The FCA Business Plan: What does it mean from a governance perspective?

Earlier this year the Financial Conduct Authority (FCA) published its latest Business Plan. The Business Plan itself took a different form when compared to previous incarnations by having a shorter summary of priorities and planned activities and cross referring to other documents including the three-year strategy and the regulatory initiatives grid.

Notwithstanding this, the Business Plan contained, as usual, a number of nuggets for firms which will help guide them on the regulator’s expectations in certain areas. Governance is clearly an area of focus for the FCA and the Business Plan contains both explicit comments which firms should take on board and references to the FCA’s own governance arrangements which may be of assistance to firms considering potential enhancements in this area. In this article we will cover both these types of comments.

Appointed Representatives: One of the key reforms this year will be the changes to the Appointed Representatives Regime (AR). The FCA has already published a consultation paper outlining its proposed reforms, the catalyst of which has been a concern that principal firms are not adequately overseeing the activities of their ARs leading to a risk that consumers are being mis-led and mis-sold. Improving oversight of ARs was a topic mentioned in the Business Plan and principal firms were reminded in the consultation that they must effectively oversee their ARs and ensure that they have appropriate governance arrangements, effective risk frameworks, internal controls and adequate resources. 

Operational Resilience: The Business Plan also mentioned that whilst operational disruptions are inevitable, firms must be operationally resilient. An important part of any operational resilience strategy should focus on having effective governance arrangements in place. Having clear organisational direction, transparency over roles and responsibilities and effective internal co-ordination all lead to better resilience outcomes.

Market Abuse: The Business Plan also spoke of the FCA delivering assertive action on market abuse and working to ensure that firms and issuers have robust controls in relation to inside information and to disclose it to the market in an accurate and timely way. Understanding what good governance over the control of market abuse risks looks like and implementing the requisite processes to manage this, is critical for senior managers.

ESG: Unsurprisingly, the Business Plan referenced the FCA’s environmental, social, and governance (ESG) priorities and this included embedding consideration of ESG issues in the authorisation process. This includes considering factors such as D&I, the nature of the firm and the products and services to be offered and increasing supervisory focus on asset managers.

Crypto-assets: In relation to crypto-assets, the FCA made the point in the Business Plan that the UK currently only regulates such assets for money laundering purposes but these assets are increasingly being adopted and incorporated into existing financial services.  As per its statement in March the FCA reminded firms that when interacting with or exposed to crypto-asset services they remain responsible for assessing the risks to their business and consumers. 

As mentioned above, the FCA made a number of comments regarding its own governance arrangements which may also be applicable to firms. These include the FCA:

• Noting that the Business Plan was being published when the external environment is changing rapidly and flagging its adaptive approach to allocating resources and monitoring performance to make it more agile and able to respond to market needs; respond to today’s challenges and prepare for those of tomorrow (such as by understanding the impacts of digital developments).
• Recognising the need to use resources efficiently so the FCA has weighed the different outcomes it wants to achieve, looking at factors such as severity and probability of harm.
• Framing its activities by reference to the outcomes they achieve rather than the processes it follows.
• Committing to reporting publicly on outcomes and developing a set of metrics to be used to measure progress.
• Investing in its capability to become a data-led regulator as part of its transformation programme and exploring how it can use technology such as AI and increasing resource in intelligence and analytics to help spot and track fraudulent activity.
• Streamlining its decision-making process (so that the Regulatory Decisions Committee focusses on contentious enforcement cases) so it can act more decisively and swiftly.
• Engaging with devolved administrations and having a Devolved Nations team, recognising that different areas of the UK often have different needs.
• Challenging itself to find the limits of its powers.

Firms may find it useful to consider how they can incorporate and evidence similar approaches to governance in the context of their own businesses with a view to being in a better position to demonstrate compliance with the FCA’s expectations.