FSA Update and Project Risks January Carl Taylor IT and Data Security Risk Frameworks Prudential Business Unit Risk Specialists Division

Similar documents
Regulatory reform of UK Financial Services

Regulatory reform. Operating twin peaks and the move towards legal cutover (LCO)

Consultation Paper CP3/13. Prudential Regulation Authority Regulated fees and levies: rates proposals 2013/14

Approved Persons Fitness & Propriety Gary Morley

25 The North Colonnade, Canary Wharf, London E14 5HS. John Griffith-Jones (Chair) Martin Wheatley

Towards Twin Peaks: The UK s Emerging Regulatory Landscape (January 2013 Update)

October 2012 JOURNEY TO THE FCA. What should we expect?

Client briefing Key aspects for insurers of the new UK regulatory regime

Update from the FSA. Current Issues in General Insurance Conference, May 2010 James Orr and Vishal Desai

Appendix 1: Milestones

Regulating financial services

Draft Memorandum of Understanding between the Financial Conduct Authority and Prudential Regulation Authority Overview

Individual Accountability: Extending the Senior Managers and Certification Regime to insurers

Pillar 3 disclosures 3I GROUP PLC. As at 31 March 2018

Proposed Implementation of the Enforcement Review and the Green Report

Draft: Memorandum of Understanding between the Prudential Regulation Authority and the Financial Services Compensation Scheme Ltd.

Group Solvency and Financial Condition Report

After FSA the new regulatory landscape

Investment Management Knowledge Sharing for Independent Non-Executive Directors Preparing for the Financial Reporting Season Ahead

Insurance, stability and the UK s new regulatory architecture

Mutuality and with-profits funds: a way forward

Relevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority

The new FCA Handbook. Feedback on Regulatory Reform proposals relating to the FCA Handbook, including final Handbook rules.

Senior arrangements, Systems and Controls. Chapter 13. Operational risk: systems and controls for insurers

The use of PRA powers to address serious failings in the culture of firms

Practical challenges of managing operational risk in Annuities

UK Action Plan to reduce reliance on CRA Ratings

IMPLEMENTATION OF THE AIFMD IN THE UK

Status quo of the US and UK s P2P lending regulation

BAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2017

PRA sets out and consults on senior insurance managers regime for non Solvency II insurance firms

Regulation & Compliance for UK Financial Services This course is presented in London on: 02 March 2018, 11 October 2018

WORKING IN THE BANK OF ENGLAND S LEGAL DIRECTORATE

The FCA s approach to advancing its objectives

Pillar 3 Disclosures. 31 December 2013

The specialist closed life business. Half year update. 24 September 2009

REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 996 SESSION FEBRUARY Cabinet Office. Improving government procurement

Solvency and Financial Condition Report. The United Kingdom Mutual Steam Ship Assurance Association (Europe) Limited

Countdown to MiFID II: Final rules for trading venues, participants and investment firms

Direct line: Local fax:

a new Financial Policy Committee within the Bank of England (the FPC ) responsible for macro-prudential regulation and financial stability ;

Guide to assessments of fintech credit institution licence applications

The distinct nature of insurance business and the introduction of a specific insurance objective;

MEMORANDUM OF UNDERSTANDING

Senior Management Arrangements, Systems and Contro. Chapter 21. Risk control: additional guidance

Practice Note 20 (Revised)

BAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2018

CROWDFUNDING AND THE PROMOTION OF NON-READILY REALISABLE SECURITIES INSTRUMENT 2014

FCA Statement authorising and supervising insurance special purpose vehicles

The Rt Hon Philip Hammond MP Chancellor of the Exchequer HM Treasury 1 Horse Guards Road London SW1A2HQ 5 December 2018

The new FCA and PRA Senior Managers and Certification Regime and Code of Conduct. A guide to the current proposals. August

Strategic flood risk management

Regulatory Reporting Workshop for Limited Licence Brokers, Investment Managers, Hedge Fund Managers and Private Equity Firms

Group Financial Statements

Professional Risks. Information Technology Proposal Form. Proposal Form 1017 Professional Risks

Solvency and Financial Condition Report 20I6

Exposure Draft: Practice Note 20 (Revised): The Audit of Insurers in the United Kingdom

New regulatory framework for insurance:

25 The North Colonnade, Canary Wharf, London E14 5HS. Christopher Woolard (in part)

Independent auditor s report to the members of Tesco PLC

UK Securities Law Update Q1, 2011

Financial Regulation Strategy HM Treasury 1 Horse Guards Road London SW1A 2HQ. 14 April 2011.

Andrew Bailey Chairman

PRA RULEBOOK: CRR FIRMS: NON-CRR FIRMS: FITNESS AND PROPRIETY AMENDMENT INSTRUMENT 2016

Consultation Paper CP29/17 International banks: the Prudential Regulation Authority s approach to branch authorisation and supervision

Independent auditors report to the members of Savills plc

Productivity and the Financial Sector What s Missing? By Jeremy Kronck. Appendix A: Regulators by Country

INVESTOR PRESENTATION FEBRUARY 2018 DE LISTED ON

Pillar 3 Disclosures Year ended 31 st December 2017

EU Commission s Proposed Prudential Regime for Investment Firms

Guidance consultation FSA REVIEWS OF CREDIT RISK MANAGEMENT BY CCPS. Financial Services Authority. July Dear Sirs

Pension Scheme Cyber Resilence Workshop

LMA GUIDANCE: SENIOR INSURANCE MANAGERS REGIME (SIMR)

25 The North Colonnade, Canary Wharf, London E14 5HS. John Griffith-Jones (Chair)

PRA Solvency II regulatory reporting industry working group, 25 September 2015

Beyond Value

The Bank of England, Prudential Regulation Authority

B&CE Group Solvency and Financial Condition Report. report for the year ending 31 March For people, not profit

Audit Committee report THE AUDIT COMMITTEE. Tim Weller Audit Committee Chairman

Insights into managing regulated outsourcing in financial services 09 / 06 / 2015

1 Introduction. Guidance consultation 15/2 GENERAL GUIDANCE ON THE APPLICATION OF EX-POST RISK ADJUSTMENT TO VARIABLE REMUNERATION.

The Financial Services Bill: the Financial Policy Committee's macro-prudential tools

FIL Life Insurance Limited. Solvency and Financial Condition Report as at 30 June 2016

Application for Authorisation

BaFin Solvency II Conference The Current UK Perspective on the Insurance Industry including Solvency II Implementation

FIL Life Insurance Limited. Solvency and Financial Condition Report as at 30 th June 2017

Senior Managers Regime: Statement of Responsibilities

PRA Solvency II update James Orr. 29 April 2015

Insurance. Does ERM matter?* Enterprise risk management in the insurance industry. Executive summary

Solvency II Where do we stand? Consumer Protection Where do we go?

AS TABLED IN THE HOUSE OF ASSEMBLY

Tungsten Corporation plc Tungsten Bank plc. Pillar 3 Disclosures. 8 July / 20

Supervisory Statement SS35/15 Strengthening individual accountability in insurance. July 2018 (Updating February 2018)

Professional Risks. Information Technology Proposal Form. Proposal Form 1017 Professional Risks

Key Challenges Reflections from the FSA

Solvency II Detailed guidance notes for dry run process. March 2010

Collective Investment Management Companies Framework. Guide to assist through the process for authorisation and registration in Portugal

PRA RULEBOOK: REGULATORY REPORTING INSTRUMENT [YEAR]

Application form for banks

OUR PRODUCTS. ABACUS SIPP Low-cost SIPP that allows you to invest your pension into one investment platform

Transcription:

FSA Update and Project Risks January 2012 Carl Taylor IT and Data Security Risk Frameworks Prudential Business Unit Risk Specialists Division 1

Agenda 1.Regulatory Reform of the FSA 2.Project Risks 2

Carl Taylor FSA since March 2009 Certified Information Systems Auditor 9 years at PricewaterhouseCoopers - Global Risk Management Services, Senior Manager project implementation (ERP) project assurance security and controls assurance Senior assurance and management roles in financial services (Banking and L&P) and manufacturing 3

Regulatory Reform of the FSA 4

Regulatory Reform proposals Three regulatory bodies: The Financial Policy Committee (FPC): a committee of the Court of the Bank of England; Purpose: to protect financial stability (macro-prudential regulation, regulation of Clearing Houses and settlement systems) The Prudential Regulation Authority (PRA): a subsidiary of the Bank of England; Purpose: stable and prudent operation of deposit takers, insurers, and investment banks (micro-prudential regulation) The Financial Conduct Authority (FCA): an independent company Purposes: confidence in financial services and markets (will regulate exchanges and other trading platform providers, and market participants) Consumer protection and market integrity (regulating conduct of business for all firms) 5

Impact on Firms What does this actually mean? For authorised/recognised firms All except clearing and settlement institutions will be regulated by the FCA with some high impact firms also being regulated by the PRA (dual regulated firms) Clearing and settlement firms will be regulated by the Bank of England 6

Current Structure of the FSA Internal Twin Peaks 7

Internal Twin Peaks FSA in preparation for the split into the PRA and FCA has re-organised into separate Conduct and Prudential business units In April 2012 the FSA was split internally into 2 business units Conduct Business Unit (CBU) Prudential Business Unit (PBU) 8

Implications for Firms Since April 2012 dual-regulated firms have begun working with two separate, specialised regulators Those firms that are not high impact and market infrastructure providers continue to be subject to a single regulator The FSA will formally separate into the PRA and FCA in 2013 (known as legal cutover) 9

The PBU s and CBU s Objectives 10

Conduct and Prudential Business Units 11

Conduct Business Unit (CBU) 12

Prudential Business Unit (PBU) 13

PBU RSD Risk Infrastructure, Liquidity and Capital Charlotte Gerken HoD Jackie Bennison PA Nick Devereux Capital Management Team Lee Jones Asset Liability Management & Liquidity Risk Andrew Sheen Risk Infrastructure Thibaud de Barmon Change management Bastian Llibal Daniel Chapman Diederick Potgieter Prasanna Rengarajan Rosemarie Flanagan Rupak Dasgupta Shaun Brown Tim Pemberton David Samuel Camilla Stanhope Gergely Hamvas Iva Dropulic Iva Macanova Kumar Tangri Nehal Saghir Philip Lewis Ron Livingstone Carl Taylor Peter Hanney Farrukh Nazir Philip Umande Chyng-Lan Liang Khim Murphy Anirban Ghoshal Sajib Azad Paul Beech Karen Guiterrez Gamal Bemath Samuel Smith Stephen Reynolds Administrato r Shar Wallace Administrato r Tina Jarvis 14

Risk Frameworks IT & Data Security Transactions IT risk mgt Acquisitions Change in Control Disposals Model Reviews IT general controls CAD BIPRU market risk IMM Credit Risk Solvency II Risk Reviews IT general controls Outsourcing Strategic change projects RMP/follow-up support Recovery and Resolution Single Customer View - COMP Recovery and Resolution Planning Incidents Ad-hoc investigations S166/independent review scope 15

Developments at the FSA The next steps. 16

Time Table The Financial Services Act 2012 creates a new regulatory regime that: Puts the Bank of England clearly in charge of financial stability Provides for focussed prudential and conduct of business regulators (the Prudential Regulation Authority or PRA, and the Financial Conduct Authority, or FCA); and Places the judgement of expert supervisors at the heart of regulation The Act received Royal Assent in December 2012, and the new regime will be fully established on 1 April 2013 17

Legal Cut Over and the Handbook At LCO (1/4/2013) the FSA Handbook will be split between the FCA and PRA to form two new Handbooks; one for the PRA and one for the FCA. Most provisions in the FSA Handbook will be incorporated into the PRA s Handbook, the FCA s Handbook, or both, in line with each new regulator s set of responsibilities and objectives. 18

Approach Documents In October the CBU and PBU jointly published approach documents with the Bank The PRA s approach to banking and insurance supervision: http://www.fsa.gov.uk/static/pubs/other/pra-approach-banking.pdf http://www.fsa.gov.uk/static/pubs/other/pra-approach-insurance.pdf The CBU s approach to supervision: http://www.fsa.gov.uk/static/pubs/other/journey-to-the-fca-standard.pdf The approach documents set out: The FCA and PRA objectives Threshold conditions which are now different 19

Project Risks and Controls A regulatory view 20

First things first - What is a Project? Significant capital investment and revenue expenditure yielding future revenue benefits Significant change to the firm s business model or the operations/it infrastructure supporting the business model Outside of the normal business as usual day to day operations 21

Secondly - Why do we care? Enables the business' strategy - failure could inhibit the firm s business model (capital, liquidity) Operational disruption significant post implementation issues could disrupt the firm s business model (capital, liquidity, systemic impact) Reputational harm loss of revenue with potential prudential impacts (capital, liquidity) Write off of capital invested potential prudential issues (capital, liquidity) Significant additional costs to correct (capital, liquidity) Implications for regulatory capital 22

Danger signs indicators that all is not well Inexperienced project management Absence of a robust business case Absent or incomplete business requirements Lack of business engagement Absence of a baselined plan Overrunning costs and missed milestones Changes to scope - both increases and decreases in scope IT sponsored/lead project with significant business change Bleeding edge - e.g. Technology unproven in the UK Limited evidence of supplier or package due diligence Projects running for in excess of 12 months without delivering anything 23

Danger signs indicators that all is not well (continued) Extensive integration with legacy systems Heavy customisation of an off the shelf package In-house development of custom software Absence of an integration partner Firms with a poor history of delivering projects Major change portfolio of multiple projects using different technology solutions Limited engagement of the Board and Board level directors Absence of independent assurance to challenge project management Weak progress reporting 24

What might good look like Governance Board engagement Board level business sponsorship A methodology (it does not have to be vanilla Prince) An experienced project manager(s) Business case with ownership of benefits delivery Clear project structure (e.g. workstreams) and dependency management Effective status reporting The right skills and resources - an implementation partner may help manage the firm's risks Appropriate solution and vendor due diligence Independent assurance to verify the accuracy of programme management - operation and reporting Effective risk management and operational risk engagement Robust test execution including user acceptance and nonfunctional requirements testing 25

Questions carl.taylor@fsa.gov.uk 26

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback