The UK’s Financial Conduct Authority (FCA) has just released its Business Plan for 2018/2019. While much of it focused on preparations for Brexit, it’s clear that there’s more on the regulator’s agenda. Here are the key issues raised:  

1.       Brexit: The Brexit issue is front and centre in the FCA’s Business Plan. Overall, the document positions the UK as an appealing place to domicile a financial services business. The FCA discusses its own plans for Brexit but urges firms to be aware of the risks. Firms should have Brexit strategies that cover the potential need to pivot business plans, re-domicile, restructure, or apply for new permissions. These plans should keep all possible Brexit outcomes in mind.

2.       MiFID II: The FCA acknowledged that MiFID II regulations have created challenges for both individual firms and markets. It plans to continue to assess its impact over the coming year and make adjustments where needed (and is able). At the same time, it will examine how firms are complying with new rules for best execution, inducements, and research unbundling, as well as new regulations around the use of trading algorithms.

3.       Technology: Across the entire Business Plan, the FCA positions itself as a cheerleader for the use of FinTech and RegTech to help firms create more intelligent systems and controls in their compliance processes.

The regulator supports several new initiatives, including a technology sandbox where firms can test the commercial and regulatory viability of their concepts. They seek to refine this concept and potentially create a cross-border sandbox with other national regulators. The FCA has also begun convening international TechSprints, bringing together a range of experts to focus on how new technology can be used to fight financial crime, such as money laundering, more effectively.

In the wake of GDPR, it’s also planning to review the data use by financial services firms, and is keeping an eye on the evolution of cryptocurrencies.

4.       Enforcement: The FCA appears to signal a ramp up of its enforcement activities in the coming year, particularly in the wholesale financial markets area. They plan to use new MiFID II regulatory reporting data to identify market abuse within the fixed income, commodity and non-standard derivatives markets. Firms should also use new systems and data resources to tackle market abuse and AML issues more proactively. The regulator also plans to look more closely at other culture and governance challenges, including remuneration, culture, and conflict of interest issues. Activity around MiFID II and GDPR compliance will also be significant areas of focus.

5.       Senior Managers and Certification Regime (SM&CR): The Business Plan announced that the FCA will confirm the SM&CR rules for asset management firms in due course. A policy statement and new rules – a code of conduct – will be published in the summer of 2018.

6.       Anti-money laundering (AML): This is set to be an area of considerable activity for the FCA. The EU’s 4th AML directive was implemented last summer – but the 5th and 6th AML directives are already coming down the pipeline. In addition, the regulator will be taking a closer look at money laundering in the capital markets using a thematic review. It will also work on a range of programs that the UK’s Home Secretary announced in December 2017, such as the reform of suspicious activity reports and the establishment of a new National Economic Crime Centre.

It’s likely this AML focus will be a trend for some time. The Financial Action Task Force’s mutual evaluation of the UK will conclude in October 2018, and there are sure to be outcomes of that activity that will require implementation. In the meantime, the regulator will look to see if firms are implementing the 4th AML directive in a risk-based way.

7.             Data security and resilience: Cyber risk continues to be a hot topic, and the FCA will strengthen supervisory assessments of high-impact firms and conduct thematic work on resilience at lower impact firms. It will be involved in a range of national initiatives and will work with the Bank of England to develop regulatory tools to better assess firms and identify potential cyber risks.

8.             Outsourcing and third-party concentration risk: The regulator will look at third-party risk with a focus on whether firms have the right systems and controls in place to support these outsourced arrangements. In addition, the FCA will examine the possible concentration risk of multiple firms using the same provider, potentially resulting in the magnification of a disruption. Several pieces of thematic work will be produced around this topic.  

9.             Liquidity management: The FCA is concerned about a potential liquidity mismatch at open-ended funds between underlying investments that could not be traded out on a daily basis and the potential need for redemptions in stressed market conditions. In the coming year, the regulator expects to announce new rules to help manage a possible cause of systemic risk, in particular in the property and infrastructure space.  

10.         Prudential capital rules: The EU is drafting new prudential capital rules that will be designed specifically for asset management firms. However, it’s likely to be post-Brexit before these rules are finalised. While overall the new rules are welcome, some firms may see an increase in their reporting and capital requirements. Meanwhile, the regulator would like to see firms improve their current prudential reporting practices.

Despite Brexit, firms can expect to see quite a lot of activity from the regulator in the coming 12 months. Overall, the FCA seems keen to engage firms in more use of FinTech and RegTech to solve risk and compliance challenges. It will also focus on fighting financial crime and market abuse, and enforcing a range of new rules that have come into force over the past 18 months.