fca business plan 2017/18 - moore...
TRANSCRIPT
PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk
FCA Business Plan 2017/18 17 May 2017
Agenda
• Introduction
– Andrew Jacobs
• Main themes of 2017/18 Business Plan
– Giovanni Giro
• Governance and culture, financial crime, wholesale markets and investment
management
– Lucy Gallagher
• Cyber security
– Steve Williams
• Conclusion
– Andrew Jacobs
The Mission. The Plan. The Views.
Mission Statement
Business Plan
Sector Views
The Business Plan
• In-depth assessment of emerging risks
• Identification of key trends Risk Outlook
• 6 key cross sector priorities for the year ahead Cross sector
• Detailed analysis of sector specific performance and issues
• Complimented by Sector Views Sector specific
• Authorisation of firms
• Promoting competition
• Supervising firms
• Developing policy
• Understanding consumers
Ongoing activities
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70 Secondary Purple
R113 G20 B113 Secondary Deep Purple
R96 G82 B112 Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200 Secondary Bottle Green
R0 G146 B143 Secondary Pastel Blue
R80 G200 B232 Secondary Blue
R79 G138 B190 Secondary Light Green
R169 G195 B152 Secondary Bright Green
R122 G193 B67 Secondary Deep Green
R109 G141 B36 Secondary Olive
R164 G148 B0 Secondary Bright Yellow
R235 G215 B35 Secondary Deep Yellow
R229 G181 B59 Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228
Main themes of 2017/18 Business
Plan
www.moorestephens.co.uk
Giovanni Giro, Senior Manger
Overview
• On 18 April the FCA released their 2017/18 Business Plan, Mission Statement and Sector Views, which include:
– Risk Outlook
– FCA’s cross-sector priorities and sector-specific priorities
– list of upcoming initiatives
The FCA stated: “Our aim is to ensure that the UK has effective, innovative and trusted financial services sector that provides public
value and meets the needs of all those who use it.”
• Brexit – the FCA will provide technical support to the Treasury and Bank of England to ensure smooth transfer of the EU rules into domestic legislation
Mission Statement and Sector Views
Mission Statement
• gives detail of the regulatory framework used to assess,
mitigate and make judgment-based decisions on the
expected impact on the market and further work required
Sector Views
• explains how each sector has been researched and
assessed based on 4 key ‘lenses’ of consumer journey,
market drivers, competition and firms’ behaviour
Cross-sector priorities
Firms’ culture and
governance
Financial crime and
AML
Promoting competition
and innovation
Technological change and resilience
Treatment of existing
customers
Consumer vulnerability and access
Planned cross-sector activities
Promoting competition and innovation
Priorities:
Publish resources to help firms developing ‘robo-advice’ services
Engage with regional and Scottish FinTech hubs
Project Innovate
Planned work:
Investigate how near and real-time compliance monitoring can reduce the regulatory burden
Continue to host themed weeks on specific areas of innovation
Undertake work with the Money and Mental Health Policy
Treatment of existing customers
Priorities:
Analyse the effect of wake-up packs
Look at how firms treat borrowers with interest-only mortgages
Planned work:
Shopping around and switching
The response to the CMA review of retail banking
Debt management sector review
Consumer vulnerability and access
Priorities:
Publish ‘Consumer Approach’ document
Work with third parties such as consumer groups, charities and industry
Planned work:
Possible changes to after-sales services
Focus on high-cost credit and overdraft users
Review of long-term mortgage arrears
Key sector priorities
Wholesale financial markets
Pensions and retirement
income
Retail banking
Retail lending General
insurance and protection
Retail investments
Investment Management
Planned activities in the key sectors
General insurance and protection
Priorities:
Effectiveness of competition in the Wholesale Insurance Market
Implementation of the IDD in February 2018
Planned work:
Conduct a review of General Insurance pricing practices
Review of the ‘Call for Inputs on Big Data’ feedback from September 2016
Retail market
Priorities:
Further thematic work of CFDs
Individual accountability under the SM&CR
Intervention to tackle the highest levels of consumer harm in riskiest sub-sectors
Review of Retail Banking business models
PSD2
Planned work:
Final guidance on the Financial Advice Market Review
Thematic work on the suitability of financial advice
Compliance review of P2P lending
Review of the price cap for high-cost short-term loans in summer 2017
Publish an interim report on the findings of the Mortgage Market Study
Pensions and retirement income
Priorities:
Publish interim report on the Retirement outcomes review
Non-workplace pensions
Planned work:
Pension Strategy
Review non-advised drawdown sales
Initial discovery on non-workplace pensions market
The FCA’s work
• Pillar 1 – ongoing proactive supervision of firms that
present the most risks to the FCA’s objectives
• Pillar 2 – will be event-driven, reactive supervision of actual
and emerging risks
• Pillar 3 – thematic work to focus on risks and issues
affecting a number of firms across the market, no specific
sectors have been detailed
Regulation timeline
EU Benchmark Regulations
January 2018
4MLD
June 2017
Implementation of IDD
February 2018 Implementation of PSD2
January 2018
Implementation of MiFID II
January 2018
Ring Fencing Implemented
by 2019
PRIIP Rules
January 2018
Securities Financing Transaction
From 2018
Shareholders Directive
2019
New Prudential Regime Final Report
(investment firms)
Mid 2017
SM&CR
March 2018
SEPA 2019
IPO reform
during 2017
2017 2018 2019
Conclusion
• Governance, conduct, financial crime and cyber-resilience
• Consumer credit firms will need to focus on customer
vulnerability, conduct and client money protection
• Firms in the retail market need to focus on customer access,
TCF, best execution and suitability/appropriateness
• Pension sales and transfers will be monitored carefully
• Insurance and protection firms need to prepare for the new IDD
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70 Secondary Purple
R113 G20 B113 Secondary Deep Purple
R96 G82 B112 Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200 Secondary Bottle Green
R0 G146 B143 Secondary Pastel Blue
R80 G200 B232 Secondary Blue
R79 G138 B190 Secondary Light Green
R169 G195 B152 Secondary Bright Green
R122 G193 B67 Secondary Deep Green
R109 G141 B36 Secondary Olive
R164 G148 B0 Secondary Bright Yellow
R235 G215 B35 Secondary Deep Yellow
R229 G181 B59 Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228
Governance and culture, financial crime,
wholesale markets and investment
management
Lucy Gallagher, Managing Consultant
www.moorestephens.co.uk
Cross-sector priorities
Culture and
governance
Financial crime
Cross-sector: governance and culture
FCA issues identified:
Poor culture
Business models not aligned with
appropriate Conduct
Remuneration structures
Weak governance and oversight
Lack of accountability
Culture of accountability
• A culture of accountability at all levels
• Senior management fully responsible
• Define what conduct and culture mean to your firm
• Tone must be set from the top
Key planned activities
Embedding of the Senior Managers & Certification Regime (SM&CR) for firms already in scope
Extend SM&CR to all other FSMA authorised firms
Continue to review regulatory framework for remuneration
Cross-sector: financial crime
FCA issues identified:
Changes in risk
criteria AML systems and
controls De-risking of banks
Fraud vulnerabilities
Key planned activities
Analysis of the annual REP-CRIM data item
New AML watchdog ‘Supervisor of Supervisors’ (Office for Professional Body AML Supervision (OPBAS))
Implementation of 4MLD and the FCA will continue to bring firms to account for poor AML systems and controls
Sector priorities
Wholesale market
Investment management
Sector: wholesale market
• Unprecedented challenge and significant change. Firms’ business
models have to adapt
• MIFID II and MIFIR – 3 January 2018
• Market Abuse Regulation
• Effectiveness of primary markets
• EU Benchmark Regulation
Market Abuse Regulation
• Took effect 3 July 2016
• Article 16 MAR: “effective arrangements, systems and procedures to
detect and report suspicious orders and transactions”
• FCA business plan states that punishing market abuse is a high priority
• Link to MiFID II transparency and reporting
MAR and MiFID II link
“Implementing the Markets in Financial Instruments Directive II
(MiFID II) allows us to introduce major reforms to improve resilience
and strengthen integrity and competition in wholesale markets.
The additional information we will get from firms when the Markets in
Financial Instruments Regulation (MiFIR) is introduced next year will
further increase the effectiveness of our market abuse work.”
Andrew Bailey, CEO, FCA
Sector: investment management
Key expectations:
• Effective competition is essential
• Investment management firms deliver good consumer outcomes
• Firms act in the best interests of their investor
• Investors understand the objectives of funds invested
• Conflicts are identified and managed
Planned activities
• Price competition is weak
• Investors not always clear about fund objectives
• Interim report proposed a number of remedies
• Final report due to be published by the FCA in Q2 2017
Asset management market study
• FCA discussion paper on fund liquidity released (DP17/1)
• FCA to review policy options and tools asset managers have to manage liquidity when facing redemptions and valuations
• Continue discussion with international regulators
Fund liquidity
• FCA planning a number of interventions in this sector
• Continue to ensure firms meet CASS obligations for the protection of client assets
Custody banks strategy
Summary
Changing regulatory framework
requires effective implementation
planning by firms
High priority:
• Governance / Culture
• Accountability
• Prevention of financial crime
MiFID II & MiFIR
MAR SM&CR
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70 Secondary Purple
R113 G20 B113 Secondary Deep Purple
R96 G82 B112 Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200 Secondary Bottle Green
R0 G146 B143 Secondary Pastel Blue
R80 G200 B232 Secondary Blue
R79 G138 B190 Secondary Light Green
R169 G195 B152 Secondary Bright Green
R122 G193 B67 Secondary Deep Green
R109 G141 B36 Secondary Olive
R164 G148 B0 Secondary Bright Yellow
R235 G215 B35 Secondary Deep Yellow
R229 G181 B59 Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228
FCA Business Plan – cyber security
Steve Williams, Partner
www.moorestephens.co.uk
Introduction
• Cyber security and resilience issues are attracting the
attention of the FCA
• They pervade the FCA’s business plan
• Unclear what work is planned in these areas
• Highlight our perspective on areas of likely focus and key
actions for firms
What does the Plan say?
• Cross sector focus on technological change and resilience
• The FCA will:
– establish cyber coordination groups across five sectors to battle
cyber attacks
– increase engagement with the industry in relation to new
technologies, resilience of IT systems and cyber crime risk
Firms have
‘legacy’ systems
Firms need to change to respond to
digital trends
Firms sometimes
don’t manage the risk
associated with change
well…
…and can introduce resilience
risks…
…and cyber security risks
Why is this important?
0
10
20
30
40
50
60
70
80
2015/2016 2016/2017 2017/18
Cyber
Resilience
• ‘Cyber’ is becoming
embedded in the
regulator’s language
• The FCA obviously
considers ‘cyber’ and
‘resilience’ a key risk
Number of mentions of ‘Cyber’ and ‘Resilience’ (in an operational context) in FCA
business plans 2015 - 2018
What does the regulator expect of firms
#1
• Governance
• Training and awareness
• Staff recruitment and vetting
• Access rights
• Passwords and user accounts
• Monitoring access to customer data
• Data back-up
• Access to the internet and email
• Key-logging devices
• Laptops
• Portable media including USB devices and CDs
• Physical security
• Disposal of customer data
• Managing third-party suppliers
• Internal audit and compliance monitoring FCA Financial Crime Guide – Parts 1 & 2, offer guidance
on information and cyber security
What does the regulator expect of firms
#2
• The FCA has created a dedicated
Cyber Specialists Team to oversee
the way that firms manage cyber
risk
• The remit and focus of this team is
not clear, however recent speeches
and correspondence with firms
suggest some themes
Analysis of language used in last two FCA speeches on cyber security, 14 November
2016 and 24 April 2017
Building effective resilience
• Business continuity planning
• IOSCO ‘Guidance on cyber
resilience for financial market
infrastructures’ June 2016
• (https://www.iosco.org/library/p
ubdocs/pdf/IOSCOPD535.pdf)
• PRA / FCA questionnaire on
resilience and insurance
(2015):
• http://www.bankofengland.co.uk
/pra/Documents/about/insuranc
eletter100815.pdf
Identification
Protection Detection
Recovery
Governance
Testing
Situational Awareness
Learning
Managing change effectively
• Why? What?
• When? How?
• Risk management Plan
• Functional and non functional
• Systems and processes Build
• Functional and non functional
• Systems and processes Test
• Plan
• Validate Deploy
• Back out Plan B
• Many different models for change
• Principles are consistent between these
• Critical to know what you are doing, why you are doing it and to test to exhaustion
Changing enforcement trends
• In January 2017, RSA
Insurance PLC was fined
£150,000 for loss of customer
data
• This was not by the FCA – this
was by the Information
Commissioner’s office (ICO)
• There have been several
other enforcement actions
(non-security) by the ICO
• Strict new regulation (General
Data Protection Regulation)
will be in force in May 2018
• Other regulations include…
PRECISE. PROVEN. PERFORMANCE.
Colour palette for PowerPoint presentations
Primary Cyan
R0 G174 B239
Primary Black
R35 G31 B32
Secondary Red
R191 G49 B26
Secondary colour palette
Primary colour palette
Secondary Maroon
R163 G0 B70 Secondary Purple
R113 G20 B113 Secondary Deep Purple
R96 G82 B112 Secondary Light Purple
R147 G151 B203
Secondary Pastel Green
R122 G204 B200 Secondary Bottle Green
R0 G146 B143 Secondary Pastel Blue
R80 G200 B232 Secondary Blue
R79 G138 B190 Secondary Light Green
R169 G195 B152 Secondary Bright Green
R122 G193 B67 Secondary Deep Green
R109 G141 B36 Secondary Olive
R164 G148 B0 Secondary Bright Yellow
R235 G215 B35 Secondary Deep Yellow
R229 G181 B59 Secondary Ecru
R200 G177 B139
Secondary Light Blue
R195 G208 B228
Conclusion
www.moorestephens.co.uk
Andrew Jacobs, Director
How should firms respond?
Align business risk assessments to the FCA’s risks and key priorities:
• Technology and cyber resilience – identified as a key risk facing firms
• Culture and governance – a continuing priority. The FCA aims to consult
SM&CR for all other FSMA firms in 2017 and implement the regime from
2018
• Financial crime and anti-money laundering – implementation of the Fourth
Money Laundering Directive, systems and controls to counter financial crime
both internal and external to firms
• Macro-economic changes – contingency plans due to sense of uncertainty
from the FCA on Brexit
Conclusion
• Cyber security and technology resilience are a growing area of regulatory focus.
FCA is obviously investing in its capability, so we expect this focus to grow
• Analyse the Sector views applicable to your business model and carry out a
health check to pre-empt any supervisory or thematic activity
• Other regulations are due to come into force that will also impact regulated firms,
such as MiFID II which will join the regulatory and technology expectations on
Firm, particularly in respect of market transparency and prevention of financial
crime
• Align your Compliance Monitoring Plans (CMPs) the specific areas highlighted
and the overarching themes we have outlined
Questions or comments?
PRECISE. PROVEN. PERFORMANCE. www.moorestephens.co.uk
FCA Business Plan 2017/2018 17 May 2017