After the global financial crisis the FCA was left no choice but to put all its focus and efforts on the banking sector. While FCA spent some time on sectors new to FCA regulation such as consumer credit, the majority of non-banking firms have had limited attention and focus from the FCA over the past decade.
Regulatory attention does make a difference. In April 2019 FCA expressed concerns that wholesale broking firms had not kept pace with regulatory change and expectations. FCA felt that its own interventions were more often driving improvements than firms’ own initiatives. That’s commensurate with the increase in private warnings FCA has been issuing.
FCA has given wholesale brokers until March 2021 to get up to date. After this FCA intends to update the risks it sees in the sector and adjust its supervisory approach. We can take that as code for start making more enforcement referrals if they don’t see improvements.
When FCA does its follow up work, FCA will expect to see that you have made improvements in four mains areas:
1. Governance and Culture
FCA is expecting your implementation of SMCR to drive changes to both your governance as well as culture. To some extent this will happen organically as your Senior Manager Function (SMF) holders and non-SMF members of senior management agree who is responsible for what.
Handoffs are the crucial element of those discussions about responsibilities. When can one senior manager rely on the other senior manager?
These conversations are especially thorny when it comes to relying on support areas such as HR and Operations. It is worth it, the outcomes will drive a clarity in your senior managers that will lead to a cleaner structure with clear reporting lines and stronger escalation routes.
FCA is expecting you to be reviewing the integrity and competence of staff through your annual fit and proper assessment. You will need to evidence how you are bringing people up to the right level both in terms of integrity as well as competence.
These assessments cannot stop with the individuals for whom SMCR requires you to conduct an annual F&P assessment. Also consider those individuals within the conduct rules. How will you evidence your annual assessment of their competence which you are required to carry out under the competent employees’ rule.
Many firms think that their annual appraisal covers this off but now that so many of us are using systems for appraisals this is drifting into a tick box against objectives.
You need qualitative content and, more importantly show actions informing the subsequent year’s training and development plan. FCA has told me that if you have specific staff not passing training courses, they will challenge you if those people should be certified.
For conduct rules staff the pragmatic solution is to include a conduct assessment as part of the annual appraisal. Sure, you can ask “have you complied with the firm’s policies and procedures” – tick. But neither you nor the individuals in your business can afford to leave it at that tick. The conduct assessment must include qualitative comments and measures.
2. Compensation and Incentives
FCA expects you to have already aligned risk and reward in individual’s compensation packages. This means no one should be on a commission only contract any more.
It means that for those people whose packages include an element of variable compensation you need to use that variable element to support positive behaviours and a strong conduct culture. This goes back to getting the right qualitative observations and examples as part of the annual appraisal.
Where you have poor performers make sure they are being handled consistently. Some firms HR teams take the approach of compromising people out which hinders regulatory references. This approach is no longer taken in any of the large banks when they address conduct issues.
Expect the FCA to ask you to show them your data on where adjustments to compensation has been effective. Your data may show how one team’s variable compensation was adjusted down because of a specific breach or issue, and another team’s was adjusted upwards because they worked together to resolve an emerging issue.
3. Conflicts of Interest
The FCA letter refers to a weakness in identifying the capacity a broker is acting in for particular transactions. What FCA means by this is agent / principal.
Just because you are in a principal market does not mean you are acting as principal. If you are bringing two parties together then you are acting as agent and the laws of agency apply, including client best interest rule and conflicts.
MiFID2 changed the carve outs when facing eligible counterparties (ECPs). There is no longer a blanket carve out from the conduct of business rules. These days you must comply with the rules about management and prevention of conflicts.
This translates across to why we keep getting reminders from FCA about conflicts, and especially payment for order flow (PFOF). Their concerns make sense as an ECP is never going to get sight of that confidential information or be able to overcome that incentive payment.
If you are charging both sides, you can only do so for ECPs. If you are charging ECPs both sides, then you can only do so on a transaction by transaction basis. Get every one of those transactions into your conflicts register with an explanation how you got comfortable for that specific transaction.
It should go without saying that you must ensure have systems and controls to meet the form and substance of conflict of interest obligations. But FCA repeated in several market watch and here about having written down your policies and procedures.
Saying you are a small firm, and everyone knows each other, or my word is my bond, doesn’t comply with MiFID organisational requirement, let alone MiFID2. FCA takes a hard line on this - if it is not written down it doesn’t exist.
4. Financial Crime and Market Abuse
Understanding how your business might be exposed to risks of financial crime and market abuse is crucial. You can evidence this with your risk assessment and tracking how you are preventing risks. Be sure to have updated your risk assessment in light of the new operating environment.
Also ensure your senior management have a proper understanding and acceptance of residual risks. Remember that not all risks should be accepted.
You cannot prevent all risks so how do evidence the decisions you take about which risks you will mitigate. You don’t just need a record to show you are mitigating a risk, you need the supporting background material about why you cannot prevent risk and so can only mitigate the risks is the right approach.
Then you can consider how effective your risk mitigation strategies have been. Make sure you consider the feedback loop, updating your risk assessment but importantly using your risk assessment to enhance your control framework, remember this should include market abuse.
The more recent tests FCA will be applying is assessing how engaged your MLRO has been on market abuse issues. Plus, they will be looking to see how you manage the conflict between generating revenue and preventing financial crime and market abuse.
We heard recently that STORs are improving but remember to watch for backlogs that might reoccur with LockDown2 (LD2).