In the first few weeks of 2020, the FCA has already issued a ‘Dear CEO’ letter as well as two portfolio letters addressed to chief executives.
Do these letters give us an insight into the Authority’s current priorities? Can they give Compliance teams a steer on what the regulator is looking for in 2020? We look at the clues they can give us about the FCA’s current areas of focus.
What are FCA Dear CEO and Portfolio letters?
The regulator writes Dear CEO letters when it wants to bring chief executives’ attention to a single area it considers high-risk. Portfolio letters take a deep dive into an entire market.
Writing recently in Money Marketing, legal and compliance expert Simon Collins says that the three recent letters ‘provide a clear line of sight for FCA intentions over the coming months’, suggesting that the regulator ‘is not satisfied the profession has done enough to minimise customer harm events’.
What can the letters tell Compliance teams?
The three letters cover different subjects, but there is common ground and some consistent themes between them. Compliance teams can therefore use them to gain an insight into what the regulator is focusing on in 2020.
The Dear CEO letter, aimed at wholesale insurance firms, hones in on non-financial misconduct – something sparked by stories of inappropriate conduct at Lloyds of London, raising wider issues of corporate culture, including concerns around a lack of diversity and inclusion.
The first portfolio letter looks at issues specific to the asset management industry around product governance and responses to the FCA’s asset management market study, alongside EU withdrawal and accountability issues.
The second portfolio letter covers suitability of advice, as well as some specific issues that potentially impact advice firms’ sustainability.
Taken as a whole, the three letters have clear messages for Compliance teams about how they might focus their time to align with FCA priorities.
The regulator plans to assess how effective current governance approaches are. We looked recently at reports that FTSE100 firms could do better on governance.
The FCA will also review firms’ success in implementing the Senior Managers & Certification Regime.
If this is something your business is struggling with, knowing that it’s in the regulator’s sights may focus attention on improving your performance here. ‘Embedding SMCR’ was one of the FCA priority areas we identified in a recent blog, following the extension of the regime to cover some 47,000 firms.
You might want to brush up on the final rules on the extension of the regime, which were published by the FCA last summer. At the time, we published a blog which you might find useful, SMCR is coming to solo-regulated firms; what do you need to know?
- Technical resilience and cyber-risk
The regulator is also keen to understand how firms are managing their technology risks. With regtech and innovation priorities for many businesses, Compliance teams need to ensure that any new solutions meet regulatory requirements, as well as solving their technical challenges.
- Avoiding harm to customers
This is an ongoing priority area for the FCA. Corporate culture is again vital here; putting in place a culture where fair treatment is central to your ethos will help to ensure that the risk of harm to consumers is minimised. We have tips on how to ensure customers are treated fairly in our recent blog looking at the ‘loyalty penalty’.
All the issues raised in the letters can be closely inter-linked. For instance, you can help to avoid harm to consumers by ensuring your systems and technologies are robust – and by swiftly addressing any issues that arise; cyber-breaches.
The FCA’s actions are a good bellwether of their priorities and the areas where they will be most closely scrutinising the businesses under its remit. Compliance teams can use the recent letters to identify areas where you should be paying close attention.
Creating a compliant culture
A compliant culture, where ethics and the ‘right’ behaviours permeate the entire organisation, is the holy grail for boards looking to meet regulatory requirements. But this can be tricky to achieve.
If this is something your business is still trying to achieve, you can download a copy of our whitepaper, How to embed a compliance culture into your business. The paper is free, and you can download a copy from our resource library.
Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.