RegulationAug 13 2020

The FCA wants advisers to be more resilient

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
The FCA wants advisers to be more resilient

Speaking this year at Pimfa’s virtual festival in June, Ms Butler said: “While those remain highly important topics, I think we can all agree that our perspectives have needed to shift somewhat.”

The coronavirus crisis has led to an even greater focus on operational and financial resilience for the regulator.

So what might this mean in practice and will companies find it easy or difficult to meet requirements?

Key Points

  • Operational and financial resilience is high on the agenda of the FCA
  • The FCA is asking companies to send information about their financial resilience
  • It could result in lower FSCS levies

Phil Deeks, a director within KPMG’s Risk & Regulatory Insight Centre, says: “The FCA is unlikely to be prescriptive but they will want firms to demonstrate end-to-end operational resilience in their key business activities, to prevent severe disruption, maintain financial stability and support good customer outcomes.”

The FCA expects all companies to have contingency plans to deal with major events and that these plans have been properly tested. 

But Lorraine Mouat, an associate director at compliance consultant TCC, says although most companies have some kind of business continuity and disaster recovery plans, from what her company has seen over the years, most are not tested or updated regularly enough, leaving huge gaps in processes.

Ms Mouat adds: “Very few smaller firms currently have a formal process for assessing operational risk, considering the potential financial impacts these risks would have and calculating the additional capital they should hold to see them through difficult times. 

“A lack of testing and ongoing assessment breeds complacency, and that means even the best laid strategic plans can unravel. Likewise, firms might already have a capital or liquidity buffer, but it needs to be backed up with rationale and ongoing testing otherwise it won’t suffice.

“A proportionate approach is needed. Firms will be expected to identify potential harms, assess the likelihood and impact of harm, and consider the viability and sustainability of their business model and strategy.”

Not enough depth

Mr Deeks says while advice companies will have considered operational resilience, they are typically not conducting risk analysis with sufficient objectivity and/or depth. 

He adds: “This can be either in identifying the risks that can impact the business or the appropriateness of the mitigating actions. The supporting governance, key metrics and reporting also often need strengthening.

“Recent work from the FCA has identified that some firms are not meeting its minimum capital adequacy requirement. This can be due to firms not holding appropriate professional indemnity insurance or not holding appropriate additional capital based upon policy excesses.”

Scott Gallacher, director at Rowley Turton Private Wealth Management, says: “As the recent lockdowns have shown, not all... events can be foreseen or planned for. The danger is trying to make firms set aside additional resources to cater for potential events that may never happen.”

The FCA’s operational resilience consultation paper, published late last year, set out proposals for how companies can strengthen their resilience even during severe operational events such as coronavirus. The consultation period ends October 1.

The key messages set out in the consultation paper are:

  • The expectations for companies and financial market infrastructure to identify their important business services, by considering how disruption to the business services they provide can have impacts beyond their own commercial interests.
  • That companies must set a tolerance for disruption for each important business service and ensure they can continue to deliver their important business services and are able to remain within their impact tolerances during severe but plausible scenarios.
  • The requirements to map and test important business services to identify vulnerabilities in their operational resilience and drive change where needed.

Companies will need to keep their focus on operational resilience as circumstances change, government guidance is updated and, as things return to some form of ‘new normal’, how those changes will affect their resilience and their services.

Coronavirus impact

In the midst of the crisis the FCA was further prompted to send out a survey on financial resilience to some 13,000 businesses, asking, among other things, for financial information about capital, income and profits.

The crisis has impacted companies’ revenues, while any decline in market values will mean there is significant downward pressure on investment management fee incomes.

Financial viability concerns already present in some companies will be amplified and otherwise financially sound businesses may become vulnerable. 

Mr Gallacher says: “All directly authorised advice firms already have a requirement to hold a certain amount of capital according to their turnover and authorisation category, but this is of course not available to the business to use, as failure to hold that capital at a reporting date would be a breach of FCA rules and could result in a firm losing their authorisation.”

Ms Mouat says: “The FCA may ask firms to provide their own assessment of adequate financial resources and will assess this in line with the following:

  • Does the firm appropriately and adequately identify the risks to which it is exposed?
  • How material is each risk?
  • How adequate are the systems and controls?
  • Has adequate use been made of stress testing in the risk assessment?
  • Is the risk assessment used for day-to-day decision making?
  • Does the firm have adequate financial resources based on the risks to which it is exposed?”

Ms Mouat adds: “To adequately prepare against shocks, firms need to think beyond cyber-attacks and the resilience of their systems and technology. 

“Firms need to assess the operational risks and consider how these could impact their financial position and take steps to ensure they retain sufficient capital to see them through any disruption.”

Linda Gibson, head of regulatory change at BNY Mellon’s Pershing, says: “Investment in IT and decisions about system infrastructure should be taken with a view to what business service they support, how critical that is and not just through a technology lens.

“Financial pressures in firms can lead firms, or individuals, to not fully consider their established procedures and governance arrangements in areas like client onboarding checks, record keeping and even providing unsuitable advice. This then puts the firm at risk.”

Mr Deeks expects the majority of FCA findings will be in relation to depth of documentation and associated enhancements to the risk identification and mitigation process. 

“Therefore, the challenges are not only fixable but, in identifying them, beneficial to the firm in driving them to think more objectively about how they have identified and mitigated key operational and financial risks,” he adds.

“The market level advantage of firms holding more financial resources and having robust operational resilience is that it should reduce the likelihood of insolvency. Therefore, with fewer firms needing to rely upon the Financial Services Compensation Scheme, this should flow through in lower FSCS levies.”

Ms Mouat says: “Between 2013 and 2017, the FSCS paid out £846m – 70 per cent of which came from the firms the FCA regulates prudentially.

“The FCA is therefore seeing that it is the smaller firms, not the likes of the insurers, that have been failing. While businesses going under is sometimes unavoidable, the regulator wants to know which businesses are weak so it can better map the potential impact on the integrity of the financial system and, ultimately, on consumers. Examining the resilience of the industry will help them do that.”

Mr Gallacher adds: “It is perfectly reasonable for the FCA to ask questions of firms about what arrangements they have in place. It would be remiss of them not to. The difficult part will be to encourage firms to make adequate provision and plans in place without being too prescriptive.”

Ima Jackson-Obot is deputy features editor of Financial Adviser and FTAdviser