When Megan Butler, executive director of supervision – investment, wholesale and specialist at the Financial Conduct Authority, spoke to advisers at the Pimfa festival in 2017, culture and the growing influence of financial advice was high on the agenda.
Speaking this year at Pimfa’s virtual festival in June, Ms Butler said: “While those remain highly important topics, I think we can all agree that our perspectives have needed to shift somewhat.”
The coronavirus crisis has led to an even greater focus on operational and financial resilience for the regulator.
So what might this mean in practice and will companies find it easy or difficult to meet requirements?
- Operational and financial resilience is high on the agenda of the FCA
- The FCA is asking companies to send information about their financial resilience
- It could result in lower FSCS levies
Phil Deeks, a director within KPMG’s Risk & Regulatory Insight Centre, says: “The FCA is unlikely to be prescriptive but they will want firms to demonstrate end-to-end operational resilience in their key business activities, to prevent severe disruption, maintain financial stability and support good customer outcomes.”
The FCA expects all companies to have contingency plans to deal with major events and that these plans have been properly tested.
But Lorraine Mouat, an associate director at compliance consultant TCC, says although most companies have some kind of business continuity and disaster recovery plans, from what her company has seen over the years, most are not tested or updated regularly enough, leaving huge gaps in processes.
Ms Mouat adds: “Very few smaller firms currently have a formal process for assessing operational risk, considering the potential financial impacts these risks would have and calculating the additional capital they should hold to see them through difficult times.
“A lack of testing and ongoing assessment breeds complacency, and that means even the best laid strategic plans can unravel. Likewise, firms might already have a capital or liquidity buffer, but it needs to be backed up with rationale and ongoing testing otherwise it won’t suffice.
“A proportionate approach is needed. Firms will be expected to identify potential harms, assess the likelihood and impact of harm, and consider the viability and sustainability of their business model and strategy.”
Not enough depth
Mr Deeks says while advice companies will have considered operational resilience, they are typically not conducting risk analysis with sufficient objectivity and/or depth.
He adds: “This can be either in identifying the risks that can impact the business or the appropriateness of the mitigating actions. The supporting governance, key metrics and reporting also often need strengthening.
“Recent work from the FCA has identified that some firms are not meeting its minimum capital adequacy requirement. This can be due to firms not holding appropriate professional indemnity insurance or not holding appropriate additional capital based upon policy excesses.”
Scott Gallacher, director at Rowley Turton Private Wealth Management, says: “As the recent lockdowns have shown, not all... events can be foreseen or planned for. The danger is trying to make firms set aside additional resources to cater for potential events that may never happen.”
The FCA’s operational resilience consultation paper, published late last year, set out proposals for how companies can strengthen their resilience even during severe operational events such as coronavirus. The consultation period ends October 1.