1 The FCA’s approach to supervision What’s new and what’s not
THE FCA’S APPROACH TO SUPERVISION In March 2014, the FCA published its new guides to supervising authorised firms. These guides are a useful tool for senior managers and compliance officers, enabling them to understand and plan for increased regulatory scrutiny in the future. A guide on Enhanced Supervision issued in June 2014, which sets out details of the FCA’s more intense approach to supervising firms where serious failings are uncovered, supplements this. A noteworthy departure from the previous Advanced Risk Responsive Framework (or ARROW model) is the FCA’s intention to engage with employees at all levels of a regulated firm. There is a particular focus on front office staff, in order to assess how cultural messages set at board level are implemented in practice. This could potentially add to the workload of compliance officers, who may increasingly be called on to prepare an ever greater number of employees for contact with the FCA. Supervision will be organised in four categories, with varying levels of interaction with regulated firms, according to the firm’s size and systemic importance as determined by the FCA. Firms which fall into the C1 and C2 categories will be subject to the most intense regulatory scrutiny because of their importance to the proper functioning of the UK financial markets. It is notable however that, whilst there are changes in the Supervisory approach, a large part of supervision activity under Pillar 1 is similar to the former ARROW framework. 1 2 3 The three pillar supervision model is built around the FCA’s operational objectives to: secure an appropriate degree of protection for consumers protect and enhance the integrity of the UK financial systems promote effective competition in the interest of consumers. 1 2 3 1 THE FCA’S APPROACH TO SUPERVISION 2 1. WHAT IS THE NEW FCA SUPERVISION MODEL? PILLAR 1 PROACTIVE GROUP SUPERVISION PILLAR 2 EVENT-DRIVEN, REACTIVE SUPERVISION Pillar 1 supervision is expected to be the most intrusive, with firms subjected to a detailed business model and strategy analysis, together with deep dive assessments and a review of management information provided to the FCA, to address any issues of concern. These will also be supplemented with regular meetings and strategy discussions between firms and the FCA culminating in an annual (C1 firms) or bi-annual (C2 firms) firm evaluation. Pillar 2 will be centred around FCA analysis of data submitted by firms as well as whistleblower and consumer complaints to identify risks or problems which are likely to lead to consumer detriment, or have a negative effect on market integrity. Where risks or issues are identified, the FCA has stated that it expects to take swift, and proportionate, action to prevent further detriment, including appointing a skilled person or taking enforcement action, as it deems appropriate. Once issues are identified, the onus will be on firms, and senior management in particular, to put in place a comprehensive and credible plan of action to mitigate any risks. In certain cases, the FCA may require personal attestations by senior managers that risks were addressed and a demonstration that appropriate outcomes were achieved. Regulated firms will be subject to a three pillar supervision model. The FCA’s focus under all three pillars will be on managing risk and ensuring the right outcomes for consumers, including through measures to promote and preserve market integrity. THE FCA’S APPROACH TO SUPERVISION 3 2. HOW DOES THE NEW MODEL DIFFER FROM THE OLD ARROW VISIT MODEL? PILLAR 3 ISSUES AND PRODUCT SUPERVISION Finally, under Pillar 3, the FCA, as an extension of thematic reviews the FSA previously undertook, expects to carry out an increasing number of thematic reviews to examine emerging risks, new products and other issues. Their focus will be issues common across a number of sectors or firms, including studies to assess whether competition is effective within the sector. These thematic reviews and competition studies are intended to enable the FCA to take appropriate action to improve financial services for consumers through mitigating risk, rather than to provide guidance to firms or individuals on an appropriate course of action. The findings from thematic reviews may be used to highlight good and bad practices, and may also lead to the publication of further regulatory guidance, policy changes or specific consumer communications. The new supervision model marks a departure from the previous ARROW model, which was largely focused on assessing products and their target audience, conflicts of interest and complaints. The FCA will now be interested in looking at business and group financials to understand how firms generate their profit, and whether their business model poses a potential risk to consumers. The FCA also expects to increase scrutiny over employees at all levels of the organisation to assess how systems and controls are implemented in practice. Finally, regulatory scrutiny will not decrease with compliance. Firms can expect to be subject to the same Pillar 1 supervision regardless of the results of their previous firm assessment. THE FCA’S APPROACH TO SUPERVISION 4 1 6 2 7 3 8 4 9 5 10 3. WHAT PRINCIPLES WILL THE NEW SUPERVISION MODEL BE BASED ON? The supervision model will be based on the ten principles below See SUP1A.3.2G: forward looking and more interventionist focused on judgment, not process consumer-centric focused on the big issues and causes of problems interfaces with executive management/boards robust when things go wrong focused on business model and culture as well as product supervision viewing poor behaviour in all markets through the lens of the impact on consumers orientated towards firms doing the right thing externally focused, engaged and listening to all sources of information. THE FCA’S APPROACH TO SUPERVISION 5 4. HOW DO THOSE PRINCIPLES RELATE TO THE FCA’S PRINCIPLES FOR BUSINESSES? The ten principles for supervision should be read in conjunction with the FCA’s Principles for Businesses as there are clear areas of convergence between the two. Whereas the FCA’s Principles for Businesses offer high-level guidance to firms as to the standard of conduct and operation expected of them, the ten principles for supervision provide the more granular detail of the types of issues and behaviours the FCA is likely to focus on. 5. WHICH AREAS WILL THE FCA FOCUS ON? The FCA will focus on five main areas, namely: • Business model and strategy The FCA will question firms regarding the detail of their business strategies and business plans. Firms will be expected to demonstrate how they assess and mitigate risks generated by the strategies they adopt. The emphasis of any probe may be on how firms generate profit. • Culture The FCA will place particular emphasis on understanding the way that a firm conducts its business, the expectations placed on staff and their attitude towards customers. Firms will be free to adopt such culture as they deem appropriate for their organisation, however they must ensure that they place treating customers fairly at the heart of their business. Appropriate safeguards must also be put in place to ensure that firms do not engage in market abuse. • Front line business processes The FCA will look at firms’ business processes from product development to complaints handling which should be designed to meet customers’ needs and expectations. The FCA is likely to start with a review of retail and wholesale practices concentrating on areas which they believe pose the greatest risks to market integrity, consumers and effective competition. THE FCA’S APPROACH TO SUPERVISION 6 • Systems and controls Firms should ensure that they have effective systems and controls in place to identify and deal with business risk as these can be used to reinforce the right culture and business practice. Such systems and controls will need to encompass effective anti-money laundering measures. The FCA expects firms to have effective and independent controls, usually vested in the compliance, risk and internal audit functions, who must provide an effective challenge to the business units, and assurance to senior management and the board that the group is operating within the spirit and the letter of the regulatory rules. • Governance Senior managers should be able to explain clearly the conduct risks inherent in their strategies. They should be focused on the way their firms implement consumer and market values. The FCA may look at how a board examines issues like high-return products or business lines, the extent to which senior managers understand strategies for cross-selling products, growth rates, and whether products are being sold to customers and markets they were designed for. The FCA is likely to be interested in the way senior management deals with the “should we do this” element of decision making rather than an emphasis on “can we do this” as a demonstration of informed, effective management. 6. WHAT ADDITIONAL SUPERVISORY TOOLS COULD THE FCA USE? The FCA is focusing its efforts on a supervisory tool, previously used sparingly – the attestation. The aim of using attestations is to ensure that senior management at regulated firms remains focused and accountable for specific issues and/or risks identified by FCA supervisors. Where the FCA deems an attestation necessary, the holder of significant influence function who is responsible for the area of the firm where the issue has been identified will usually be expected to sign the attestation. THE FCA’S APPROACH TO SUPERVISION 7. WHEN IS THE FCA LIKELY TO USE ATTESTATIONS? The FCA has highlighted the following scenarios: • Notification Where the FCA has become aware of an emerging risk which is unlikely to result in material consumer detriment or to negatively impact market integrity, the FCA may ask a relevant individual to sign an attestation that the firm will notify the FCA of any changes in the nature, magnitude or extent of the risk. Although the person signing the attestation does not have an obligation to personally notify the FCA, they nevertheless become responsible for monitoring the specified risks and ensuring that their firm makes any notification, if appropriate. • Undertaking Where the FCA has identified a potential risk which is unlikely to result in material consumer detriment or to negatively impact market integrity and the FCA wants the firm to take specific action within a specified timeframe, the FCA may require an attestation that the action will be undertaken by a certain date. • Self-certification Where the FCA has identified more significant issues at the firm and they are confident that the firm is capable of addressing those issues by itself, the FCA may request an attestation that the risks which were identified have been mitigated or resolved. • Verification Where the FCA has identified issues which it requires a firm to resolve or mitigate and a verification of that, the FCA may require an attestation confirming that any action, including the verification, has been taken. 7 THE FCA’S APPROACH TO SUPERVISION 8 8. WHAT CIRCUMSTANCES COULD LEAD TO A FIRM BEING PLACED IN ENHANCED SUPERVISION? Where through its normal supervisory cycle or otherwise, the FCA determines that a fi rm presents a serious risk to the FCA’s operational objectives due to serious failings in governance, culture and standards, and the FCA does not consider that these failings can be rectifi ed through the usual supervisory measures, the FCA may place a fi rm in Enhanced Supervision. Specifi c risk factors which may lead to Enhanced Supervision (and possibly enforcement) may include: • Numerous or particularly signifi cant conduct failings, or repeated minor failings • Failings across a number of different areas of the fi rm • Evidence of poor management at board level such as failure to challenge executives or to give due consideration to conduct risks • Evidence of poor management or insuffi cient resourcing in the risk, compliance or internal audit departments, including evidence that their advice is not suffi ciently heeded • Evidence of weak risk management • Evidence of poor culture set from the top, e.g. board messages, remuneration and incentives policies, ineffective embedding of cultural messages. 9. WHAT PROCESS DOES THE FCA HAVE TO FOLLOW TO PLACE A FIRM IN ENHANCED SUPERVISION? The FCA does not need to follow a formal process to determine whether a fi rm should be placed in Enhanced Supervision, rather such a decision is based on the FCA exercising its judgment as to whether to impose such measure on a fi rm. THE FCA’S APPROACH TO SUPERVISION 9 10. WHAT HAPPENS ONCE A FIRM HAS BEEN PLACED IN ENHANCED SUPERVISION? Once a firm has been placed in Enhanced Supervision, the FCA will review their current supervisory plan for that firm and put in place an amended plan with the aim of returning the firm to normal supervision by a specified date. Progress against the amended plan will be regularly reviewed to ensure that the specified outcomes can be achieved within the set timescale. 11. WHAT TOOLS AND POWERS COULD THE FCA USE AS PART OF ENHANCED SUPERVISION? The FCA has a range of tools at its disposal, including the following tools and powers: • Skilled persons reviews The FCA may commission a skilled person to carry out reviews and to produce a report under s166 of the Financial Services and Markets Act 2000 (FSMA) where the FCA deems that such reviews will add substantially to their understanding of the underlying issues which have led to the failings. The use of skilled persons reviews has grown over the past few years and this trend is expected to continue. • Requirement powers The FCA may exercise its powers under s55L of FSMA to impose a requirement on a firm to undertake or to end a particular course of action where such a requirement is deemed necessary to enable the FCA to meet its operational objectives. This effectively gives the FCA the power to take early intervention action in order to address conduct risks which it determines could pose a risk to consumers or the market. During this process, a firm could also choose to voluntarily apply the requirement that the FCA is seeking to impose on it. This could have a tactical advantage for firms because it would be deemed a voluntary application for the imposition of a requirement by the firm rather than one imposed by the FCA on the firm against its wishes. THE FCA’S APPROACH TO SUPERVISION 10 • Variation of permission powers The FCA may, under s55J of FSMA, vary or remove a firm’s permission at its own initiative. This power, in practice, will be reserved for extreme cases, and is usually used to address fundamental failings in standards and culture. • Asset requirement powers The FCA may, under s55P of FSMA, prohibit a firm from dealing with its own or any consumer assets. THE FCA’S APPROACH TO SUPERVISION 11 12. WHAT APPROACH MIGHT THE FCA TYPICALLY FOLLOW ONCE A FIRM HAS BEEN PLACED IN ENHANCED SUPERVISION? Although the FCA’s approach to Enhanced Supervision will be driven by the circumstances of each case, it has indicated the following typical approach: • The FCA will require a firm’s board to formally commit to specific remediation measures. Where appropriate, this may be coupled with a requirement for the appointment of a skilled person under s166 of FSMA to carry out independent assessment and/or oversight of the remediation measures • Once the remediation measures have been implemented, the FCA will review their effectiveness in order to determine whether the firm could transition to normal supervision • Where the FCA believes that there is a lack of effective outcomes, the FCA will consider the use of additional tools or powers (as described at 11 above). In any event, subject to exercising appropriate judgment, the FCA is unfettered in its ability to use any of its Supervisory powers as the first step or at any other point, in the Enhanced Supervision process. THE FCA’S APPROACH TO SUPERVISION 12 FCA Conduct Supervision Activity – Quick Reference Guide Pillars Activity What does it mean? Pillar 1 Business model and strategy analysis (BMSA) Detailed examination of business model and strategy to understand risks to consumers or to market integrity. High risk indicators: • Fast growth • High levels of profitability (especially when concentrated in a particular area, or in comparison to peers) • Strategies dependent on cross-selling • Products with unclear features or pricing • Products sold into markets they were not originally designed for • Inherent conflicts of interest. Pillar 1 Meetings with FCA Regular core meetings with senior management, board members and other senior individuals accountable for the conduct of the firm. Discussions with individuals responsible for the day-to-day operations at different levels in order to understand working practices. Ad-hoc meetings to address specific issues which may involve further meetings or visits to examine particular areas of emerging risks. Pillar 1 Review of management information Detailed examination of information provided to senior management to assist with decision-making. The focus of such examination will be on culture, performance and approach to decision-making in order to identify emerging risks. Pillar 1 Strategy meetings Structured opportunity for FCA’s senior management to engage with firms’ senior management to discuss key aspects of firms’ business models, strategies and operations. THE FCA’S APPROACH TO SUPERVISION 13 Possible areas of probe by the FCA C1 firm frequency C2 firm frequency For C1 firms: Analysis of group and business financials Product strategies and profitability Interdependencies with prudential issues Complaints data Persistency of business data. For C2 firms: Financials Products and customer data Business lines (for C2 wholesale firms only) 2 years (reviewed after 1 year) Annually (unlike C1 firms, C2 firms will be subject to an annual BMSA across a peer group of firms which share similar business models or activity) Key aspects of a firm’s operations, including: • culture • business models and processes • governance. Ongoing Ongoing Board packs Executive Committee packs Performance Information Ongoing Ongoing Business model Strategy Operations Annually Annually THE FCA’S APPROACH TO SUPERVISION 14 Pillars Activity What does it mean? Pillar 1 “Deep dive” assessments Detailed assessment of risks identifi ed through BMSA and other engagements in order to identify root causes of risks, and to test how risks are managed and mitigated at every level of the business. Deep dives will look at how the fi rm operates in practice with a focus on areas of business which, according to the FCA, pose the greatest risk or where issues illustrate problems evident across the fi rm. Deep dive fi ndings from one area of the business can inform the FCA’s view of the group as a whole. The FCA will write to fi rms following a deep dive with a statement of key fi ndings and outcomes to be achieved. It would usually be up to fi rms to decide on the appropriate approach, with senior management held personally accountable. FCA Conduct Supervision Activity – Quick Reference Guide THE FCA’S APPROACH TO SUPERVISION 15 Possible areas of probe by the FCA C1 fi rm frequency C2 fi rm frequency Each deep-dive will focus on one of four risk groups: • culture and governance • product design • sales and transaction processes • post-sales/services and transaction handling. Activities may involve, with work programmes being adapted by the FCA as the deep dive progresses: • desk-based analysis • on-site testing • walk-through discussions • call listening and staff interviews at all levels • interviews with senior management. 1 or 2 annually (with initial expectation for 2 deep dives) 1 or 2 annually (with initial expectation for 2 deep dives) THE FCA’S APPROACH TO SUPERVISION 16 Pillars Activity What does it mean? Pillar 1 Firm evaluation Annual summary of the FCA’s view of the firm based on an examination of all information available to date, including all work done in relation to the group since the previous evaluation. This will be an opportunity for the FCA to judge and explain its view of: • the risks posed by the group and associated root causes; and • the FCA’s strategy and work programme for the firm’s next supervision cycle to address and mitigate these risks. The annual summary will also include an assessment of whether the firm meets its threshold conditions. The annual summary will be based on information, including: • BMSA • deep dives • thematic issues and products work • events-based reactive work • sector analysis • specific risks relating to financial crime and client assets. The key messages from the annual summary will be delivered in the form of a letter addressed to the Board of Directors. The FCA will also aim to discuss their views with the board and senior management, usually by attending a board meeting to give a presentation. Firms’ evaluation will be subject to an interim six-month review when any amendment to the supervision work will be communicated, if necessary. FCA Conduct Supervision Activity – Quick Reference Guide THE FCA’S APPROACH TO SUPERVISION 17 Possible areas of probe by the FCA C1 firm frequency C2 firm frequency Not applicable Annually 2 years THE FCA’S APPROACH TO SUPERVISION 18 Pillars Activity What does it mean? Pillar 2 Baseline monitoring Review and analysis of regulatory data submitted by fi rms to detect potential risks, including the fi nancial drivers that may result in consumer or market harm. Pillar 2 Routine and other activities e.g. Part VII transfers, acquisitions, permissions changes. Pillar 3 Participation in thematic reviews and market studies Thematic reviews and competition studies are expected to increase in number. These will be driven by areas of concern to the FCA. FCA Conduct Supervision Activity – Quick Reference Guide THE FCA’S APPROACH TO SUPERVISION 19 Possible areas of probe by the FCA C1 fi rm frequency C2 fi rm frequency Firm specifi c Ongoing Ongoing Firm specifi c Ongoing Ongoing Dependent on issues raised by FCA Ongoing Ongoing THE FCA’S APPROACH TO SUPERVISION 20 NOTES THE FCA’S APPROACH TO SUPERVISION 21 For further information please contact: Paul Worth Head of Financial Institutions 0845 498 4950 [email protected] ©Eversheds LLP 2014. Eversheds LLP is a limited liability partnership. EFIN.224 09/14 www.eversheds.com/financialinstitutions