Welcome to this short webinar on the virus. A few points we wanted to note from the financial services regulatory perspective and I’m going to sort of look at these things as two or three separate questions.
So the first question is what have the regulators actually done, by which I mean the FCA and the PRA thus far? Well the FCA brought out a short paper last week and the PRA have made some comments and essentially they’ve done what you would expect them to do which is to ask firms to have prudent planning and to have thought about what the implications are particularly of remote working and I’ll come back to that in more detail but they’ve certainly been asking firms for details of their plans.
The second point, or question, to just to note is the significance of operational resilience more generally and most of you will be aware that both the PRA and the FCA brought out papers fairly recently on operational resilience. The papers were actually not done in the context of the virus but they are very much worth reading in the context of the plans that firms are now having to make. The PRA’s paper is as you would expect is more oriented towards systemic stability issues and prudential issues and the FCA’s, of course, towards conduct. But nevertheless they’re both very valuable sources of information and should be read.
I guess the third question is practically what are we recommending that firms do and our view is that there’s a four-point plan here that you need to be thinking about. So the first thing to reflect on is what are your governance procedures in relation to the virus. You know, who in senior management is taking senior manager responsibility, which board committees are looking at this, what’s the executive escalation, how often will the committee meet etc., etc. So to take a practical example, if decisions need to be made about remote working or how people log in or what testing and communications they need to be made there needs to be in common with other areas of governance a clear hierarchy and a clear methodology for that.
So the second area is developing a proper scenario plan once you’ve got your governance in place. What do I mean by that? It’s thinking about which staff are going to work from home or from a remote site or in the office. How is it going to impact on your systems? Thinking properly around these systems that are going to be required and to give one practical example, all the issues around market abuse, or insider dealing, where you have traders on a remote basis. Thinking about what the operations implications are, for example, if you’ve got remote offices in different jurisdictions, back up services, outsource providers etc. and obviously finally, and probably most importantly, thinking about what the implications are for clients. Obvious stuff like client meetings, perhaps being cancelled, doing those remotely but also a number of other issues in relation to clients.
The third area, pretty obvious really which flows from that, is testing the plan and its components and I think that stress testing of the plan is probably the most important point.Clearly to some degree to the extent that firms are going to be encouraged or indeed required by government edict to actually have staff working at home, you will have to test the plan but it’s always good to get in first and try and test it out from an obvious IT perspective, from a communications perspective and from a business perspective. All three of those needs to go together and we can see that as being a core part of the plan.
Finally, there’s the fourth area which is communication with stakeholders. Pretty obviously this is staff, customers and regulators. I think it kind of speaks for itself but one shouldn’t forget any of the main stakeholders. I think keeping the FCA or PRA up to date, they’re already asking firms, but even if they haven’t, being prepared at short notice to tell them where you’re at on the plan and obviously staff and customers speak for themselves.
So bringing it all together, what we’re talking about here is having some sort of proper template where you bring all of this information into one place. We’ve actually got a version of that if anybody is interested and there is no magic to the particular structure but as always with the UK regulatory system, it’s the audit trail that counts. If you haven’t got the audit trail then you’ve got a problem.
And one final point on that I’d make is keeping it up to date is going to very important. We’re all aware we’re in a very fast moving environment and you know policy today may not be appropriate tomorrow so having your plans clearly dated and you know having an absolutely accurate view of what is going on is very important. To give one practical final example of that, the exchanges, and the other infrastructure providers, are literally bringing out guidance as we speak. You know, having some sort of record of that is going to be very important.
So those are a few practical thoughts from NRF that we just wanted to make our clients aware of and if you would like to discuss this at all we would be very happy to do so. Thanks very much.