It is clear that the UK Financial Conduct Authority (FCA) intends to be more aggressive in its enforcement activity in the coming year.
The FCA’s Business Plan for 2021/22 (the Business Plan) signals a change in focus for the regulator, having concentrated its efforts in the past year on mitigating the seismic impact of COVID-19 on the markets, as covered in last year’s OnPoint.1 FCA enforcement activity for the year to 31 March 2021 fell significantly. Recently released enforcement data for 2020/2021 shows that, as compared to the previous year, the FCA secured far fewer outcomes using its enforcement powers, imposed fewer financial penalties and opened fewer cases.2
However, the FCA is now turning its sights on becoming a more “forward-looking, proactive regulator”,3 thereby requiring it to be more innovative, adaptive, and perhaps of most concern to firms, assertive. This OnPoint sets out our expectations on the key regulatory areas which may be on the FCA’s enforcement radar and on which firms should focus their efforts in the year ahead.
Environmental, Social and Governance (ESG) regulatory risks
In light of the continuing trend towards sustainable investing and the ongoing transition to a low carbon economy, the Business Plan outlines a number of ESG-related objectives for the FCA, including:
- Ensuring firms have governance arrangements in place for “more complete and careful consideration of material ESG risks and opportunities”.
- Addressing concerns about greenwashing by protecting consumers from misleading marketing and disclosures with respect to ESG-related products.
Firms should ensure that they have incorporated an assessment of ESG risks into their governance structures and have strengthened their systems and controls to mitigate ESG risks.
This is particularly acute for the asset management industry in light of the FCA’s (i) focus on effective governance in the industry (as highlighted in last year’s Business Plan), (ii) June 2021 review findings which indicated that a number of ‘host’ Authorised Fund Managers (AFMs) had weaknesses in governance structures, managing conflicts of interest, operational controls and oversight of third party investment managers,4 and (iii) recent letter to the chairs of UK AFMs setting out its expectations and principles with regard to greenwashing.5 Whilst the letter is addressed to AFMs, it is suggestive of the approach that the FCA will take to fund managers generally.
The FCA is also targeting diversity and inclusion (D&I) improvements across the financial services sector, with the FCA increasingly looking to treat D&I as a regulatory issue.6 Promoting an inclusive and diverse culture, along with an appropriate ‘tone from the top’, should form a fundamental part of firms’ governance and compliance strategies.
Market abuse and financial crime
Ensuring that regulated firms are effective in preventing market abuse and reducing financial crime risks remains a key priority for the FCA. Significant investments in data collection, analysis and technology – £120 million over the next three years – will improve the FCA’s ability to detect and investigate misconduct. The FCA is aiming to use advanced analytics to proactively identify potential harm for investigation and become “more data-driven to find and stop harm quicker”.
These improvements will be implemented alongside a renewed focus on whistleblowing, with the FCA launching a campaign in March 2021 to encourage individuals to report potential wrongdoing to the FCA.7 The FCA’s first enforcement action under the Senior Managers Regime concerned the actions of the CEO of an international financial institution in response to allegations raised by a whistleblower; the financial institution was also required to report annually on its whistleblowing systems and controls to the FCA and Prudential Regulation Authority. Firms would be well advised to ensure that their whistleblowing policies and procedures are effective and that they are promoting a 'speak up' culture which encourages employees to raise concerns.
In relation to market abuse, the FCA notes the fundamental role played by its monitoring of Suspicious Transaction and Order Reports (STORS) and, as highlighted in a previous OnPoint8, we anticipate increased attention on market abuse risks, particularly those that have been heightened due to the pandemic. For example, the FCA has continuously highlighted the market integrity risks of remote working. This will require firms to update their market abuse risk assessments on an ongoing basis to ensure that risks arising from ongoing changes to working environments are appropriately mitigated.
Money laundering and cryptoassets
We anticipate that money laundering risks will continue to be at the top of the FCA’s enforcement agenda. The FCA recently took the step of pursuing its first criminal proceedings under the Money Laundering Regulations 2007 against National Westminster Bank Plc, which related to failures to adhere to due diligence and ongoing monitoring requirements around cash deposits. The FCA is therefore not reticent to take bold steps to promote adherence to money laundering rules in the market.
We expect the FCA to particularly focus on how firms manage the money laundering risk of clients who hold cryptoassets and/or trade in the crypto markets. This should be read in the context that the estimated number of users holding cryptoassets has risen to 2.3 million, however, the FCA has found that the level of understanding of consumers is declining.9 As set out in our recent OnPoint,10 the FCA is taking a more interventionist approach in crypto markets, as highlighted by its recent decision to ban Binance Markets Limited (Binance) – part of one of the world’s biggest cryptocurrency exchanges – from carrying out any regulated activity in the UK, with concerns over money laundering apparently at the heart of its decision. The FCA’s focus on cryptoassets is also in line with the approach of the Serious Fraud Office (SFO) which identified “the growth of cryptocurrency” as one of its four priority themes in its recent business plan.11
Bribery and corruption
Although not directly referenced within the Business Plan, firms can expect the FCA to take action for weak controls to prevent bribery, especially in sectors which make third party payments to secure or manage foreign business.
Operational resilience is a cross-market focus for the FCA, which notes the harm to market integrity and consumers that can be caused by operational weaknesses. With the recent proliferation of cyber and ransomware attacks, ensuring that IT procedures and emergency protocols are up to date should be a priority for all firms, to mitigate against unexpected disruption to their services. The FCA’s Cyber Coordination Group initiative, which undertakes quarterly meetings, provides helpful insight for firms into emerging trends and risks in the cybersecurity field. For example, it has noted that the change to remote working has put additional strain on cybersecurity teams and systems, and has also exacerbated the challenges caused by ransomware, supply chain security and insider threats.12 Operational resilience is further enabled by firms taking steps to implement a compliance-focused culture and sound governance arrangements.
The FCA’s ‘perimeter’
The FCA views the question of its regulatory perimeter – the boundary between what is and is not regulated by the FCA – as a “perennial challenge”.13 Following the conclusion of the independent review into the FCA’s regulation of London Capital & Finance (Dechert’s London office having supported the Independent Investigator in connection with the investigation14), the FCA has announced that it is undertaking a ‘use it or lose it’ exercise whereby it will pilot the removal of firms’ permissions where they are not carrying out regulated activities. According to the FCA, this is to “limit the ‘halo effect’ of regulation – where firms use our oversight of one activity to make unregulated activities appear more trustworthy.” This is a timely reminder for firms to ensure their permissions are up to date taking account of their current and anticipated business.
Fraud: inter-agency and cross-border cooperation
The rapid increase in fraud, which is increasingly complex and cross-border in nature, means that the FCA will aim to work closely with agencies including the Home Office, SFO and National Economic Crime Centre, as well as its international partners, to focus on detecting and stopping FCA-regulated firms involved in fraud. The FCA considers international cooperation as more important than ever in enabling it to meet its objectives.
Consumer priorities at the wholesale level
Wholesale and retail markets are in many cases intrinsically connected, and the FCA views strong compliance systems in the wholesale industry as an important feature of protecting retail markets: “An appropriate degree of consumer protection partly relies on firms in wholesale markets meeting the components of market integrity set out in FSMA: orderly operation, resilience, transparency and strong defences against financial crime and market abuse”. Mis-selling at the wholesale and retail level will remain a priority area for the FCA. Firms should review and refresh the suitability of products offered to professional and institutional clients as well as ensuring the categorisation assigned to a client remains appropriate.
In the Business Plan, the FCA reiterates that it will focus on the four consumer priorities set out in last year’s Business Plan, while recognising that they have been shaped by ongoing developments in the financial markets: (i) enabling effective consumer investment decisions; (ii) ensuring consumer credit markets work well; (iii) making payments safe and accessible; and (iv) delivering fair value in a digital age. Firms – and particularly those with dual retail and wholesale aspects to their businesses – should test the adequacy of their governance practices in place to make sure that they support these consumer outcomes.
The FCA’s recently released Annual Report explicitly stated that the regulator expects over the next 12 months to see an increase in complex, multi-party cases involving both firms and individuals.15 This was supported by the FCA’s CEO, Nikhil Rathi, in his 15 July 2021 speech accompanying the Business Plan, which outlined his intention for the FCA to get on the “front foot” and test the limits of its powers.16
Firms should therefore be prepared for heightened scrutiny of the regulatory areas set out above and can expect the FCA’s re-energised ‘assertiveness’ to result in a notable increase in FCA enforcement activity. To mitigate against such risks, firms must ensure that, amongst other things, they are (i) assessing their ability to detect and prevent financial crime and (ii) instilling appropriate risk-based systems and controls to manage the regulatory risks inherent in developing areas such as ESG and cryptoassets.
Dechert has extensive experience of advising firms on regulatory risks and financial crime, and how to tailor their policies and procedures in a rapidly changing environment. We also regularly advise firms on their interactions with the FCA, conducting internal investigations, and on defence strategy in regulatory and criminal investigations.
2) In 2020/2021, the FCA had 147 outcomes using its enforcement powers and imposed 10 financial penalties totalling £189.8 million; this represents a significant decrease from 2019/20 when the FCA secured 217 outcomes and 15 financial penalties totalling £224.4 million. The number of cases opened in 2020/2021 (134 cases) also fell by 27 percent when compared with 2019/20 (184 cases). See: https://www.fca.org.uk/data/enforcement-data-annual-report-2020-21.
3) All quotes in this article are taken from the Business Plan unless otherwise stated.
6) Speech by Nikhil Rathi (FCA CEO) on 15 July 2021 titled “Transforming to a forward-looking, proactive regulator”. See: https://www.fca.org.uk/news/speeches/transforming-forward-looking-proactive-regulator
15) FCA Annual Report and Accounts 2020/21.