At the heart of the UK Financial Conduct Authority’s (FCA) business plan for 2018/2019 is a commitment to address the industry’s “operational resilience”. Now that improvements in financial resilience have broadly been achieved through new capital and liquidity rules, references to operational resilience are increasingly commonplace among central banks and regulators. But the FCA is one of the few agencies to have defined clearly what this means and, more importantly, how it plans to act.
In helping firms to become more resilient to cyber attacks, and enhance market integrity and protect consumers, the FCA plans to strengthen its supervisory assessments of the highest-impact firms to better understand their current and planned use of technology, resilience to cyber attacks and staff expertise. The impact of governance, strategy, systems architecture, risk management and culture on data security will also be reviewed, as the FCA looks to get a tighter grip on the rapidly changing risks facing the financial sector.
“New technology can bring increased risk to consumers and markets. This is a concern to us and the Bank of England (BoE), and we’re spending more and more time on it,” says Jonathan Davidson, executive director of supervision – retail and authorisations, and a member of the executive committee at the FCA.
The focus on operational resilience comes at a time when the FCA has sought to improve the way it engages with the industry. While regulators must naturally strike a prudent balance between working with market participants and ensuring stringent oversight, the FCA has sought to foster a more collaborative dialogue in the hope of addressing potential problems earlier in the future.
This collaborative approach has been bolstered by the appointment of a new executive committee, following the resignation of embattled chief executive Martin Wheatley in 2015. Under BoE veteran Andrew Bailey, who became chief executive in July 2016, the FCA has moved into somewhat calmer waters. It helps that the era of heavy handed supervision and fines has passed, but a more co-operative approach to working with the industry under Bailey’s leadership has been welcomed.
…when things go wrong at a firm it is generally due to the business model or the culture. If these are the root causes, rather than coming along after the event as judge and executioner, we wanted to be more pre-emptiveJonathan Davidson, FCA
“We had a hard look at the way we approach the market, and saw that when things go wrong at a firm it is generally due to the business model or the culture. If these are the root causes, rather than coming along after the event as judge and executioner, we wanted to be more pre-emptive,” Davidson explains.
As a publicly funded body, with 58,000 firms to supervise and a growing list of risks to deal with, the FCA recognised the need to set clear priorities. As well as more closely assessing and acting on operational resilience, the regulator has set a focus on financial crime and anti-money laundering, as well as innovation, big data and regtech. But engagement and pre-emption are the new watchwords, with the underlying belief that banks will be more likely to work with the FCA if they feel it has their best interests at heart.
Open Banking and Brexit
The FCA is keeping a close watch on the Open Banking legislation, the UK’s version of the European Union’s second payment services directive, which came into effect at the start of this year and forces large banks to release their data in a secure format so it can be shared more easily by authorised entities. It is still early days, but the FCA is acutely aware of the new risks brought about by such developments.
Brexit is also high on the regulator’s agenda, of course, but ongoing uncertainty over the terms of the exit agreement make it difficult to plan for March 2019 and beyond. The reality is the FCA might have to move in a number of directions after Brexit, but in the meantime it is focusing significant resources on how it will deal with EU laws that cannot be transposed under any circumstances to a post-Brexit world.
Whatever the eventual terms of Brexit, Davidson is confident the FCA will remain a respected thought leader in the regulatory world long after the UK leaves the EU. As it prepares to move to a new purpose-built office in Stratford, east London, the regulator is facing the future with confidence.
“The industry is transforming and we’re playing a role in making sure it does so in a way that benefits consumers,” says Davidson.
The week on Risk.net, September 8-14, 2018Receive this by email