What should be on your Compliance Roadmap for 2022?

2021 was a year of change, enforcement and lessons.

We witnessed the finalising of rules for new regimes such as the Investment Firm Prudential Regime (IFPR) and the Financial Conduct Authority (FCA) recalibrating under the leadership of Nikhil Rathi, the new CEO.

We saw sustained public scrutiny of the FCA at government select committees contrasted with significant fines and action taken against firms for compliance failings. 

International standard-setting bodies like the Financial Action Task Force (FATF) and the International Organization of Securities Commissions (IOSCO) expanded their standards for crypto markets. We covered the FATF Crypto Guidance here.

With each change to the compliance landscape, there are lessons to be learned to take into 2022. The best part is that we have summarised this for you below.

Key compliance themes from 2021

FCA Transformation Programme

In the fallout from London Capital & Finance (LCF) and subsequent recommendations made by Dame Gloster, the FCA continued implementing its transformation programme. 

The objective is to transform the FCA into a more innovative, assertive and adaptive regulator. 

Operational changes, including enhanced decision-making powers for front-line supervisors and staff training are set to make getting FCA authorised more painful due to higher levels of scrutiny. It also means that malpractice can be detected sooner and responded to swiftly. Noteworthy papers to check in this regard are: 

• CP21/28: New cancellation and variation power: Changes to the Handbook and Enforcement Guide - link
• PS21/16: Issuing statutory notices – a new approach to decision makers - link
• FCA Letter to John Glen MP - Progress of the FCA’s Transformation Programme - link

Consumer protection

With the economic turmoil introduced by pandemic-related restrictions, it comes as no surprise that the FCA acted decisively to intervene and protect consumers. As we know, consumer protection is also one of its operational objectives. Perforce, key initiatives include:

• Publishing 2 consultation papers on the new Consumer Duty, of which fair value for money is a key component
• Publishing FAQs on it’s finalised guidance for the treatment of vulnerable customers 
• Launching an £11m InvestSmart campaign to warn people about high-risk investments
• Securing over £5m in consumer redress for unauthorised investment business
• A ban on ‘price-walking’ in the insurance sector - see PS21/5
  

Enforcement actions

2021 was the FCA’s biggest year in terms of fines, totalling £568 million against firms and individuals for rule breaches, including for financial crime. 

NatWest has received much press attention for receiving the first ever criminal conviction brought by the FCA for failing to maintain adequate anti-money laundering systems and controls. They were fined £265 million. We recommend reading through the Full Statement of Facts to learn from their failings and learn what not to do.

In December, HSBC received a £63.9 million fine for deficient transaction monitoring controls. You will find the related FCA Decision Notice insightful.. 

Financial crime is evidently high on the FCA agenda with multiple Dear CEO letters (here and here) reminding firms of their obligations. 

What to add to your radar

The best sources to scope out your 2022 compliance plans is to check out the FCA’s 2021/22 Business Plan and in particular Regulatory Initiatives Grid.

The FCA business plan echoes its transformation plans in that it commits to becoming more innovative, more assertive and more adaptive. In addition to it’s expected consumer protection work, the regulator will continue to focus on fraud, operational resilience and financial resilience.

Questions you should ask yourself:

• Is your financial crime risk assessment up-to-date? Does it factor in both regulated and unregulated activities?
• Are your fraud controls documented? Are they effective and proportionate?
• Have you undertaken an assessment of your suppliers and vendors to ascertain whether any of them are ‘critical’ or ‘important’? Do your contracts with them include audit/SLA controls?
• Are your operational procedures documented and reasonable? Are risks managed with due skill, care and diligence? Have you conducted a gap analysis of PS21/3?
• If you are an investment firm, are you prepared for IFPR? Have you documented your Internal Capital Adequacy and Risk Assessment (ICARA) process yet?
• Do you have sufficient runway to operate?
  

These are not necessarily easy questions to answer but we hope that they steer you in the right direction to keep your business compliant. 

In terms of upcoming regulatory initiatives the rules around Strong Customer Authentication (relevant to banks and payments firms) come into force in March. Given their implementation has been delayed twice, we expect firms to be prepared. If your firm isn’t, however, we recommend you start making changes as soon as possible to avoid issues with FCA supervision. 

You can read the Regulatory Initiatives Grid for yourself but some noteworthy changes you should prepare to respond to are:

• More onerous changes to the Appointed Representatives Regime - see our post on this here
• Further changes to HMT’s list of high-risk third countries subsequent to planned FATF plenary meetings - the latest changes can be found here
• The Payment Systems Regulator (PSR) to publish it’s 5-year strategy
• Stricter rules around the Financial Promotions Regime, particularly for high-risk investments
• A review of wholesale markets by the FCA
• Continued progress by the Bank of England regarding a Central Bank Digital Currency (CBDC)
• Continued regulatory clarity on ESG and the UK Green Taxonomy
• The Senior Managers and Certification Regime (SM&CR) being extended to payments and e-money firms
  

The deluge of regulatory changes doesn’t look set to slow this year. But with the right support to hand, adjusting to the changes can be much easier. Should you require expert support, contact us today and a member of our team will be happy to assist.