2020 is an unprecedented year for business. The global COVID-19 pandemic has decimated economies worldwide and with Brexit looming, the future for UK business is unclear. Just as Alice fell into Wonderland in Lewis Carroll’s Through the Looking Glass, we have fallen down an economic rabbit hole where nothing is certain and everything is possible.

Current economic challenges are well-documented but, as in any crisis, there are also opportunities for firms that are ready and willing to adapt their product offerings to thrive in the new normal (whatever this may be). Many things can help a business successfully seize the opportunities they are presented with. Amongst these, ensuring that the right permissions are in place to support business change (e.g. restructuring and unwinding) will become a key differentiator in the speed at which firms adapt to economic change. The ability to quickly draft and submit high-quality Variation of Permissions (VoP) applications will be an important differentiator enabling the rapid setup of new revenue-generating businesses lines to exploit opportunities created by the turmoil.

What is a VoP?

The permissions framework is an essential component of the UK regulatory regime. It enables the FCA and PRA to provide effective oversight of the Financial Services industry by ensuring only authorised (and therefore competent) institutions operate in each market. Financial institutions can apply for permission to;

1. Carry on further regulated activities (e.g. for permission to offer a new product or to deal with a new type of counterparty),
2. Reduce the number of regulated activities it is permitted to carry on; or
3. Vary the description of its regulated activities (including by the removal or variation of any limitations).

Most firms (from established Tier One banks to FinTechs to shadow banking market entrants) will have applied for a variation of permissions (VoP) at some point. For example, a Tier One Bank may have sought permission to offer a new product at a regional branch, or a FinTech market entrant might have sought permission to offer consumer credit or online deposits. Whilst the purpose, nature and content of these applications vary, the structure of the application is relatively consistent. All applications are supported by a detailed Regulatory Business Plan (RBP) providing information on the firm’s finances, corporate governance, why the permission is being requested, and how the firm will change should the requested variation be approved.

Aligning regulatory permissions

As businesses adapt and change it’s important to ensure that their regulatory permissions remain fit for purpose. Effective permissions management is an essential component of managing risk exposures and securing operational efficiencies, as well as being an important part of enabling new means of revenue generation. Existing permissions that are not used can expose a firm to unnecessary risk and excessive reporting requirements, whilst permissions gaps could result in an inability to react to market conditions, or worse, lead to regulatory fines and sanctions and possible reputational damage.

There are two key elements to permissions rightsizing; identifying permissions gaps / excess permissions, and submitting VoPs to add / remove permissions. In periods of rapid change, it’s the firms that can identify market opportunities and quickly and effectively align permissions to exploit these that stand to profit the most. As it can take up to six months to receive a decision on VoP applications, it’s therefore important that the permission analysis and variation application are completed and submitted as soon as possible after any business opportunity / permissions gap is identified.

Ensuring the application is comprehensive and of high quality is also important as minimising the queries received from the regulator post-application is vital to ensuring a swift decision. This is because the time taken to respond to queries does not count towards the regulator’s committed VoP application response time. For example, if a response is expected six months post-submission but a firm takes one month to respond to a query, the decision shouldn’t be expected until seven months post submission.

The regulator’s response

There are three potential outcomes for VoP applications: approval (sometimes with limitations or changes to the requested scope), a request to remove the application or rejection. If the correct steps are taken in preparing the application, a rejection or a request to remove is unlikely. This is because any errors, weaknesses, or flawed logic would have been identified and addressed prior to submission.

Firms should expect enhanced audit (both internal and external) and regulatory scrutiny of new businesses and products established following a successful VoP. They may also want to monitor the implementation and performance of new policies, processes, and systems (amongst others) to ensure they perform as expected during the initial period of operation. Failure to honour commitments made as part of the VoP application, to operate within any prescribed permissions limitations, or to ensure ongoing compliance with regulatory requirements could lead to sanctions, fines, and reputational damage. All of these outcomes would undermine the benefits gained from the VoP.

Out of the rabbit hole

Like Alice returning from Wonderland, we will undoubtedly emerge from 2020 with a new perspective and outlook on the world. Working practices, consumer habits, economic and political expectations will change and lessons will be learned as the world recovers from the trauma of the year. To thrive (even survive) in the post-COVID, post-Brexit reality, businesses must use every tool in their arsenal, including swiftly putting in place the right regulatory permissions to enable them to exploit all opportunities available. With the degree and pace of change happening at this time, firms would be wise to seek out strategic partnerships that can help them to adapt their permissions to ensure they are fit for purpose and profit-enabling rather than operational hindrances.

At BCS Consulting we work with our clients to understand their business model and to help them ensure they have the correct permissions in place to enable long term success. Do get in touch if you'd like more information on our experience in permissions analysis and VoP applications.