FCA Business Plan 2017/18 17 May 2017 www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.
Andrew Jacobs Agenda Introduction Andrew Jacobs Main themes of 2017/18 Business Plan Giovanni Giro Governance and culture, financial crime, wholesale markets and investment management Lucy Gallagher Cyber security Steve Williams Conclusion
The Mission. The Plan. The Views. Mission Statement Business Plan Sector Views
The Business Plan Risk Outlook In-depth assessment of emerging risks Identification of key trends Cross sector 6 key cross sector priorities for the year ahead Sector specific Detailed analysis of sector specific performance and issues Complimented by Sector Views Ongoing activities Authorisation of firms Promoting competition Supervising firms Developing policy Understanding consumers
Main themes of 2017/18 Business Plan Giovanni Giro, Senior Manger www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.
Overview On 18 April the FCA released their 2017/18 Business Plan, Mission Statement and Sector Views, which include: Risk Outlook FCA s cross-sector priorities and sector-specific priorities list of upcoming initiatives The FCA stated: Our aim is to ensure that the UK has effective, innovative and trusted financial services sector that provides public value and meets the needs of all those who use it. Brexit the FCA will provide technical support to the Treasury and Bank of England to ensure smooth transfer of the EU rules into domestic legislation
Mission Statement and Sector Views Mission Statement gives detail of the regulatory framework used to assess, mitigate and make judgment-based decisions on the expected impact on the market and further work required Sector Views explains how each sector has been researched and assessed based on 4 key lenses of consumer journey, market drivers, competition and firms behaviour
Cross-sector priorities Firms culture and governance Consumer vulnerability and access Financial crime and AML Treatment of existing customers Promoting competition and innovation Technological change and resilience
Planned cross-sector activities Promoting competition and innovation Priorities: Publish resources to help firms developing robo-advice services Engage with regional and Scottish FinTech hubs Project Innovate Treatment of existing customers Priorities: Analyse the effect of wake-up packs Look at how firms treat borrowers with interest-only mortgages Consumer vulnerability and access Priorities: Publish Consumer Approach document Work with third parties such as consumer groups, charities and industry Planned work: Investigate how near and realtime compliance monitoring can reduce the regulatory burden Continue to host themed weeks on specific areas of innovation Undertake work with the Money and Mental Health Policy Planned work: Shopping around and switching The response to the CMA review of retail banking Debt management sector review Planned work: Possible changes to after-sales services Focus on high-cost credit and overdraft users Review of long-term mortgage arrears
Key sector priorities Wholesale financial markets Investment Management Pensions and retirement income Retail investments Retail banking General insurance and protection Retail lending
Planned activities in the key sectors Retail market Priorities: Further thematic work of CFDs Individual accountability under the SM&CR Intervention to tackle the highest levels of consumer harm in riskiest sub-sectors Review of Retail Banking business models PSD2 Pensions and retirement income Priorities: Publish interim report on the Retirement outcomes review Non-workplace pensions General insurance and protection Priorities: Effectiveness of competition in the Wholesale Insurance Market Implementation of the IDD in February 2018 Planned work: Final guidance on the Financial Advice Market Review Thematic work on the suitability of financial advice Compliance review of P2P lending Review of the price cap for high-cost short-term loans in summer 2017 Publish an interim report on the findings of the Mortgage Market Study Planned work: Pension Strategy Review non-advised drawdown sales Initial discovery on nonworkplace pensions market Planned work: Conduct a review of General Insurance pricing practices Review of the Call for Inputs on Big Data feedback from September 2016
The FCA s work Pillar 1 ongoing proactive supervision of firms that present the most risks to the FCA s objectives Pillar 2 will be event-driven, reactive supervision of actual and emerging risks Pillar 3 thematic work to focus on risks and issues affecting a number of firms across the market, no specific sectors have been detailed
Regulation timeline 4MLD June 2017 IPO reform during 2017 Implementation of MiFID II January 2018 EU Benchmark Regulations January 2018 SM&CR March 2018 Securities Financing Transaction From 2018 Shareholders Directive 2019 2017 2018 2019 New Prudential Regime Final Report (investment firms) Mid 2017 PRIIP Rules January 2018 Implementation of PSD2 January 2018 Implementation of IDD February 2018 Ring Fencing Implemented by 2019 SEPA 2019
Conclusion Governance, conduct, financial crime and cyber-resilience Consumer credit firms will need to focus on customer vulnerability, conduct and client money protection Firms in the retail market need to focus on customer access, TCF, best execution and suitability/appropriateness Pension sales and transfers will be monitored carefully Insurance and protection firms need to prepare for the new IDD
Governance and culture, financial crime, wholesale markets and investment management Lucy Gallagher, Managing Consultant www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.
Cross-sector priorities Culture and governance Financial crime
Cross-sector: governance and culture FCA issues identified: Poor culture Business models not aligned with appropriate Conduct Remuneration structures Weak governance and oversight Lack of accountability
Culture of accountability A culture of accountability at all levels Senior management fully responsible Define what conduct and culture mean to your firm Tone must be set from the top
Key planned activities Embedding of the Senior Managers & Certification Regime (SM&CR) for firms already in scope Extend SM&CR to all other FSMA authorised firms Continue to review regulatory framework for remuneration
Cross-sector: financial crime FCA issues identified: Changes in risk criteria AML systems and controls De-risking of banks Fraud vulnerabilities
Key planned activities Analysis of the annual REP-CRIM data item New AML watchdog Supervisor of Supervisors (Office for Professional Body AML Supervision (OPBAS)) Implementation of 4MLD and the FCA will continue to bring firms to account for poor AML systems and controls
Sector priorities Wholesale market Investment management
Sector: wholesale market Unprecedented challenge and significant change. Firms business models have to adapt MIFID II and MIFIR 3 January 2018 Market Abuse Regulation Effectiveness of primary markets EU Benchmark Regulation
Market Abuse Regulation Took effect 3 July 2016 Article 16 MAR: effective arrangements, systems and procedures to detect and report suspicious orders and transactions FCA business plan states that punishing market abuse is a high priority Link to MiFID II transparency and reporting
MAR and MiFID II link Implementing the Markets in Financial Instruments Directive II (MiFID II) allows us to introduce major reforms to improve resilience and strengthen integrity and competition in wholesale markets. The additional information we will get from firms when the Markets in Financial Instruments Regulation (MiFIR) is introduced next year will further increase the effectiveness of our market abuse work. Andrew Bailey, CEO, FCA
Sector: investment management Key expectations: Effective competition is essential Investment management firms deliver good consumer outcomes Firms act in the best interests of their investor Investors understand the objectives of funds invested Conflicts are identified and managed
Planned activities Asset management market study Price competition is weak Investors not always clear about fund objectives Interim report proposed a number of remedies Final report due to be published by the FCA in Q2 2017 Fund liquidity FCA discussion paper on fund liquidity released (DP17/1) FCA to review policy options and tools asset managers have to manage liquidity when facing redemptions and valuations Continue discussion with international regulators Custody banks strategy FCA planning a number of interventions in this sector Continue to ensure firms meet CASS obligations for the protection of client assets
Summary Changing regulatory framework requires effective implementation planning by firms MiFID II & MiFIR High priority: Governance / Culture Accountability Prevention of financial crime SM&CR MAR
FCA Business Plan cyber security Steve Williams, Partner www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.
Introduction Cyber security and resilience issues are attracting the attention of the FCA They pervade the FCA s business plan Unclear what work is planned in these areas Highlight our perspective on areas of likely focus and key actions for firms
What does the Plan say? Cross sector focus on technological change and resilience The FCA will: establish cyber coordination groups across five sectors to battle cyber attacks increase engagement with the industry in relation to new technologies, resilience of IT systems and cyber crime risk Firms have legacy systems Firms need to change to respond to digital trends Firms sometimes don t manage the risk associated with change well and can introduce resilience risks and cyber security risks
Why is this important? Cyber is becoming embedded in the regulator s language The FCA obviously considers cyber and resilience a key risk 80 70 60 50 40 30 Cyber Resilience 20 10 0 2015/2016 2016/2017 2017/18 Number of mentions of Cyber and Resilience (in an operational context) in FCA business plans 2015-2018
What does the regulator expect of firms #1 Governance Training and awareness Staff recruitment and vetting Access rights Passwords and user accounts Monitoring access to customer data Data back-up Access to the internet and email Key-logging devices Laptops Portable media including USB devices and CDs Physical security Disposal of customer data Managing third-party suppliers Internal audit and compliance monitoring FCA Financial Crime Guide Parts 1 & 2, offer guidance on information and cyber security
What does the regulator expect of firms #2 The FCA has created a dedicated Cyber Specialists Team to oversee the way that firms manage cyber risk The remit and focus of this team is not clear, however recent speeches and correspondence with firms suggest some themes Analysis of language used in last two FCA speeches on cyber security, 14 November 2016 and 24 April 2017
Building effective resilience Business continuity planning IOSCO Guidance on cyber resilience for financial market infrastructures June 2016 (https://www.iosco.org/library/p ubdocs/pdf/ioscopd535.pdf) PRA / FCA questionnaire on resilience and insurance (2015): Learning Situational Awareness Testing Recovery Identification Governance Detection Protection http://www.bankofengland.co.uk /pra/documents/about/insuranc eletter100815.pdf
Managing change effectively Plan Build Test Deploy Plan B Why? What? When? How? Risk management Functional and non functional Systems and processes Functional and non functional Systems and processes Plan Validate Back out Many different models for change Principles are consistent between these Critical to know what you are doing, why you are doing it and to test to exhaustion
Changing enforcement trends In January 2017, RSA Insurance PLC was fined 150,000 for loss of customer data This was not by the FCA this was by the Information Commissioner s office (ICO) There have been several other enforcement actions (non-security) by the ICO Strict new regulation (General Data Protection Regulation) will be in force in May 2018 Other regulations include
Conclusion Andrew Jacobs, Director www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.
How should firms respond? Align business risk assessments to the FCA s risks and key priorities: Technology and cyber resilience identified as a key risk facing firms Culture and governance a continuing priority. The FCA aims to consult SM&CR for all other FSMA firms in 2017 and implement the regime from 2018 Financial crime and anti-money laundering implementation of the Fourth Money Laundering Directive, systems and controls to counter financial crime both internal and external to firms Macro-economic changes contingency plans due to sense of uncertainty from the FCA on Brexit
Conclusion Cyber security and technology resilience are a growing area of regulatory focus. FCA is obviously investing in its capability, so we expect this focus to grow Analyse the Sector views applicable to your business model and carry out a health check to pre-empt any supervisory or thematic activity Other regulations are due to come into force that will also impact regulated firms, such as MiFID II which will join the regulatory and technology expectations on Firm, particularly in respect of market transparency and prevention of financial crime Align your Compliance Monitoring Plans (CMPs) the specific areas highlighted and the overarching themes we have outlined
Questions or comments?
FCA Business Plan 2017/2018 17 May 2017 www.moorestephens.co.uk PRECISE. PROVEN. PERFORMANCE.