At the beginning of September, the Financial Conduct Authority published draft guidance on a new power that allows it to move faster to remove regulatory permissions no longer used by financial services companies.
This was greeted with headlines that talked of a ‘sweeping set of reforms’.
In truth, such a description, even on paper, appears somewhat hyperbolic. After all, businesses regulated by the FCA have always been required to hold and use only the necessary permissions to conduct their business.
The proposed changes relate, instead, to the process and speed with which unused permissions may be removed unilaterally by the FCA with 14 days’ notice (assuming the business in question fails to convince the regulator of the need for the permissions).
Statements made by the FCA's enforcement director Mark Steward touted the guidance as being a vital antidote, in part, to scams and the risk of consumers being misled by inaccurate permissions.
The FCA statement does not comment on the notion that the draft guidance has been issued to tackle the recent criticism of the FCA by the Complaints Commissioner, in having incorrect information on its public register. The public register is populated with data reported by businesses to the FCA as required under its own rules.
The FCA reviews that data and should update its records (including the public register) accordingly. There can be inaccuracy and delay in that process, which can lead to confusion for consumers. It remains to be seen whether the proposed changes are likely to have any appreciable impact on that.
Recording the correct scope of permissions on the public register is clearly desirable. It ensures that consumers are provided with correct information.
Also, reviewing and maintaining only those permissions that a business needs ensures that companies only pay necessary fees and helps companies demonstrate effective oversight of a business and compliance with obligations under the senior managers and certification regime.
Businesses are also required to provide the FCA with an annual attestation that the information held on the FCA public register is accurate.
Permissions are unlikely source of scams
However, it is unlikely that the new changes will make much difference to the ways of scammers. The scope of a company's permissions is unlikely to be the true source of many scams and fraud on consumers of financial services in the UK.
The current scourge, which has increased during the pandemic, includes spoofing and fake websites, imitating real businesses and the use of social media to mislead consumers.
Scammers are imitating real businesses, including stealing branding and content from regulated businesses' legitimate websites, and even replicating details of employees at regulated businesses using data taken from the FCA public register.
The speed at which such websites appear and then can be 'rinsed' and recreated is phenomenal and the FCA is arguably powerless to do anything about it.
Steward himself recognised the limitations of the FCA in tackling fraud earlier this year, noting that "traditional" fraud investigations lack potency, as they command less than 1 per cent of police resources.