The FCA's 2024 New Year resolutions

Originally published by Thomson Reuters © Thomson Reuters on 22/01/2024 

Well, what can we say about 2023? It was surprising and momentous in equal measure. The year ended with the same occupant in Number 10 as at the start and saw the first-ever King's Speech in parliament. It was also a big year for financial services.

In 2023, some key policy pieces fell into place in the UK and EU. In the UK, the Consumer Duty implementation date came and went, with a steady stream of portfolio letters from the Financial Conduct Authority (FCA) along the way. May 2023 also saw the introduction of the EU Retail Investments Strategy, laying out game-changing investor protection measures in Europe.

A number of post-Brexit structural reforms also took shape, even if the effect is not quite being felt yet. Two important pieces of post-Brexit legislation received Royal Assent: the Financial Services and Markets Act 2023 and the Retained EU Law (Revocation and Reform) Act 2023. This means in 2024 it is goodbye to all things "retained" and hello to all things "assimilated." There was also the introduction of a new gateway for authorised firms wishing to approve financial promotions, as well as the introduction of changes in relation to the marketing of high-risk investments.

While the UK grappled with retaining its reputation as a centre for fintech, crypotasset service providers felt the heat with a new financial promotions regime coming into force in October 2023 and FCA communications warning CASPs to get their house in order.

So, what should firms be looking out for in 2024? Politically, 2024 will be big, with elections scheduled in many key geographies. From a policy perspective, this often leads to a temporary slowdown in significant change.

While the exercise of prediction does not necessarily get easier, the establishment of the UK Regulatory Initiatives Grid certainly makes it quicker to look at what regulators have planned for the next year and beyond. As usual, the authors have added their own Ashurst take on them.

2024 Predictions

ChatGPT it?: clarity from UK regulators on AI in finance

2023 was a big year for AI. The UK government hosted an AI Safety Summit following the publication of its AI National Strategy. The EU was also on the brink of finalising the EU AI Act.

In October 2023, UK regulators published a feedback statement to their joint discussion paper (DP5/22) on AI and machine learning, which was released back in 2022. The feedback statement was part of the regulators' wider investigation into AI, which included the AI Public Private Forum. If readers were hoping for an indication of the regulators' likely policy direction on AI, they were likely left disappointed, however. The regulators kept their cards close to their chest, with the feedback statement giving little away.

2024 will hopefully give financial services greater clarity on the regulators' expectations of firms' use of AI and how the regulators will implement the government's cross-cutting principles that it expects sectoral regulators to be responsible for.

Sustainable rules for sustainability

2024 will see a raft of rules come into force from the FCA on sustainability labels and anti-greenwashing. Here, the FCA is playing catch-up compared to its international counterparts. Possibly expressly so.

Across the Channel, Europe has implemented sustainable disclosure requirements for some years now (under the Sustainable Finance Disclosure Regulation (SFDR) and Taxonomy Regulation) and has its sights set on the production and dissemination of ESG data to support this under the Corporate Sustainability Reporting Directive.

On the other side of the globe, the Australian Securities and Investments Commission (ASIC) has commenced a number of enforcement actions for greenwashing practices, noting that firms "don't have to make these claims. [Funds] are doing it to be attractive to investors." Failing to live up to those claims is "misleading and deceptive conduct," according to ASIC.

In 2024 the FCA will launch its own ESG labelling system for UK funds and an anti-greenwashing rule that comes into force in May 2024. Together, this is a big deal. The labelling regime is arguably more practical and pragmatic for funds than the European SFDR, but it is voluntary. The anti-greenwashing rule is arguably superfluous when you look at the powers the FCA already has under its fair, clear and not-misleading rule, so clearly, a point is being made there.

What will the FCA focus on? The carrot or the stick? Will it follow its European neighbours or its Australian peers? The authors think the focus will be on the latter rather than the former.

Not once and done for the Consumer Duty

The big news of 2023 was the introduction of the Consumer Duty, the FCA's flagship policy initiative intended to improve the standards of financial products and services being delivered to retail clients in the UK. The deadline for the Consumer Duty for "open products" was July 31, 2023. Focus has now turned to the July 31, 2024, deadline for closed book products, i.e., those that are no longer actively sold or marketed to retail clients.

The FCA has been on an awareness campaign for the last year or so in relation to Consumer Duty, and its energy shows no signs of letting up. It is rare that an FCA communication or policy development does not mention the Consumer Duty, so pervasive it is in nature.

It also adds to the FCA's armoury. Comprising a new principle for business and individual conduct rule, the real proof of the pudding will be when we see enforcement action taken due to a breach of Consumer Duty. Such action is likely to take some time, however, and until then, the authors expect further pointed and fairly specific warnings to firms in specific sectors as to what the FCA's expectations are under the Consumer Duty.

The real risk of non-financial misconduct

2023 was the year that the FCA finally set out in writing what it considers as non-financial misconduct. In its proposals on diversity and inclusion (FCA CP23/20), the FCA also included its draft handbook text setting out what amounts to non-financial misconduct.

Despite vociferous and vocal statements over the years about how "non-financial misconduct is misconduct plain and simple," the regulator itself has had limited success in bringing action against individuals for non-financial misconduct.

These proposals may change that, and if firms fail to heed the message from the new regulatory rules, the Financial Times' investigation of Crispin Odey and the subsequent fallout is a cautionary tale for everyone. It is certainly a strong illustration of why diversity, equity and inclusion (DEI), conduct and culture are non-financial risks that businesses must incorporate into their risk management frameworks at the very least.

2023 may perhaps be the year that the FCA opines on a real-world example of what it has now clearly set out as non-financial misconduct.

"Digital runs" trigger regulatory guidance

In 2023, the United States, UK and Switzerland (among others) experienced significant bank failures, with the two most prominent failures involving firms with large UK subsidiaries. For many, these failures represented the first real test of post-2008 financial crisis regulatory reforms. They also encouraged debate about the appropriateness of prudential regulation and the resolution framework.

As recently explained by Sam Woods, chief executive officer of the Prudential Regulation Authority (PRA), the post-crisis regulatory regime seeks to respond to bank failures via: microprudential supervision and regulation, i.e., ensuring firms have adequate financial resources and risk management; resolution policy, i.e., ensuring that failure of a bank is well-managed and prepared for; and international coordination between relevant stakeholders to contain such events.

The Bank of England's December 2023 publication on its approach to resolution noted that rapid bank failures, hastened in part by social media and digital banking, could substantially reduce the time left for contingency planning. Expect more from this area.

DORA is not just an Explorer

Significant work has been undertaken in the UK to establish outsourcing requirements and operational resilience obligations for financial services firms. With operational resilience, for example, in-scope firms had until March 31, 2022, to operationalise the policy framework with a further period to March 31, 2025, to show they can remain within their impact tolerances for each important business service.

Now, firms are turning their attention to the EU rules under the Digital Operational Resilience Act ("DORA"), which focuses on strengthening the financial sector's resilience to information and communication technology third parties.

2024 is expected to be the year when DORA stops being an exploration and the serious work starts. The authors expect a raft of regulatory and implementing technical standards this year, with much industry work being undertaken to support the January 17, 2025, deadline.

Those are the authors' predictions about what firms should be looking out for in 2024, but how did the authors do about their predictions last year?

2023 Predictions

More action from the EU and the UK about open finance

We called this one correctly.

Open finance refers to the extension of open banking-like data sharing to a wider range of financial products — such as savings, investments, pensions and insurance. 

We noted that both the EU and the UK had been quite active in this regard, with the UK publishing a feedback statement to its 2021 call for input, while the EU had followed its Digital Finance Strategy with a May 2022 consultation and November 2022 report.

We predicted that legislative proposals in the EU were likely to land in H1 2023 and that UK regulators would not want to be left significantly behind.

On June 28, 2023 — dubbed "Super Wednesday" — the European Commission issued legislative proposals for a revised payment services and e-money regime; and a new data-sharing regime forming Europe's open finance framework. The proposed open finance framework is contained in the new Financial Data Access Regulation #and covers almost all financial institutions, proposing a framework for the sharing.

In June 2023, the Joint Regulatory Oversight Committee, a body co-chaired by the Payment Systems Regulator (PSR) and the FCA, outlined future plans in relation to open banking. It confirmed that it would work with the government on a regulatory framework for open banking that would inform other data-sharing schemes. In October 2023, the government launched the Smart Data Discovery Challenge's open call for ideas. Part 3 of the Data Protection and Digital Information (No2) Bill, currently being reviewed by parliament, contains provisions relating to smart data schemes. Further plans were set out in the government's Autumn Statement 2023 to "kickstart a smart data big bang" by looking at how the new powers in the bill can be used in sectors such as finance.

Open finance still has some way to go, but 2023 certainly took it further down the road.

More regulatory action in relation to investment consultants

We called this one correctly.

On this one we referred to concerns about investment consultants which had been raised by the FCA, notably market concentration and conflicts of interest within the investment consultancy model. According to the FCA's interim and final reports on its asset management market study, defined benefit (DB) pension schemes represented the largest client base for investment consultants. The report argued that not all consultants offered bespoke advice for individual clients and that smaller pension schemes risked getting the same advice given to multiple clients and not tailored to their needs.

In June 2023, the Work and Pensions Committee published a report on defined benefit pensions which noted a key weakness in the sector as the ability of pension scheme trustees to ensure they get good advice. The report recommended that the government progress plans for investment consultants to be brought within the FCA's regulatory perimeter. This was followed in October 2023 by a meeting between the Economic Secretary to the Treasury and the FCA's chief executive relating to the FCA's perimeter, where the merits of bringing investment consultants into the regulatory perimeter were discussed. Confirmation followed that HM Treasury would outline timeframes for bringing investment consultants into the perimeter.

More action from the FCA on consumer credit information 

We called this one correctly.

Credit information provides insight into an individual's financial standing, underpinning lending decisions made by retail lending firms. In 2019, the FCA launched a study on the credit information sector, owing to concerns#about the quality of credit information and the extent of consumer engagement and understanding.

In December 2023, the FCA published the Credit Information Market Study and Final Report. The FCA proposed remedies, including a mandatory reporting requirement for all FSMA-regulated data contributors to certain CRAs to reduce the scope for differences in key data between CRAs and encourage comprehensive credit information (to allow lenders to have a more informed view of financial circumstances); a common data reporting format to improve consistency and granularity of credit information across CRAs; #and streamlined consumer access to credit information, including statutory credit reports.

The FCA confirmed that it expected to begin consulting on new measures, including the introduction of a mandatory reporting requirement, by the end of 2024. The FCA confirmed an interim working group would be launched in January 2024# to provide recommendations to the FCA on the design, implementation and operation of the new Credit Reporting Governance Body.

Yet more action on the regulatory hosting model 

Again, we called this one correctly.

We noted that we expected greater regulatory scrutiny of appointed representatives by the government and the FCA, notably a policy statement containing stricter requirements in relation to oversight provided by principals in respect of appointed representatives.

We referred to the "regulatory hosting" model where, rather than undertaking any substantive proportion of the regulated activity itself, the principal oversees the use of its permissions by appointed representatives.

In July 2023, the FCA published a webpage for principal firms acting as regulatory hosts, setting out key responsibilities and noting that regulatory hosts receive more complaints and were involved in more FCA supervisory cases on average than other principals. In September 2023, the FCA published a webpage on improving the Appointed Representatives regime through greater use of data. The FCA noted that new data requirements meant it was able to ascertain which firms were operating the hosting model and has since heightened its supervisory scrutiny. It stated that some regulatory hosts are reviewing and amending their approaches to overseeing their ARs as a result.

The first Big Tech company will obtain a banking or credit licence or announce that it is applying for one.

We've saved the best for last. This was our most interesting prediction. We are not admitting total defeat, but this did not exactly happen. We referred to the increasing digitalisation of financial services and the expanding footprint of Big Tech and the 2022 FCA discussion paper. This noted that Big Tech firms have some FCA permissions to carry out business in retail financial services (with some obtaining payments permissions and e-money permissions, as well as consumer credit and insurance permissions) but that none had yet received permissions to provide products and services in deposits or mortgages. The FCA published a feedback statement in July 2023 and a call for input in November 2023. There is clearly more to follow in this area, so watch this space.

4/5 is not bad. But let's see what 2024 will bring!