The beginning of the month saw the publication of the FCA's 2016/2017 Business Plan. This sets out the FCA's work programme and priorities for the coming year.
Cyber-attacks and technological resilience have been identified as key risks which the FCA needs to respond to. Weaknesses in systems and a lack of expertise may expose firms to the increasing risk of cyber-attacks, posing risks to consumers and markets. The FCA warns that firms need to ensure that they have defences and plans in place to deal with them. Over the coming year, firms should expect the FCA to be asking questions about operational resilience risks and how the firm deals with such risks.
Innovation and technology have been identified as one of seven areas of focus for the FCA in the next twelve months. It is recognised that there must be a balance between supporting innovation that benefits consumers and ensuring they have adequate protection. Planned activities include:
- Increased capacity of Project Innovate – support for new and established businesses (both regulated and non-regulated) to be able to introduce innovative financial products and services to the market;
- Launch of the Regulatory Sandbox – described by the FCA as a ‘safe space’ in which businesses can test innovative products, services, business models and delivery mechanisms without immediately incurring all the normal regulatory consequences of pilot activities. The Regulatory Sandbox will be open to applications from 9 May;
- A strategy to reduce the regulatory burden on firms on both RegTech and FinTech;
- Possible market study on Big Data (following the FCA's Call for Input on the use of Big Data in the retail general insurance sector in November last year);
- Working with the Treasury, the Bank of England and other authorities to ensure a joined-up and risk-based approach to cyber-crime; and
- Provision of education tools to help firms deal with the risk of cyber-crime and respond swiftly to cyber-attacks.
The planned activity around reducing the regulatory burden on RegTech and FinTech follows the FCA's Call for Input on regulatory barriers to innovation in digital and mobile solutions (June 2015). The FCA recently published a feedback statement (FS 16/2). It reports that data storage, privacy and protection emerged as key issues. The FCA has listened to stakeholder's concerns that some of the proposed rules in the GDPR could prevent the development of emerging digital and mobile solutions. The FCA says it will continue to liaise with the ICO on issues related to data privacy and protection.
Finalised guidance on cloud data storage and the use of third-party providers is expected this summer.
In other news, firms who have had their electronic communications accessed by the FCA may be interested in the frequent recommendations published by the Interception of Communications Commissioner's Office (IOCCO) this month. The IOCCO is responsible for keeping under review the interception of communications and the acquisition and disclosure of communications data by intelligence agencies, police forces and other public authorities, including the FCA. The IOCCO identifies when the Regulation of Investigatory Powers Act 2000 (RIPA) (which regulates the manner in which certain public bodies may conduct surveillance and access a person's electronic communications) is not used as expected. It undertakes a revolving programme of inspection visits to all relevant public authorities who are authorised to acquire communications data under RIPA. The primary objective of an IOCCO inspection is to ensure that all acquisition of communications data has been carried out lawfully and in accordance with the Human Rights Act, RIPA and its associated Code of Practice.
To read the FCA Business Plan Click Here
To read the feedback statement by the FCA on reducing the regulatory burden on RegTech and FinTech Click Here
To see the frequent recommendations published by the IOCCO Click Here