Blackadder – “I've got a plan so cunning, you could put a tail on it and call it a weasel!”
The similarities between Nikhil Rathi, Chief Executive of the FCA and Edmund Blackadder are, perhaps, not obvious, but the FCA does indeed have a plan for the forthcoming 12 month. Firms falling within its regulatory perimeter should take notice, as it spells out the priorities and areas of focus which will guide its activities over that period.
On 5 April the FCA published on its website the FCA Business Plan 2023/24. As has become glaringly evident over the past 3 years, the Payments sector is now right in the FCA’s sights and is seen as, at best, an area with potential for significant customer detriment.
It is therefore important for firms in the sector to understand the FCA’s plans and the direction of travel, in order to be prepared.
The plan spells out a number of areas of focus. These include:
Reducing and preventing serious harm
The FCA say that its aim is to protect consumers from fraud and mistreatment. Clearly the Consumer Duty is a major element of this, but there are a number of other points worthy of note in the plan.
Reiterating the message that the FCA has been sending, the plan says that the regulator will “continue to be less risk averse and take more robust action, sending a strong message of the action we take when we identify harm”.
There is also a comment that “Consumers and market participants have confidence that financial services firms which fail to meet the Threshold Conditions and/or should otherwise not be regulated, are identified and cancelled quickly.” and that the regulator’s key activities will include “Continue to identify and cancel firms that do not meet Threshold Conditions quickly and at scale, removing them from the regulated market.” and “Expand the types of breaches of Threshold Conditions that we take action against.”
We have already seen action by the FCA against firms where it has been identified that Threshold Conditions are not being met, and this statement that quick cancellation is seen as the remedy should act as a prompt to Boards to be constantly monitoring that Threshold Conditions are being met, and to be able to prove to the FCA that this is the case.
Under the heading of “Reducing harm from firm failure” the FCA focuses on financial resilience, which from a Payments and E-money sector perspective means safeguarding, stress testing and wind-down planning will all come under increasing scrutiny. Any firm which has not had a detailed review of these areas would be well advised to do so quickly and regularly.
The FCA say that they will “Introduce a new regulatory return requiring 20,000 solo regulated financial services firms to provide a baseline level of information about their financial resilience. This is a key step in embedding a data-led approach that helps us better identify financial and other stresses which may cause firm failure.” This will provide them with the data to start taking action where they feel there is a risk of failure. Speaking with my colleagues in our Prudential Team, we think it likely that some version of the Internal Capital Adequacy and Risk Assessment (ICARA) requirement on Investment firms will be introduced for payments and E-money firms.
There is a chilling threat to firms who are not seen by the FCA as being financially resilient in the statement that the FCA will “Use our powers more assertively to start relevant insolvency processes to reduce harm from firms.”
Reducing and preventing financial crime is, of course, a perennial area of focus for the FCA and the business plan says that the regulator will “Increase the volume of our proactive assessments of firms’ anti-money laundering systems and controls.” It also says that the FCA will “Build on our approach for effectively supervising the anti-fraud systems and controls of regulated firms through undertaking further assessments to evaluate how they are protecting consumers from fraud and that firms are not being used as enablers of fraud.” Reviewing your anti-fraud systems and controls is therefore something that firms should be doing regularly.
Finally under this heading the FCA say “With additional funding we will increase the use of our powers to disrupt, pursue and sanction those committing financial crime, fraudsters and their enablers”. Payments firms can sometimes be used by fraudsters or money launderers, and any firm which does not have in place appropriate systems and controls is likely to be seen by the FCA as an “enabler” and therefore open to regulatory sanction. Firms should also take note of the new offence being created by the government, “Failure to prevent fraud” offence, under which an organisation will be liable where a specified fraud offence is committed by an employee or agent, for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place. It does not need to be demonstrated that company bosses ordered or knew about the fraud.
As mentioned above (and frequently in other articles) the Consumer Duty, which comes into force on 31 July, is a core focus of the FCA. The business plan deals with this under the heading “Putting consumer needs first.”
The plan says that the additional funding assigned to Consumer Duty will allow the FCA to undertake sector-specific supervisory work , focused on the priorities detailed in the Sector and Portfolio letters. Payments and E-money firms can therefore expect contact from the Payment Market Intervention team at the FCA on Consumer Duty implementation.
As well as this, the FCA say “The additional funding will also allow us to create an additional Interventions team within Enforcement. This function will be ready from day one of the duty coming into force to enable rapid action where immediate consumer harm is detected. Further investigative resource will also ensure swifter investigation of any potentially serious misconduct discovered.”
Firms where consumer harm is detected can therefore expect swift action from the FCA’s Enforcement Department. Not being ready by 31 July will not be acceptable.
The Payments sector is caught by the FCA’s Operational Resilience requirements, and the business plan makes clear that the FCA will be scaling up its efforts to deal with firms who cannot meet its new standards. It is also developing new rules to address the systemic risk presented by critical third parties.
The plan says that the FCA will “Assess how operationally resilient firms are to remaining within their impact tolerances – the maximum tolerable amount of disruption to an important business service – ahead of the 31 March 2025 deadline in our operational resilience policy (PS21/3). After this point, all relevant firms will need to show they can remain within these tolerances.” Reviewing and making sure your Operational Resilience plans and testing are up to date and meet the FCA’s requirements is another item that should be on the schedule of compliance tasks.
In summary, the plan may not be “so cunning, you could put a tail on it and call it a weasel” but it is no less important for that. For payments and E-money firms it is a reinforcement of the message that the FCA is increasingly active and less accepting of errors and omissions from firms in the sector. The increased resource that the regulator has at its disposal and its perception of payments as being a problem area means that firms must assume that they will receive an information request from the FCA at any time, and that they must be ready and able to evidence that they are compliant, or risk enforcement action, potentially leading to withdrawal of authorisation, or even insolvency.
Our specialist teams in Payments, Prudential and Financial Crime can help you assess where you stand now in relation to the FCA’s expectations, and support you in addressing any shortcomings.
If you’d like to have a chat about what this means for your firm, please contact us and we will get back to you.
contact us