UK Financial Services Regulation – 2020 Year-End Review

January 14, 2021

Click for PDF

In an unprecedented year for UK regulated firms and the Financial Conduct Authority (“FCA”), the regulatory agenda has at times seemed dominated by the global pandemic. However, regulated firms should be mindful of the regulatory direction of travel. This client alert assesses the regulatory landscape, now and in the coming years, through the prism of three areas of increasing regulatory focus: governance, culture and individual accountability; conduct and enforcement; and operational and financial resilience. This client alert provides practical guidance to firms to ensure continuing compliance with regulatory expectations in each of these three areas. The regulatory landscape has also been impacted as a result of the ending of the Brexit transition period on 31 December 2020. The FCA’s actions over last year will be shown to be indicators of the type of regulator that the FCA may seek to be post-Brexit.

The Gibson Dunn UK Financial Services Regulation team looks forward to discussing the matters outlined in this alert in further detail. For more analysis, please join us for our upcoming complimentary webinar presentation on 27 January 2021: UK Financial services regulatory update: what happened in 2020 and what to expect in 2021 and beyond (to register, click here).

Executive Summary

Governance, culture and individual accountability

  • It is important that firms have strong governance frameworks that allow their culture and values to drive decision-making across the business.
  • A key barometer that a firm is meeting the FCA’s expectations is the effective  implementation of the Senior Managers and Certification Regime (“SMCR”). In 2021 and beyond, we anticipate an increase in enforcement action from the FCA in this area, as we move away from the implementation phase of the SMCR for solo-regulated firms.

Conduct and enforcement

  • Working from home poses particular challenges for firms when monitoring the conduct of staff. However, the FCA expects firms to have appropriate systems and controls in place to manage the enhanced conduct risks that arise in the context of the pandemic and it is likely that there will be a regulatory review of how firms treated clients at the time.
  • The regulatory direction of travel has been to push firms to think more broadly in terms of what types of misconduct they need to tackle with an increased focus on non-financial misconduct and how this reflects the culture of the firm.

Operational and financial resilience

  • These have been a particular area of FCA focus for some time. The pandemic is indicative of the type of scenario that firms must be prepared for, however, it is only one of many scenarios which the FCA would expect firms to factor into risk assessments and business continuity plans.
  • We anticipate that the FCA will conduct a detailed retrospective review of firms’ operational and financial resilience throughout 2021.

Post-Brexit UK regulatory outlook

  • Prior to the conclusion of the EU-UK free trade agreement (discussed further below), the government produced a number of documents that indicate what a post-Brexit UK regulatory framework may look like. The UK approach is intended to “to ensure that [the UK] regulatory regime has the agility and flexibility needed to respond quickly and effectively to emerging challenges and to help UK firms seize new business opportunities in a rapidly changing global economy.”
  • The UK Government’s willingness to diverge from the EU in certain regulatory matters raises important questions regarding the likelihood of any future EU equivalence decisions.

The year in review

2020 was an unprecedented year for both UK regulated firms and the FCA. Both had to adjust to a “new normal”, which in most cases included initiating working from home contingency planning. The regulatory agenda for the year was in many ways dominated by the global pandemic. This is illustrated by the FCA’s annual Business Plan[1], which was heavily influenced by tackling the impact of COVID-19. In response to the pandemic, the FCA delayed certain regulatory initiatives and indicated regulatory forbearance in a number of areas, while maintaining the emphasis on the importance of treating customers fairly[2].

However, the FCA continued to advance certain areas of regulatory focus. It is, therefore, possible to identify key themes that the FCA focused on during 2020 and is likely to pursue in the coming months and years. In particular, this client alert will focus on three important areas of regulatory interest: (1) governance, culture and individual accountability; (2) conduct and enforcement; and (3) operational and financial resilience. These key areas can be assessed in terms of the FCA’s developments during 2020 but also what regulated firms need to be aware of in terms of each of these areas going forward.

(1)  Governance, culture and individual accountability

“The specifics of your culture, like your strategy, remain up to you as leaders. But there is a growing consensus that healthy cultures are purposeful, diverse and inclusive.”[3]

Governance, culture and individual accountability are inextricably linked. As the quote above from the FCA suggests, the FCA will not dictate what a firm’s governance model or culture should be. Both are firm-specific, however, firms should be wary of the FCA’s expectations.

The FCA’s Approach to Supervision document[4] notes that the key cultural drivers in firms are: purpose; leadership; approach to rewarding and managing people; and governance. Last year the FCA reiterated the importance of these factors in its annual Business Plan and in a discussion paper on driving purposeful cultures.[5]

The importance of good governance, in particular, forms a common thread through the FCA’s supervisory correspondence to key industry sectors. For example, the FCA has emphasised that it is “important that firms have strong governance frameworks that allow their culture and values to drive decision-making across the business, including its approach to dealing with all kinds of misconduct. It is also critical that firms are headed by effective boards, with a suitable mix of skills and experience, to conduct appropriate oversight of the firms’ risks, strategy, policies and controls”.[6]

A key barometer that a firm is meeting the FCA’s expectations is the effectiveness of its implementation of the  Senior Managers and Certification Regime (“SMCR”). The introduction of the SMCR was driven by a perceived lack of individual accountability and governance failings post-financial crisis. For the majority of solo-regulated firms, the SMCR has now applied for over a year, whilst a similar regime for banks and insurers has applied since 2016. The implementation of the SMCR is an iterative process. What constituted adequate implementation for 9 December 2019 will not necessarily be sufficient now. Firms should be considering how their implementation can be tested and enhanced.

Key practical steps for firms

  • Take stock of the firm’s current governance arrangements to identify any areas in which there is a need for improvement. For example:
    • are there clear accountabilities for those activities which affect outcomes, with appropriate delegation and escalation?
    • is a robust risk framework in place under which accountable individuals identify, monitor and mitigate key risks of harm?
    • is there strong and independent Board oversight and challenge?
  • From a “firm culture” perspective, whilst the focus is now also on the “tone from above” (such as immediate line managers), it is clear that “tone from the top” still remains crucial. Firms should think about what their CEOs, business line heads and other senior individuals say – and what they do not say – in this context. Further, are messages from the top, including corporate purpose and values, translated in a meaningful way to the specific roles and responsibilities, targets and objectives at the individual and unit level across the firm?
  • One year on from the coming into force of the SMCR for solo-regulated firms, review the firm’s implementation of the regime to identify any weaknesses and take any required remedial action.

(2)  Conduct and enforcement

“We will remain vigilant to potential misconduct. There may be some who see these times as an opportunity for poor behaviour – including market abuse, capitalising on investors’ concerns or reneging on commitments to consumers…Where we find poor practice, we will clamp down with all relevant force.”[7]

A key indicator of a firm’s culture is its practical response to compliance issues and, in particular, instances of potential misconduct. Market abuse (including the handling of confidential information)[8] and personal account dealing[9] remain perennial areas of regulatory focus. Working from home poses particular challenges for firms when monitoring the conduct of staff. However, the FCA expects firms to have appropriate systems and controls in place to manage the enhanced conduct risks that arise in the context of the pandemic.[10]

The pandemic undoubtedly had an impact on enforcement action, for example, instances of regulatory forbearance and the FCA holding back on searches / warrants.  The FCA issued the lowest number of fines since its establishment in 2013:

Chart-Number of fines issued by the FCA between 2013 and 2020

However, the FCA took a number of high-profile enforcement actions against firms. For example, in 2020, the FCA continued to take action against firms for market misconduct[11], failures to show forbearance and due consideration to customers in financial difficulty[12] and took the first UK enforcement action under the Short Selling Regulation.[13]

The regulatory direction of travel has been towards an increased focus on non-financial misconduct and how this is tackled by firms. A increasing challenge for regulated firms is how to address non-financial misconduct and, in particular, non-financial misconduct that takes place outside of the workplace.[14] In response to the Me Too movement in 2018, firms introduced corrective responses to this important issue. However, in 2021 the FCA would expect a thorough and well-thought out response. Diversity and inclusion are now rightly integral to the FCA’s assessment of a firm’s culture.

Key practical steps for firms

  • As required under the SMCR, check that the firm has a robust process to ensure that senior managers and certification staff are “fit and proper”, both on joining and on an ongoing basis.
  • Review the firm’s processes for the handling and escalation of misconduct. For example, review the firm’s whistleblowing procedures and make sure that staff are appropriately trained and have an understanding of their obligations to inform the firm of relevant matters.[15]
  • Consider whether the firm’s remuneration structure incentivises appropriate or inappropriate behaviour.

(3)  Operational and financial resilience

“We expect all firms to have contingency plans to deal with major events and that these plans have been properly tested.”

“…financial pressures could give rise to harm to customers if firms cut corners on governance or their systems and controls – for example, increasing the likelihood of financial crime, poor record keeping, market abuse and unsuitable advice and investment decisions.”[16]

It will come as no surprise that the FCA focused on regulated firms’ operational and financial resilience during 2020. For example, the FCA issued statements to firms outlining its expectations on financial crime systems and controls and information security during the pandemic.[17] In addition, in June and August 2020, the FCA issued a COVID-19 impact survey to help gain a more accurate view of firms’ financial resilience. This mandatory survey was repeated in November 2020 to understand the change in firms’ financial positions with time.[18]

However, the regulatory focus on operational and financial resilience goes beyond the pandemic. In December 2019 the FCA, alongside the Prudential Regulation Authority and the Bank of England, published a joint consultation paper on operational resilience.[19] The pandemic is indicative of the type of scenario that firms must be prepared for, but it is one of many scenarios for which the FCA would expect firms to factor into risk assessments and business continuity plans.

Similarly, the FCA’s focus on financial resources is wider than in the context of the pandemic. The FCA has indicated that it will implement its own version of the Investment Firms Regulation and that the new regime will come into force on 1 January 2022. The FCA has also published final guidance on a framework to help financial services firms ensure they have adequate financial resources and to take effective steps to minimise harm.[20] In particular, the FCA notes that the guidance does not place specific additional requirements on firms because of COVID-19, but the crisis underlines the need for all firms to have adequate resources in place and to assess how those needs may change in the future.

Key practical steps for firms

  • Review the firm’s business continuity plan and risk assessment to ensure that they are comprehensive and stand up to scrutiny. For example, make sure any risks associated with “working from home” are incorporated and mitigated as far as possible.
  • Re-visit the firm’s assessment of its adequacy of financial resources, in light of the FCA’s published guidance, referred to above.

Forward looking regulatory priorities

Looking to the future, it is very likely indeed that the FCA’s priorities will, at least in part, mirror those areas of focus in 2020 (being: (1) governance, culture and individual accountability; (2) conduct and enforcement; and (3) operational and financial resilience).

(1) Governance, culture and individual accountability

Whilst the FCA has been relatively quiet from an enforcement perspective to date, firms should not be drawn into a false sense of security. This is particularly the case given that the extension of the regime brought within scope a significant number of firms (approximately 47,000). Additionally, a number of these firms are also more likely to be viewed as “low hanging fruit” by the FCA – some firms will perhaps have less sophisticated governance procedures in place (meaning potentially more breaches) and it will be much easier for the FCA to identify the decision-making processes of these solo-regulated firms when it is investigating breaches.

As at 17 August 2020, there were 25 open FCA investigations relating to senior managers. Of these, the majority related to retail misconduct, wholesale misconduct and senior manager conduct rule breaches.

It appears that resolution of these matters has been delayed by the pandemic but we expect to see some of these senior manager outcomes in 2021. We also anticipate an increase in new enforcement action from the FCA in this area, as we move away from the implementation phase of the SMCR for solo-regulated firms.

(2) Conduct and enforcement

As noted above, there is evidence to suggest that the pandemic has had some impact on enforcement action, for example, instances of regulatory forbearance and the FCA holding back on searches / warrants. However, it is likely that there will be a regulatory review of how firms treated clients during pandemic. As the FCA’s pronouncements since March 2020 have indicated, regulatory forbearance in certain areas does not replace regulated firm obligations under the regulatory system and, in particular, to treat customers fairly. It is highly likely that the FCA will conduct a retrospective review of firms’ conduct.|

This will likely include a review of firms’ financial crime controls during the pandemic.  In Guidance it issued in May, the FCA acknowledges operational issues faced by firms but was clear that firms should not adjust their risk appetites in the face of new risks.[21]  There will undoubtedly be a focus on fraud and other crimes committed during the pandemic, and firms will face scrutiny if there were red flags that were missed or not escalated.  Firms may wish to, therefore, take the opportunity now to review the efficacy of the controls they have in place, as a general “health check”.

As at 17 August 2020, there were 571 open FCA investigations, with a significant focus on consumers, with retail misconduct accounting for 192 of these investigations. Other common areas responsible for investigations included: unauthorised business (103); insider dealing (60); financial crime (57); financial promotions (49) and wholesale conduct (33). We would, therefore, expect a number of these investigations to crystallise into final notices producing a series of messages around expected standards throughout the course of 2021.

Another potential area of regulatory focus in the conduct space is the transition from LIBOR. The FCA has already indicated that a member of senior management should be responsible for LIBOR transition, where applicable to the business.[22] Firms need to consider whether any LIBOR-related risks are best addressed within existing conduct risk frameworks or need a separate, dedicated program. Amongst other things, firms should keep appropriate records of management meetings or committees that demonstrate they have acted with due skill, care and diligence in their overall approach to LIBOR transition and when making decisions impacting customers.

(3) Operational and financial resilience

As noted above, whilst the pandemic firmly brought the operational and financial resilience of firms into the FCA’s cross-hairs, this was a particular area of interest of the regulator pre-COVID-19. As stated by the FCA’s Executive Director of Supervision: Investment, Wholesale and Specialist in December 2019, the “[FCA’s] intention is to bring about change in how the industry thinks about operational resilience – a shift in mindset as it were – informed and driven by the public interest.[23]

The industry disruption caused by the pandemic, however, provides the FCA with an invaluable opportunity in a “real life” context, as opposed to simulated scenario, to kick the tyres of firms’ policies and procedures in order to determine how they coped with the operational and financial stresses brought about during the unprecedented circumstances of 2020. Whereas in 2020, the focus of the regulator was much more reactive, in terms of (for example) issuing statements outlining its expectations on financial crime systems and controls, we anticipate that 2021 will be much more centred around retrospective reviews of firms – for example, through looking at their business continuity plans, amongst other things.

Post-Brexit UK regulatory framework

The route map

A long awaited free trade agreement between the UK and EU was agreed on 24 December 2020, governing their relationship post-Brexit transition period. The financial services industry is addressed in the agreement, albeit to a much lighter extent than for goods and other services. The contents of the provisions on financial services are unlikely to come as a great surprise to the industry – amongst other things, the agreement does not provide for passporting rights nor address equivalence decisions. It is worth noting, however, that a joint declaration  draft states that the parties will, by March 2021, agree a memorandum of understanding establishing the framework for structured regulatory co-operation on financial services. The aim of this is to provide for transparency and appropriate dialogue in the process of adoption, suspension and withdrawal of equivalence decisions.

In the months leading up to the eventual conclusion of the free trade agreement, the UK government produced a number of documents that indicate what a post-Brexit UK regulatory framework may look like. The Financial Services Bill[24] states that the UK Government has a number of objectives including: (1) enhancing the UK’s world-leading prudential standards and promoting financial stability; (2) promoting openness between the UK and overseas markets; and (3) maintaining the effectiveness of the financial services regulatory framework and sound capital markets. The UK Government has also published the Phase II consultation of its Financial Services Future Regulatory Framework Review.[25] The UK Government’s approach is intended to “to ensure that [the UK] regulatory regime has the agility and flexibility needed to respond quickly and effectively to emerging challenges and to help UK firms seize new business opportunities in a rapidly changing global economy.”

In its response to the global pandemic, the FCA’s actions are also indicative of the type of regulator it may be post-Brexit. Through its exercise of regulatory forbearance, for example, the FCA has proven itself to be more nimble and pragmatic.

Regulatory divergence

The UK approach in an environmental, social and governance (“ESG”) setting is another sign as to what the industry might expect in a post-Brexit world. Rather than onshore the EU Sustainable Finance Disclosure Regulation, the UK has announced that it will introduce disclosure rules aligning with the recommendations of the Task Force on Climate-related Financial Disclosures (“TCFD”).[26] This will make the UK the first country in the world to make TCFD-aligned disclosures mandatory. It was also announced that the UK will implement a green taxonomy – a common framework for determining which activities can be defined as environmentally sustainable. This will take the scientific metrics in the EU taxonomy as its foundation and a UK Green Technical Advisory Group will be established to review these metrics to ensure they are appropriate for the UK market.

Whilst this by no means signals a radical departure from the EU in terms of regulatory approach – indeed, the UK Government has flagged the need in the ESG sphere for, where possible, consistency between UK and EU requirements – the UK Government’s willingness to diverge from the EU in certain regulatory matters raises important questions regarding the likelihood of any future EU equivalence decisions.

The global stage

Perhaps in common with the UK’s desire to remain a key player on the global stage post-Brexit, despite not forming a part of the more influential EU, the FCA is also keen not to become isolated from other regulators across the world and to keep working closely on matters spanning different jurisdictions. By way of an example, the TFS-ICAP final notice[27] (under which the FCA fined TFS-ICAP Ltd, an FX options broker, £3.44 million for communicating misleading information to clients), indicated that the FCA continues to work in tandem with overseas regulators (in this instance, the Commodity Futures Trading Commission in the United States).

Conclusion

Firms may be lured into a false sense of security that they can in some way “take the foot off the gas” from a regulatory perspective after having made it through a tumultuous 2020. However, this could not be further from the truth. Whilst 2020 was an unprecedented year, the FCA by no means gave firms carte blanche when it came to regulatory compliance, particularly in instances where there is a risk of customer detriment. It is in 2021 that we expect to see action from the FCA towards those firms who did not meet its expectations. This will be the case not just for firms but also, as we move away from the implementation phase of the SMCR for solo-regulated firms, individuals as well.


[2] For example: Press Release, “FCA highlights continued support for consumers struggling with payments”, 22 October 2020 (https://www.fca.org.uk/news/press-releases/fca-highlights-continued-support-consumers-struggling-payments)

[3]  Speech by Jonathan Davidson, Executive Director of Supervision – Retail and Authorisations, Financial Conduct Authority, “The business of social purpose”, 26 November 2020 (https://www.fca.org.uk/news/speeches/business-social-purpose)

[5] FCA Discussion Paper (DP 20/1), “Transforming culture in financial services: Driving purposeful cultures”, March 2020, here.

  [6]  FCA Dear CEO letter to wholesale market broking firms, 18 April 2019 (https://www.fca.org.uk/publication/correspondence/dear-ceo-letter-wholesale-market-broking-firms.pdf)

[11] FCA Final Notice, TFS-ICAP, 23 November 2020 (https://www.fca.org.uk/publication/final-notices/tfs-icap-2020.pdf)

[12] FCA Final Notice, Barclays Bank UK PLC, Barclays Bank PLC, Clydesdale Financial

Services Limited, 15 December 2020 (https://www.fca.org.uk/publication/final-notices/barclays-2020.pdf)

[16] Speech, Megan Butler, Executive Director of Supervision – Investment, Wholesale and Specialists, FCA, “The FCA’s response to COVID-19 and expectations for 2020”, 4 June 2020 (https://www.fca.org.uk/news/speeches/fca-response-covid-19-and-expectations-2020)

[18] FCA webpage, “Coronavirus (Covid-19) Financial Resilience Survey”, updated 6 November 2020 (https://www.fca.org.uk/news/statements/coronavirus-covid-19-financial-resilience-survey)

[19] FCA Consultation Paper (CP19/32), “Building operational resilience: impact tolerances for important business services and feedback to DP18/04”, December 2019 (https://www.fca.org.uk/publication/consultation/cp19-32.pdf)

[20] FCA Finalised Guidance (FG 20/, “Our framework: assessing adequate financial resources”, June 2020 (https://www.fca.org.uk/publication/finalised-guidance/fg20-1.pdf)

[21] https://www.gibsondunn.com/covid-19-uk-financial-conduct-authority-expectations-on-financial-crime-and-information-security/

[22] FCA Dear CEO letter, “Asset management firms: prepare now for the end of LIBOR”, 27 February 2020 (https://www.fca.org.uk/publication/correspondence/dear-ceo-asset-management-libor.pdf)

[23]  Speech, Megan Butler, Executive Director of Supervision: Investment, Wholesale and Specialist, FCA, “The view from the regulator on Operational Resilience”, 5 December 2019 (https://www.fca.org.uk/news/speeches/view-regulator-operational-resilience)

[25] HM Treasury, CP305, “Financial Services Future Regulatory Framework Review Phase II Consultation”,  October 2020, here.

[26]  Policy Paper, “UK joint regulator and government TCFD Taskforce: Interim Report and Roadmap”, 9 November 2020 (https://www.gov.uk/government/publications/uk-joint-regulator-and-government-tcfd-taskforce-interim-report-and-roadmap)

[27]  FCA Final Notice, TFS-ICAP, 23 November 2020 (https://www.fca.org.uk/publication/final-notices/tfs-icap-2020.pdf)


Gibson Dunn’s UK Financial Services Regulation team looks forward to discussing the matters outlined in this alert in further detail in a client webinar in the near future, details of which will be provided shortly. Please feel free to contact the Gibson Dunn lawyer with whom you usually work, or any of the following authors:

Michelle M. Kirschner (+44 (0) 20 7071 4212, [email protected])
Matthew Nunan (+44 (0) 20 7071 4201, [email protected])
Steve Melrose (+44 (0) 20 7071 4219, [email protected])
Martin Coombes (+44 (0) 20 7071 4258, [email protected])
Chris Hickey (+44 (0) 20 7071 4265, [email protected])

© 2021 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.