FCA Business Plan 2016/17

The FCA Business Plan 2016/17 (the "Business Plan") provides a useful indication of the key areas of focus for the FCA during the next year. In line with its commitment to be a "robust" and "respected" regulator, the Business Plan delivers an assertive yet measured message. "We will be tough when required but we also recognise that regulation must be able to adapt and evolve to the changing market place". The Business Plan also advocates "constructive deterrence" whereby the FCA aims to identify and respond promptly to emerging issues in the financial services industry before they cause significant harm and grow in scale.

7 key Business Plan priorities

The Business Plan sets out the FCA's seven key priorities for 2016/17. Five of these were key areas of focus in last year's Business Plan. The provision of financial advice and treatment of existing customers represent new areas of focus for the FCA for 2016/17.

The 7 key priorities are as follows:

  1. Culture and governance;
  2. Wholesale financial markets (market integrity);
  3. Financial crime and AML;
  4. Innovation and technology (resilient systems and new competition);
  5. Advice (outcome of the Financial Advice and Markets Review);
  6. Treatment of existing customers; and
  7. Pensions (fair treatment of consumers and stronger competition).

We set out below our thoughts on a few of these key areas of focus for the regulator.


Firms' culture remains a key priority for the FCA, despite having dropped its planned Thematic Review into culture in late 2015. The Business Plan makes clear that firms should continue to focus on the effectiveness of their individual culture change programmes to "ensure that drivers of culture are measured, monitored and managed". Culture is an amorphous concept and it can be difficult for financial services providers and regulators to tangibly measure progress on culture change. The Business Plan reflects this difficulty through the absence of detail on how firms should bring about change in this area. One continued area of regulatory focus in relation to culture change is that of incentives and remuneration. The FCA plans further work to strengthen the Remuneration Code and to further scrutinise remuneration policies to ensure they discourage excessive risk-taking and short-termism and promote sound and effective risk management.

The FCA has made it clear that it will continue to focus on "the tone from the top" in respect of culture change and hopes to embed culture change through the provisions of the Senior Managers and Certification Regime. In a recent speech, Andrew Bailey, who became Chief Executive of the FCA in July, reiterated that responsibility is "an important hook to assist in firms' shaping their own culture and also to provide regulators with the powers to conduct supervisory oversight and to act when needed". This reflects the FCA’s ability to use a range of supervisory tools to engage with firms on conduct and culture issues, but also to take supervision and enforcement action where necessary. However, Andrew Bailey has made clear that the FCA will continue to regard culture change as an issue that firms should address themselves and that as a starting point any related risks should be identified and managed internally at an early stage.

Integrity of wholesale markets

One of the FCA's key objectives is to achieve "clean, effective and competitive wholesale financial markets". As part of this focus, the FCA is seeking to implement the 21 recommendations from the Fair and Effective Markets Review in Fixed Income, Currency and Commodities Markets aimed at strengthening regulation and accountability in this area. The Chairs of the FEMR will provide an implementation report to the Chancellor of the Exchequer and the Bank of England in July 2016, which will outline ways to implement the recommendations.

Other key regulatory developments in this area include the implementation of the Market Abuse Regulation on 3 July 2016; this extends the existing EU market abuse regime to cover new markets/trading platforms and trading strategies. Significant developments will also be seen as a result of MiFIR and MiFID II, which revise the conditions for the authorisation of investment firms and the on-going regulatory requirements to which they are subject. The new regime will reshape the secondary trading of financial instruments, particularly derivatives. The implementation date of MiFID II has been delayed until 3 January 2018, to give domestic regulators and market participants more time to implement the directive (although given the result of the EU Referendum, there is now considerable uncertainty about the implementation of EU financial services regulations going forward).

Innovation and technology

The Business Plan recognises that innovation in technology is having a profound effect on the way in which financial services are provided to customers. Whilst this “has the potential to increase competitiveness, innovation and efficiency, creating real benefits for both consumers and firms”, the digitisation of financial services makes them more susceptible to cybercrime.

Cyber security and the related risks to firms and consumers are an area of significant focus for the FCA, the PRA and the Bank of England. The Business Plan expresses concern that, in the difficult economic climate, tighter margins are leading more firms to outsource IT processes to third parties without sufficient oversight of security. Moreover, the FCA and the Treasury Committee have expressed concern over the lack of IT expertise at board level within financial services providers and have made it clear that IT security should be a key priority dealt with at the most senior levels within banks. This sentiment was echoed in the Bank of England Speech where it was noted that "cyber is, to a great extent, a leadership and management issue" and "clear policies and standards, good management information, and a sensible approach to compliance" are crucial. It is clear that the regulator will continue to take enforcement action against financial services providers where it determines that firms' systems and controls around IT security are inadequate.