The UK’s financial regulator has rounded off the year with some significant communications to the industry, including four speeches which provide further detail about its priorities for the coming year.

The Financial Conduct Authority has published a document called Approaches to Authorisation and Competition. Essential reading this month also comes in the form of its three consultative papers on the implementation of the Senior Managers & Certification Regime (SM&CR); these set out the regulator’s proposals for a smooth transition to the regime.

The FCA’s approach to authorisation and competition

Following on from its Future Approach to Customers document, published last month, the FCA has released another called Approach to Authorisations and Competition. Both are designed to provide the financial sector with more information about its attitudes in these areas.

Authorisation

The FCA views its authorisation function as a way to protect consumers from sharp practice and ensure that competition is working well. It does this by only allowing those firms which meet its ‘threshold conditions’ and standards of conduct to enter the market. As a major part of this effort it strives to understand each firm’s culture.

Weak competition can stop innovative ideas from coming to market, so the regulator is now offering more tailored support to firms during the authorisations process, through its ‘start-up hubs’ and other initiatives.

The FCA expects some firms to fail now and then. When this happens, it wants them to leave the market in an orderly manner and in a way that hurts consumers the least.

While it is deciding whether to authorise a firm or not, the FCA says that it will (and probably already does) assess the importance that the firm in question places on customers’ interests and will also try to find out if its business model and strategy give anyone any incentive to harm them. This should come as no surprise to firms, as poor ‘culture’ has been found to be at the heart of many failures.

With the extension of the Senior Managers and Certification Regime (SM&CR) to the whole of financial services on the horizon, firms can expect regulatory scrutiny (both during the authorising process and in subsequent supervisory work) to intensify. This document, like others before it, says that the regulator expects senior managers to “set the tone from the top” and show it from the start that they are riveted on good results for customers. The FCA will expect every document they submit to it to show it that they are genuinely, consistently and strongly keen on this.

Competition

The need to promote competition is one of the FCA’s operational objectives and is set out in s1E Financial Services and Markets Act 2000. The FCA’s interest in competition spans all areas of its work and this latest document provides further evidence that every market is open to investigation and intervention for this purpose.

The regulator is not interested in promoting competition in vacuo or for its own sake. Its intervention must benefit consumers in some way, perhaps by giving them more choice, by reducing barriers to entry for firms, by making firms innovate, or by reducing anti-competitive behaviour. The FCA does not want to regulate prices or firms’ profitability, although it will (and probably does already) take an interest in these areas if it finds evidence that consumers are suffering or do not believe that they are obtaining ‘value for money.’

The FCA’s Asset Management Market Study produced a report in June. This showed the FCA beginning to flex its muscles in the field of competition. It dwelt on the direct effect that poor price competition has on ‘value for money’ and results for customers. The FCA can be expected to continue to examine each link in the value chain.

Ultimately, the regulator wants to identify and solve any problems that affect the “virtuous circle of competition” whereby effective competition prompts firms to meet the needs of customers, which in turn keeps those customers well informed, which then leads to greater competition in the market.

The SM&CR

The FCA has published three consultative papers in which it outlines the approach it proposes to take to helping firms to conform to the Senior Managers & Certification Regime (SM&CR). It has also published a consultative paper in which it proposes to extend the ‘duty of responsibility’ which has applied to senior managers at banks since May last year to insurers and solo-regulated firms, i.e. firms that are only regulated by the FCA and not also by the Prudential Regulation Authority.

The three documents follow on from the regulator’s previous consultative exercise regarding the way in which it ought to apply the regime to the rest of the industry.

For FCA solo-regulated firms and individuals (CP17/40)

The FCA is proposing to convert most ‘approved persons’ at “Core and Limited Scope firms” to the corresponding senior management function (SMF) automatically. Every ‘enhanced firm’ will have to submit a conversion notification (Form K), alongside its statements of responsibilities and responsibilities maps, to the regulator.

The Certification Regime will be introduced gradually, with firms having 12 months from the date of implementation to complete their first assessments of the fitness and propriety of their staff. However, all relevant employees must start to comply with the ‘conduct’ rules on the first day of the regime.

Firms will also have 12 months to apply the conduct rules to all staff. This ought to give them enough time to train the relevant people.

For insurers (CP17/41)

The FCA is proposing different to take different approaches in the field of insurance, depending on whether the insurer in question is subject to Solvency II, is a large non-directive firm or is a small non-directive firm.

The FCA is proposing to convert people at small non-directive firms, small run-off firms and insurance special purpose vehicles (SPVs) to their allotted SMFs automatically. Senior managers at Solvency II firms and large non-directive firms will be converted to their SMFs as soon as the regulator has received their Form Ks and supporting documents.

The regulator intends to impose the Certification Regime and conduct rules as described in CP17/40, but has also said that it will not require firms to obtain regulatory references for employees whose jobs are not changing.

Duty of responsibility for insurers and solo-regulated firms

The aforementioned duty of responsibility enables the FCA to take action against a senior manager when:

• the firm has breached one of its regulatory requirements; and
• the senior manager in question was responsible for the relevant area of the business at the time of the breach; and
• he did not take appropriate steps to prevent the breach from occurring or continuing.

In such cases, the burden of proof lies with the FCA.

Rules to make it easier to compare bank accounts

The FCA has published rules to help customers compare bank accounts with each other. Personal current account (PCA) and business current account (BCA) providers will be required to publish service information relating to their accounts.

The new rules will require firms to publish information to do with:

• the account-opening process, including average timescales;
• timescales for replacing cancelled, lost or stolen cards;
• the support services available, how people can find them and when they are available; and
• the number of major operational and security incidents reported to the FCA in the relevant period, broken down by channel.

Providers will also be required to publish:

• statistics that divulge the time taken between a customer’s application and his receipt of the service; and
• details of how and when customers are able to carry out everyday banking activities and the levels of support available.

The FCA’s initial consultative paper on this issue (CP17/24) also included proposals to include figures relating to customers’ experiences with power of attorney. Having received feedback from interested parties, the FCA will not be pursuing this proposal. Instead, UK Finance and the Building Societies Association (BSA) will try to develop a “voluntary industry agreement” to publish information on the services available (including power of attorney) to potentially vulnerable customers.

The rules will apply to all firms with more than 70,000 PCAs or 15,000 BCAs in the second quarter of next year. Firms will have an extra six months in which to begin publishing figures that reveal the time it takes to open accounts and to replace cards.

Persistent credit-card debt

Following an initial consultation in April 2017 (CP17/10) to address persistent credit card debt, the FCA has published amended proposals following industry feedback, alongside revisions to its cost benefit analysis.

In CP17/10 the regulator proposed:

• to define ‘persistent debt’ in a formal way as a situation where a customer pays more in interest, fees and charges than he pays of the debt in an 18-month period;
• for firms to prompt customers to change their repayment behaviour after 18 months, outlining the potential consequences of continuing with their current repayment strategies;
• that firms should issue a further reminder between 27-18 months if the customer looks likely to still be in persistent debt at 36 months;
• to require further intervention at 36 months if the customer is still in persistent debt; and
• to require firms to evaluate the risk of customers being in financial difficulty and to take appropriate action to support them.

The industry’s response to these proposals was broadly positive, with widespread support for the FCA’s aim of reducing persistent credit-card debt. However, the feedback dwelt on some problems that the FCA has tried to solve in this new consultative paper. It has:

• stated that its rules will not specify the language that firms must use in their communications to customers who are in persistent debt;
• ceased to want firms to warn customers that their card suspension may be reported to credit reference agencies (CRAs), instead wanting to compel firms to make customers aware of the potential impact of continued low repayments;
• allow firms to provide the contact details of authorised individuals with permission for debt counselling, as long as this is consistent with their wider regulatory obligations;
• enable firms to offer repayment periods of longer than 3-4 years in exceptional circumstances; and
• extended the implementation period to six months to enable firms to make appropriate changes to their contracts, policies and processes.

The consultative paper also includes a revised cost benefit analysis (CBA), with additional information and data previously excluded from the calculations. The consultative period runs for six weeks and the FCA wants to publish actual rules in the next three months.

The regulator’s priorities in the retail banking sector

Karina McTeague, the FCA’s director of retail banking supervision, recently spoke about her regulatory priorities, which include:

• culture and governance;
• financial crime and money laundering;
• the promotion of competition and innovation;
• technological change and ‘resilience’;
• the way firms treat existing customers;
• the vulnerability of consumers;
• ‘ring-fencing’;
• the Senior Managers and Certification Regime (SM&CR);
• remedies proposed by the Competition and Markets Authority; and
• the handling of complaints about payment protection insurance or PPI.

In her speech, Ms McTeague delved into the detail of two of the FCA’s biggest concerns at the moment; its strategic review of retail banking business models and the European Union’s second Payment Services Directive (PSD2).

Business models

Although competition-related problems still persist in the market, Karina McTeague foresees a change on the horizon, caused by digitisation, new market entrants, social trends and regulatory intervention. However, there remains a risk that various factors might stifle innovation and competition and firms may concentrate more on profitability than on good results for consumers. The FCA’s strategic review of retail banking business models will therefore encompass business models, ‘customer outcomes’ and the approach that firms take to regulation. The insight it gains from this assessment ought to help it make decisions.

PSD2 and open banking

PSD2 is expected to promote competition and innovation, to protect consumers from sharp practice to a greater degree than before and to bestow more integrity on markets when it comes into force on 13th January. It will enable consumers to take greater control of their personal data, including online payment accounts and the financial products they use, especially when paired with open banking (another initiative – this time by the UK’s Competition and Markets Authority – to give customers more control over their data and to help fintechs manipulate it for them, according to their instructions). Firms will have to educate consumers about the benefits they can reap.

She also urged firms to read the FCA’s PSD2 approach document and the joint FCA/Treasury publication which looks at third-party access provisions during the transitional period.

Ms McTeague ended by saying that the regulator will be expanding the proactive supervision of payment service institutions to ensure that:

• firms are trying to treat customers fairly and their cultures are appropriately customer-centric; and
• systems and controls are geared towards offsetting the risks posed by financial crime.

Consumers are the key to the success of PSD2 and open banking as both initiatives rely so heavily on consent, so the FCA wants to help them understand the things to which they are consenting to and the benefits thereof.

Assessing the value of financial advice

Megan Butler, the FCA’s director of supervision for investment, wholesale and specialists, recently outlined the regulator’s concerns and activities in the financial advice and investment management market in another speech.

More and more options are available to consumers, so financial advice has never been more important to them, but relatively few of them are talking to advisors at the moment. Ms Butler therefore thought that everyone ought to ensure that “the value of advice is effectively communicated.”

Overall, suitability has increased and the FCA has turned its attention to the less visible indicators of poor performance. The regulator is currently looking at the following.

DB transfers. The FCA has found high levels of unsuitable advice in the DB transfer market and will be widening its work in this area to limit harm to consumers. Its main concerns are:

• firms failing to obtain adequate information about clients’ needs and circumstances;
• firms failing to consider the client’s needs alongside their objectives;
• inadequate assessments of clients’ risk appetites; and
• problems that stem from poor business models.

Highly risky investments. The FCA is using sophisticated analytic models to detect ‘higher-risk firms’ and offset the risk that they might be giving customers poor advice. It is also working alongside a number of agencies to tackle pension scams and fraud.

Informants. Although more and more tipsters are coming forward with news of skulduggery at their firms, such instances are still relatively rare by contrast with other industries. Ms Butler assured the audience that all reports from informants are treated in the strictest confidence.

The EU’s second Markets in Financial Instruments Directive. There are two areas here. MiFID II’s product governance rules will require firms to assess their target markets and ensure that products are performing as intended more strictly. As a result, distributors and product manufacturers should be sharing greater amounts of information. Cost and disclosure requirements are also heavier. Although the FCA does not intend to prescribe the format of these disclosures, it is looking at industry-led proposals for templates.

The use of AI to prevent financial crime

Rob Grupetta, the head of the FCA’s Financial Crime Department, recently delivered a speech on the use of technology to mitigate the risk of financial crime.

As technological capability increases, the industry is beginning to wonder how it can be harnessed to detect suspicious behaviour, e.g. whether machine learning and artificial intelligence (AI) can detect suspicious transactions instead of merely spotting thresholds being exceeded in real time. Grupetta said that data analysis and machine learning have been hailed as having the greatest potential to improve transaction monitoring. AI-driven anti-impersonation checks also look promising.

The FCA’s main concerns in this area centre on whether systems can spot suspicious activity effectively. Both transaction monitoring processes and financial crimes are subject to change, and with change comes risk. The FCA expects the following from firms.

• Responsible innovation. The FCA is encouraged to see that some firms are developing ethical codes to govern the use of ‘data science’ but stresses that all new technology should be implemented with appropriate testing, governance and superintendence.
• Trying systems out and replacing them. The regulator is happy for firms to decommission older systems if they are proven to be less effective than newer systems during a trial.
• Complementing human judgment. The FCA thinks that machine learning ought to sit alongside human judgement but not replace it entirely.

The FCA has spotted a few ‘non-technical problems’ as well.

• It has noticed that banks and the police force are not co-operating. This means that the provision of data and its consequent quality can be patchy and unreliable. The Joint Money Laundering Intelligence Task Force is working to improve this.
• The sharing of hitherto-secret data between institutions, enabled by the recently enacted Criminal Finances Act, will improve the quality and availability of intelligence for authorities and institutions.

Ultimately, technology can enhance financial crime detection if it is used alongside human judgment. The regulator knows that it needs to evolve in order to understand new technology and to regulate effectively.

Rob Grupetta’s speech was complemented by one given by Megan Butler on the topic of cyber-security in the UK’s capital markets.

The FCA wants to contain escalating cyber-threats by sharing intelligence and collaborating with enforcement bodies and regulators both in the UK and overseas, particularly as the rise in AI and machine learning increases the risk of cyber-attacks using ransomware and malware.

These risks, according to Ms Butler, are firmly on the FCA’s radar. It accepts that some cyber-attacks will be successful but still expects firms to make it aware of any cyber-breaches as soon as they know about them. The regulator believes that firms are not reporting enough breaches, so Ms Butler took the opportunity to reiterate the regulator’s expectations.

• Firms should report material breaches in real time.
• If firms are unsure whether they should report something to the FCA, they should report it anyway.
• Firms should establish good cyber-security practices, know what data they hold and having processes in place to respond to cyber attacks.

Money laundering through the capital markets is a significant emerging risk and effective controls are essential if the UK’s financial system is to be hostile towards money launderers. The UK’s capital markets have not had very good AML controls in the past, which explains the FCA’s interest in them.