fca business plan 2017/18 - moore...

PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk

FCA Business Plan 2017/18 17 May 2017

Agenda

• Introduction

– Andrew Jacobs

• Main themes of 2017/18 Business Plan

– Giovanni Giro

• Governance and culture, financial crime, wholesale markets and investment

management

– Lucy Gallagher

• Cyber security

– Steve Williams

• Conclusion

– Andrew Jacobs

The Mission. The Plan. The Views.

Mission Statement

Business Plan

Sector Views

The Business Plan

• In-depth assessment of emerging risks

• Identification of key trends Risk Outlook

• 6 key cross sector priorities for the year ahead Cross sector

• Detailed analysis of sector specific performance and issues

• Complimented by Sector Views Sector specific

• Authorisation of firms

• Promoting competition

• Supervising firms

• Developing policy

• Understanding consumers

Ongoing activities

PRECISE. PROVEN. PERFORMANCE.

Colour palette for PowerPoint presentations

Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26

Secondary colour palette

Primary colour palette

Secondary Maroon

R163 G0 B70 Secondary Purple

R113 G20 B113 Secondary Deep Purple

R96 G82 B112 Secondary Light Purple

R147 G151 B203

Secondary Pastel Green

R122 G204 B200 Secondary Bottle Green

R0 G146 B143 Secondary Pastel Blue

R80 G200 B232 Secondary Blue

R79 G138 B190 Secondary Light Green

R169 G195 B152 Secondary Bright Green

R122 G193 B67 Secondary Deep Green

R109 G141 B36 Secondary Olive

R164 G148 B0 Secondary Bright Yellow

R235 G215 B35 Secondary Deep Yellow

R229 G181 B59 Secondary Ecru

R200 G177 B139

Secondary Light Blue

R195 G208 B228

Main themes of 2017/18 Business

Plan

www.moorestephens.co.uk

Giovanni Giro, Senior Manger

Overview

• On 18 April the FCA released their 2017/18 Business Plan, Mission Statement and Sector Views, which include:

– Risk Outlook

– FCA’s cross-sector priorities and sector-specific priorities

– list of upcoming initiatives

The FCA stated: “Our aim is to ensure that the UK has effective, innovative and trusted financial services sector that provides public

value and meets the needs of all those who use it.”

• Brexit – the FCA will provide technical support to the Treasury and Bank of England to ensure smooth transfer of the EU rules into domestic legislation

Mission Statement and Sector Views

Mission Statement

• gives detail of the regulatory framework used to assess,

mitigate and make judgment-based decisions on the

expected impact on the market and further work required

Sector Views

• explains how each sector has been researched and

assessed based on 4 key ‘lenses’ of consumer journey,

market drivers, competition and firms’ behaviour

Cross-sector priorities

Firms’ culture and

governance

Financial crime and

AML

Promoting competition

and innovation

Technological change and resilience

Treatment of existing

customers

Consumer vulnerability and access

Planned cross-sector activities

Promoting competition and innovation

Priorities:

Publish resources to help firms developing ‘robo-advice’ services

Engage with regional and Scottish FinTech hubs

Project Innovate

Planned work:

Investigate how near and real-time compliance monitoring can reduce the regulatory burden

Continue to host themed weeks on specific areas of innovation

Undertake work with the Money and Mental Health Policy

Treatment of existing customers

Priorities:

Analyse the effect of wake-up packs

Look at how firms treat borrowers with interest-only mortgages

Planned work:

Shopping around and switching

The response to the CMA review of retail banking

Debt management sector review

Consumer vulnerability and access

Priorities:

Publish ‘Consumer Approach’ document

Work with third parties such as consumer groups, charities and industry

Planned work:

Possible changes to after-sales services

Focus on high-cost credit and overdraft users

Review of long-term mortgage arrears

Key sector priorities

Wholesale financial markets

Pensions and retirement

income

Retail banking

Retail lending General

insurance and protection

Retail investments

Investment Management

Planned activities in the key sectors

General insurance and protection

Priorities:

Effectiveness of competition in the Wholesale Insurance Market

Implementation of the IDD in February 2018

Planned work:

Conduct a review of General Insurance pricing practices

Review of the ‘Call for Inputs on Big Data’ feedback from September 2016

Retail market

Priorities:

Further thematic work of CFDs

Individual accountability under the SM&CR

Intervention to tackle the highest levels of consumer harm in riskiest sub-sectors

Review of Retail Banking business models

PSD2

Planned work:

Final guidance on the Financial Advice Market Review

Thematic work on the suitability of financial advice

Compliance review of P2P lending

Review of the price cap for high-cost short-term loans in summer 2017

Publish an interim report on the findings of the Mortgage Market Study

Pensions and retirement income

Priorities:

Publish interim report on the Retirement outcomes review

Non-workplace pensions

Planned work:

Pension Strategy

Review non-advised drawdown sales

Initial discovery on non-workplace pensions market

The FCA’s work

• Pillar 1 – ongoing proactive supervision of firms that

present the most risks to the FCA’s objectives

• Pillar 2 – will be event-driven, reactive supervision of actual

and emerging risks

• Pillar 3 – thematic work to focus on risks and issues

affecting a number of firms across the market, no specific

sectors have been detailed

Regulation timeline

EU Benchmark Regulations

January 2018

4MLD

June 2017

Implementation of IDD

February 2018 Implementation of PSD2

January 2018

Implementation of MiFID II

January 2018

Ring Fencing Implemented

by 2019

PRIIP Rules

January 2018

Securities Financing Transaction

From 2018

Shareholders Directive

2019

New Prudential Regime Final Report

(investment firms)

Mid 2017

SM&CR

March 2018

SEPA 2019

IPO reform

during 2017

2017 2018 2019

Conclusion

• Governance, conduct, financial crime and cyber-resilience

• Consumer credit firms will need to focus on customer

vulnerability, conduct and client money protection

• Firms in the retail market need to focus on customer access,

TCF, best execution and suitability/appropriateness

• Pension sales and transfers will be monitored carefully

• Insurance and protection firms need to prepare for the new IDD



Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26



Secondary Maroon




R147 G151 B203












R200 G177 B139


R195 G208 B228

Governance and culture, financial crime,

wholesale markets and investment

management

Lucy Gallagher, Managing Consultant


Cross-sector priorities

Culture and

governance

Financial crime

Cross-sector: governance and culture

FCA issues identified:

Poor culture

Business models not aligned with

appropriate Conduct

Remuneration structures

Weak governance and oversight

Lack of accountability

Culture of accountability

• A culture of accountability at all levels

• Senior management fully responsible

• Define what conduct and culture mean to your firm

• Tone must be set from the top

Key planned activities

Embedding of the Senior Managers & Certification Regime (SM&CR) for firms already in scope

Extend SM&CR to all other FSMA authorised firms

Continue to review regulatory framework for remuneration

Cross-sector: financial crime

FCA issues identified:

Changes in risk

criteria AML systems and

controls De-risking of banks

Fraud vulnerabilities

Key planned activities

Analysis of the annual REP-CRIM data item

New AML watchdog ‘Supervisor of Supervisors’ (Office for Professional Body AML Supervision (OPBAS))

Implementation of 4MLD and the FCA will continue to bring firms to account for poor AML systems and controls

Sector priorities

Wholesale market

Investment management

Sector: wholesale market

• Unprecedented challenge and significant change. Firms’ business

models have to adapt

• MIFID II and MIFIR – 3 January 2018

• Market Abuse Regulation

• Effectiveness of primary markets

• EU Benchmark Regulation

Market Abuse Regulation

• Took effect 3 July 2016

• Article 16 MAR: “effective arrangements, systems and procedures to

detect and report suspicious orders and transactions”

• FCA business plan states that punishing market abuse is a high priority

• Link to MiFID II transparency and reporting

MAR and MiFID II link

“Implementing the Markets in Financial Instruments Directive II

(MiFID II) allows us to introduce major reforms to improve resilience

and strengthen integrity and competition in wholesale markets.

The additional information we will get from firms when the Markets in

Financial Instruments Regulation (MiFIR) is introduced next year will

further increase the effectiveness of our market abuse work.”

Andrew Bailey, CEO, FCA

Sector: investment management

Key expectations:

• Effective competition is essential

• Investment management firms deliver good consumer outcomes

• Firms act in the best interests of their investor

• Investors understand the objectives of funds invested

• Conflicts are identified and managed

Planned activities

• Price competition is weak

• Investors not always clear about fund objectives

• Interim report proposed a number of remedies

• Final report due to be published by the FCA in Q2 2017

Asset management market study

• FCA discussion paper on fund liquidity released (DP17/1)

• FCA to review policy options and tools asset managers have to manage liquidity when facing redemptions and valuations

• Continue discussion with international regulators

Fund liquidity

• FCA planning a number of interventions in this sector

• Continue to ensure firms meet CASS obligations for the protection of client assets

Custody banks strategy

Summary

Changing regulatory framework

requires effective implementation

planning by firms

High priority:

• Governance / Culture

• Accountability

• Prevention of financial crime

MiFID II & MiFIR

MAR SM&CR



Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26



Secondary Maroon




R147 G151 B203












R200 G177 B139


R195 G208 B228

FCA Business Plan – cyber security

Steve Williams, Partner


Introduction

• Cyber security and resilience issues are attracting the

attention of the FCA

• They pervade the FCA’s business plan

• Unclear what work is planned in these areas

• Highlight our perspective on areas of likely focus and key

actions for firms

What does the Plan say?

• Cross sector focus on technological change and resilience

• The FCA will:

– establish cyber coordination groups across five sectors to battle

cyber attacks

– increase engagement with the industry in relation to new

technologies, resilience of IT systems and cyber crime risk

Firms have

‘legacy’ systems

Firms need to change to respond to

digital trends

Firms sometimes

don’t manage the risk

associated with change

well…

…and can introduce resilience

risks…

…and cyber security risks

Why is this important?

0

10

20

30

40

50

60

70

80

2015/2016 2016/2017 2017/18

Cyber

Resilience

• ‘Cyber’ is becoming

embedded in the

regulator’s language

• The FCA obviously

considers ‘cyber’ and

‘resilience’ a key risk

Number of mentions of ‘Cyber’ and ‘Resilience’ (in an operational context) in FCA

business plans 2015 - 2018

What does the regulator expect of firms

#1

• Governance

• Training and awareness

• Staff recruitment and vetting

• Access rights

• Passwords and user accounts

• Monitoring access to customer data

• Data back-up

• Access to the internet and email

• Key-logging devices

• Laptops

• Portable media including USB devices and CDs

• Physical security

• Disposal of customer data

• Managing third-party suppliers

• Internal audit and compliance monitoring FCA Financial Crime Guide – Parts 1 & 2, offer guidance

on information and cyber security

What does the regulator expect of firms

#2

• The FCA has created a dedicated

Cyber Specialists Team to oversee

the way that firms manage cyber

risk

• The remit and focus of this team is

not clear, however recent speeches

and correspondence with firms

suggest some themes

Analysis of language used in last two FCA speeches on cyber security, 14 November

2016 and 24 April 2017

Building effective resilience

• Business continuity planning

• IOSCO ‘Guidance on cyber

resilience for financial market

infrastructures’ June 2016

• (https://www.iosco.org/library/p

ubdocs/pdf/IOSCOPD535.pdf)

• PRA / FCA questionnaire on

resilience and insurance

(2015):

• http://www.bankofengland.co.uk

/pra/Documents/about/insuranc

eletter100815.pdf

Identification

Protection Detection

Recovery

Governance

Testing

Situational Awareness

Learning

https://www.iosco.org/library/pubdocs/pdf/IOSCOPD535.pdf




http://www.bankofengland.co.uk/pra/Documents/about/insuranceletter100815.pdf





Managing change effectively

• Why? What?

• When? How?

• Risk management Plan

• Functional and non functional

• Systems and processes Build

• Functional and non functional

• Systems and processes Test

• Plan

• Validate Deploy

• Back out Plan B

• Many different models for change

• Principles are consistent between these

• Critical to know what you are doing, why you are doing it and to test to exhaustion

Changing enforcement trends

• In January 2017, RSA

Insurance PLC was fined

£150,000 for loss of customer

data

• This was not by the FCA – this

was by the Information

Commissioner’s office (ICO)

• There have been several

other enforcement actions

(non-security) by the ICO

• Strict new regulation (General

Data Protection Regulation)

will be in force in May 2018

• Other regulations include…



Primary Cyan

R0 G174 B239

Primary Black

R35 G31 B32

Secondary Red

R191 G49 B26



Secondary Maroon




R147 G151 B203












R200 G177 B139


R195 G208 B228

Conclusion


Andrew Jacobs, Director

How should firms respond?

Align business risk assessments to the FCA’s risks and key priorities:

• Technology and cyber resilience – identified as a key risk facing firms

• Culture and governance – a continuing priority. The FCA aims to consult

SM&CR for all other FSMA firms in 2017 and implement the regime from

2018

• Financial crime and anti-money laundering – implementation of the Fourth

Money Laundering Directive, systems and controls to counter financial crime

both internal and external to firms

• Macro-economic changes – contingency plans due to sense of uncertainty

from the FCA on Brexit

Conclusion

• Cyber security and technology resilience are a growing area of regulatory focus.

FCA is obviously investing in its capability, so we expect this focus to grow

• Analyse the Sector views applicable to your business model and carry out a

health check to pre-empt any supervisory or thematic activity

• Other regulations are due to come into force that will also impact regulated firms,

such as MiFID II which will join the regulatory and technology expectations on

Firm, particularly in respect of market transparency and prevention of financial

crime

• Align your Compliance Monitoring Plans (CMPs) the specific areas highlighted

and the overarching themes we have outlined

Questions or comments?

PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk

FCA Business Plan 2017/2018 17 May 2017