $600 billion, which is the equivalent of 0.8% of global GDP.”

Operational resilience

Technology signifies an immense opportunity for regulators, but it also poses an enormous threat to the operational resilience of organization. This can be demonstrated through the alarming increase in cyber threats on one hand, but it is also extremely relevant in terms of outsourcing to third party providers.

With estimates putting the annual cost of cybercrime at approximately $600 billion, or 0.8% of global GDP, the FCA is right to emphasise the need to focus its work on this area. The business plan points to the ongoing challenge stemming from technology outages and cyber-attacks. The FCA’s focus therefore is on its supervisory multi-firm work on cyber-attacks as well as on communications with smaller firms to increase awareness of cyber-attacks and the continued use of ethical hacking to test firms.

It also states that “the potential for harm is increased by complex and ageing IT systems, increasing use of third-party service providers and complexity of changes to systems and processes”. The FCA’s recent dialogue with supervised firms has produced a clear gap between the expectations of the regulator and the self-assessment of firms in terms of change management capabilities. For this reason the regulator aims to set clear expectations on outsourcing to third party service providers. These include addressing the risks of harm that could result from insufficient operational resilience in firms and inadequately controlled outsourcing. The FCA leaves no doubt that while critical services may be outsourced but responsibility can not. Instead, similar to other regulators that have expressed similar views in recent times, it underlines the responsibility of Senior Managements for Third Party Services. Sounds like a lot of work but nobody said it would be easy. But then forewarned is forearmed, isn’t it?