The retail banks were responsible for the highest number of reports (486) – almost 60% of the total. This was followed by wholesale financial markets on 115 reports and retail investment firms on 53.
The root causes for the incidents were attributed to third party failure (21% of reports), hardware/software issues (19%) and change management (18%).
The FCA has recently warned of a significant rise in outages and cyber-attacks affecting financial services firms. It has also called on regulated firms to develop greater cyber resilience to prevent attacks and better operational resilience to recover from disruptions.
According to the new data obtained by RSM, there were 93 cyber-attacks reported in 2018. Over half of these were phishing attacks, while 20% were ransomware attacks.
Commenting on the figures, Steve Snaith, a technology risk assurance partner at RSM said: "While the jump in cyber incidents among financial services firms looks alarming, it's likely that this is due in part to firms being more proactive in reporting incidents to the regulator. It also reflects the increased onus on security and data breach reporting following the GDPR and recent FCA requirements.
"However, we suspect that there is still a high level of under-reporting. Failure to immediately report to the FCA a significant attempted fraud against a firm via cyber-attack could expose the firm to sanctions and penalties from the FCA.
"As the FCA has previously pointed out, eliminating the threat of cyber-attacks is all but impossible. While the financial services sector emerged relatively unscathed from recent well-publicised attacks such as NotPetya, the sector should be wary of complacency given the inherent risk of cyber-attacks that it faces.
"The figures also underline the importance of organisations obtaining third party assurance of their partners' cyber controls. Moreover, the continued high proportion of successful phishing attacks highlights the need to continue to drive cyber risk awareness among staff.
"Interestingly, a high proportion of cyber events were linked to change management, highlighting the risk of changes to IT environments not being managed effectively, leading to consequent loss. The requirements for Privacy Impact Assessments as a formal requirement of GDPR/DPA2018 should hopefully drive a greater level of governance in this area.
"Overall, there remain serious vulnerabilities across some financial services businesses when it comes to the effectiveness of their cyber controls. More needs to be done to embed a cyber resilient culture and ensure effective incident reporting processes are in place."
Fig1: The number of cyber incidents reported to the FCA by regulated firms in 2018 broken down by the sector the incident impacted (source FCA):
| Impacted sector | 2018 | % of incidents |
| Retail banking | 486 | 59% |
| Wholesale financial markets | 115 | 14% |
| Retail investments | 53 | 6% |
| Retail lending | 52 | 6% |
| General insurance and protection | 49 | 6% |
| Pensions and retirement income | 35 | 4% |
| Investment management | 29 | 4% |
| Total | 819 | 100% |
Fig2: The root causes of cyber incidents reported to the FCA (source FCA):
| Root cause | 2018 (Jan-Dec) | % of incidents |
| 3rd party failure | 174 | 21% |
| Hardware/software | 157 | 19% |
| Change management | 146 | 18% |
| Cyber attack | 93 | 11% |
| TBC | 93 | 11% |
| Human error | 47 | 6% |
| Process/control failure | 45 | 5% |
| Capacity management | 25 | 3% |
| External factors | 17 | 2% |
| Theft | 11 | 1% |
| Root cause not found | 11 | 1% |
| Total | 819 | 100% |
Fig3: The breakdown of incidents in 2018 categorised as 'Cyber attacks' (source FCA):
| Cyber attack root cause breakdown | 2018 (Jan-Dec) | % of incidents |
| Cyber - Phishing/Credential compromise | 48 | 52% |
| Cyber - Ransomware | 19 | 20% |
| Cyber - Malicious code | 16 | 17% |
| Cyber - DDOS | 10 | 11% |
| Total | 93 | 100% |
They deem it to be a “high risk” product and have recommended limiting P2P lending to 'sophisticated investors’ only. Below, Finance Monthly hears from Frazer Fearnhead, CEO at The House Crowd, on why we shouldn’t’ be restricting P2P lending.
This is likely off the back of the recent collapse of mini bonds provider London Capital & Finance, which persuaded customers to invest in bonds (with a ‘fixed’ 8% interest rate) that weren’t ISA eligible. Sadly, some 14,000 people have lost most of the £214 million they had collectively invested. This has, understandably, increased regulatory scrutiny of similar products marketed to retail investors.
Nonetheless, the FCA is lumping all P2P lending companies in with London Capital & Finance, which is patently unfair. The company marketed a product as an ISA, but wasn’t one at all – it was a mini bonds investment – so we’re not even talking about comparable products here. Plus, it obviously wasn’t acting in a regulated fashion and, as a result, it’s a knee-jerk reaction to lump the whole P2P industry together with it.
Democratising investment options
Peer to peer lending, including products such as IFISAs, allow everyday people to access the sorts of returns that only high-net-worth and experienced investors historically had access to. Restricting this offering (or warning people away from it unnecessarily) would deal a big blow to the P2P lending industry and defeat its key objectives – for borrowers, to democratise access to finance and for investors, support the ability to lend in return for a better rate of interest.
Why should investments with higher interest rates be reserved only for experienced investors or those who already have significant capital? It’s precisely the savers who are working to build up a nest egg for their futures who should have such opportunities, especially since lending is much easier to understand than more complex investments. If they’re only left with options like cash ISAs (which won’t necessary beat rising inflation), they won’t be able to do it.
Why should investments with higher interest rates be reserved only for experienced investors or those who already have significant capital?
The FCA said that “anyone considering investing in an IFISA should carefully consider where their money is being invested before purchasing an IFISA.” Of course, this is still true – all investments should be carefully considered before they’re undertaken. But that doesn’t mean that we should completely rule out one of the most accessible investments available on the market today.
P2P is a diverse landscape
Another issue is that, at the moment, it seems the FCA can’t (or won’t) distinguish between different types of P2P loans with different levels of security. It’s true that many providers offer unsecured loans, but there are others that do offer more security. Lending can be secured against an asset which helps to mitigate the risk of the borrower defaulting, as a legal charge over the asset can force its sale and regain investor capital. Other lenders also operate a ‘provision fund’ as an additional security measure.
The FCA has previously warned of introducing ‘appropriateness tests’ in order to restrict who P2P lenders can market their products to, but the problem with this lies in conflating products that are in fact very different from each other. Not all P2P lending products are the same – levels of security do vary by provider, but if the right due diligence is conducted and processes are put in place to mitigate risk, they can offer consistency and reliability. Similarly, we should not look to compare, for example, a stocks and shares ISA with an IFISA. They are fundamentally different – and, arguably, the IFISA can be a safer option.
Ultimately, there are risks involved in all investments, but the answer isn’t in scaremongering. Appropriate education and transparency is what we need to get people investing their money wisely in a variety of options, and we would like to see the FCA do more to support this.
Here Syedur Rahman of business crime solicitors Rahman Ravelli questions the effectiveness of big fines and the likelihood of criminal prosecutions in the future.
Standard Chartered has hit the headlines for the size of the fines imposed on it on both sides of the Atlantic.
But behind all the big numbers and the column inches it is hard not to wonder if such a costly slap on the wrists is now being viewed by the big banks as nothing more than the cost of doing big business.
Standard Chartered has been ordered to pay a total of $1.1 billion by US and UK authorities to settle allegations of poor money laundering controls and sanctions breaching. It is paying $947M to American agencies over allegations that it violated sanctions against six countries and has been fined £102M by the UK’s Financial Conduct Authority (FCA) for anti-money-laundering breaches; including shortcomings in its counter-terrorism finance controls in the Middle East.
These fines had been expected. Standard Chartered said two months before the fines were imposed that it had put $900M aside to cover them. But this isn’t the first time that Standard and Chartered has had to pay out for its wrongdoing.
Seven years ago, it paid a $667M fine in the US. Like its latest US penalty, it related to alleged sanctions breaches. At the time, it also entered into a deferred prosecution agreement (DPA) with the US Department of Justice and the New York county district attorney’s office over Iranian sanctions breaches beyond 2007. That DPA would have expired by now but has been extended until April 2021 in the wake of the latest allegations.
Will this be the end of Standard Chartered’s problems and the start of a new allegation-free era? It is hard to believe so. But it is fair to point out that it is not the only bank to be hit by huge fines for wrongdoing and then be found to be repeating its illegal behaviour. Which is why it is hard to believe that fines are having any real impact on the way that some of the biggest banks function. If they are prepared to keep paying the fines and / or giving assurances about keeping to the terms of a DPA while reaping the benefits of breaking the law it is hard to see the cycle of behaviour changing.
Let’s be clear, any failure by Standard Chartered to abide by the terms of its DPA could see it facing criminal prosecution. And any bank’s weak approach to money laundering is now increasingly likely to be pounced on by the authorities. The Standard Chartered investigation was a co-ordinated multi-jurisdictional effort by the FCA, the US agencies and the United Arab Emirates. And while Standard Chartered’s full cooperation with the FCA saw it receive a 30% discount on its fine, relying on cooperation to gain a lesser punishment cannot be viewed as a safe approach.
The authorities around the world that investigate the activities of banks and other financial institutions are now more coordinated than ever. They have more legal powers than ever before and are unlikely to be reluctant to use them against those in the financial marketplace that come to be seen as repeat offenders.
There is no clear indication or evidence that the era of big fines may be about to pass or that the authorities are set to view convictions as a more effective deterrent to financial crime than hefty financial penalties. There may also be difficulties when it comes to corporate liability which, in the UK, requires proof that those involved in the wrongdoing are sufficiently senior to be considered the ‘controlling mind and will’ of the company.
But if fines continue to be ineffective in curbing the behaviour of certain banks it can surely only be a matter of time before the authorities rethink their approach to enforcement.
Little did we know that when SM&CR was just a glimmer of an idea at HM Treasury, it would have such an impact on the industry and, in doing so, it would change Worksmart so substantially. Borne out of the ‘Changing Banking for Good’ review led by MP Andrew Tyrie back in 2013, the idea of greater Individual Accountability and Conduct Standards for all landed in the form of the SM&CR in March 2016 for banks, building societies, credit unions and the largest designated investment firms.
Led by the PRA and the FCA, the regulation has had and continues to have, a major impact on these firms in a way foreseen by only a few a number of years ago. I recall my conversations with banks during this time when many firms saw the incoming regulation as a relatively minor additional piece of reporting required by the regulators; how wrong they were.
Unlike most people, the Worksmart team had a rather different take on the incoming regulation. With the overlay of additional corporate governance requirements that SM&CR brings alongside the requirements to manage, maintain and update a Management Responsibilities Map (MRM) and associated Statements of Responsibilities (SORs), the technologists amongst us knew what’s coming. The in-house view was that the new regime needed to be supported and underpinned by technology that not only helped firms meet their regulatory responsibilities but also offered genuine business process improvement capability. As a result, we invested heavily in every area of our business, from re-platforming our SM&CR solution and moving to a SaaS model, to growing our regulatory consulting capability. We also worked hard to deepen our relationships with the trade bodies that support the affected sectors of the market place.
Borne out of the ‘Changing Banking for Good’ review led by MP Andrew Tyrie back in 2013, the idea of greater Individual Accountability and Conduct Standards for all landed in the form of the SM&CR in March 2016 for banks, building societies, credit unions and the largest designated investment firms.
In what seems like the blink of an eye, we became the SM&CR supplier of choice for the then British Banking Association (now UK Finance). In turn, this led us to become the ‘leading supplier of SM&CR solutions’ in the UK. And from there it was a very short, but very proud, step to winning a clutch of ACQ5 Global awards in 2018 for our work in the industry.
All very nice you might say, but how does that help me? Using our experience gained over the last four years, this article highlights the top five challenges you can expect to face as you implement and then manage the regime in BAU. With more SM&CR implementations within the affected markets under our belt than we can now even remember, we’re confident that we’ve encountered most of the challenges the new regime presents.
Challenge 1: Sorting out the Senior Manager Regime (SMR) won’t be as easy as you initially think.
The regulation requires firms to identify which Senior Manager Functions (SMFs) and Prescribed Responsibilities apply to their firm. To help, the regulators provide a list of the SMFs for each type of firm under the new regulation, i.e. Enhanced, Core or Limited, and Prescribed Responsibilities for Enhanced and Core firms.
Sounds straightforward and, indeed, for the most part, it is. However, beyond the standard Control Functions such as SMF1 (CEO) and SMF3 (Executive Director) and the Required Functions – SMF16 (Compliance Oversight) and SMF17 (MLRO), Enhanced firms need to decide whether other SMFs apply to them, e.g. SMF18 (Overall Responsibility) and if so, how many individuals are affected. Easy? Maybe, but maybe not. Add into the mix firms that have been regulated for many years, with individuals involved in areas of the business for which they may not be approved (but in a function that requires approval), and things start to get a bit more complicated.
However, the task that was consistently underestimated through the banking implementations involved senior executives scrutinising the detail of their proposed SMFs and responsibilities and reviewing, even renegotiating, their personal Terms & Conditions in return for this (perceived) greater accountability. As a Programme Manager in a major building society said to us: “We’ve only just got sign off on what we proposed to the exec team a year ago”; so be warned!
When agreed internally, firms need to inform the regulator which executives are transitioning to the SMF equivalent of their existing Control Functions (CFs) and seek approval for executives that wish to take up roles that aren’t directly mapped. Additionally, Enhanced firms need to submit a Responsibilities Map that shows how the firm’s governance arrangements fit into place. Where the regulated firm is part of a group and services are shared across the group, then they must explain how this arrangement operates in practice. Add into this a Statement of Responsibility for every individual holding an SMF Function, regardless of whether they grandfather across or have to submit a new application, and it becomes clear that setting up and agreeing on the component parts of the Senior Managers Regime in your firm is not a small task.
The FCA has learnt lessons from the first tranche of firms’ subject to the new regime and has helped by providing feedback both on Responsibilities Maps and Statements of Responsibility, but even with this type of assistance, nothing ever is straightforward, so expect to plan for the unexpected.
The learning from the banking sector is clear - planning and gaining approval for your proposed Senior Manager Regime arrangements takes time. The challenges across the wider financial service sector may vary a little, but the lesson learned by the banks remains true; namely start early and expect things to take longer than planned.
"As part of the senior
managers regime, it was essential
that we had a robust system to
evidence how we have met the
regulatory requirements. Worksmart
has been core to ensuring that we
have met the requirements
of the rules”.
Lisa Nowell, Chief Risk Officer, Masthaven Bank
Challenge 2 – Sorting Out the Certification and Conduct Rules Regimes will also take longer than you plan for.
If the message is about getting started early with your Senior Manager community, then it is equally true for the newly introduced Certification Regime. Many firms in the banking sector simply underestimated the amount of time it would take to define and gain agreement on what roles were caught by Certification. When we ask customers how many members of staff are in their Certification Regime, we often got answers like “anything between 10 and 150” or “we’re still deciding”. Depending on the interpretation of the rules, both responses can be equally valid when an organisation comes to the regime for the first time, however, the discussion on the interpretation of the definition of certified roles will eat into your project timeline. And of course, expect a second-time delay to then occur when allocating which Certification Functions applies to each role. Whilst the guidance is clearer for the wider financial services market, deciding what roles are caught by Certification and what roles fall into Conduct Rules should not be underestimated.
Once decided, planning the design and delivery of training activities for certification staff will again take time. Not only will there be the need to design, organise and deliver the training both on the new regime and the impact of the newly introduced conduct rules, in order to assist each role holder in clearly understanding the conduct rules in the context of their role, training must be as roles specific as possible. Experience over multiple implementations has taught us that training is often an afterthought on the project plan. If this is the case, then your training will probably be delivered late, leaving you exposed to the risk that staff are not fully aware of their responsibilities under the new regulations.
Finally, because the regulator expects competent, not just compliant behaviour from those subject to the Certification Regime, there will also be a debate about what evidence you will need to gather in order to demonstrate competence. If your firm has a fully functioning performance appraisal process, then this may well be a huge step in the right direction. However, if your firm does not have a robust performance appraisal process in place, I suggest the new regulation will be the tipping point to implementing one.
Like SMR, the learning is clear that implementing and embedding Certification and Conduct Rules into a firm will take time, focus and resource to do properly. So be prepared.
Challenge 3 – SM&CR will require a ‘root and branch’ review of some supporting processes.
In the early days of your SM&CR project, the main focus will be on defining communities, assigning functions, etc. However, when the implementation team takes the planning to the next level, questions will almost certainly be asked about the efficacy of the firm’s underlying processes, particularly in the area of HR. These questions come from two areas; the need to have robust processes for recruiting staff into Senior Manager and Certification roles and the need to demonstrate that individuals in those regimes are competent to undertake their role on an ongoing basis. From experience with the banking sector, the processes that are most likely to be challenged are:
- References: The new rules require firms to gain positive work references for the last six years before an individual can be appointed into an SMF or Certification Role. Experience from the banking sector showed the process of requesting, and being able to provide, references was patchy. However, the new rules are clear, satisfactory references for the last six years are mandatory. Therefore, a firm’s processes need to be stringent on seeking and being able to provide regulatory references for all external hires. Expect that effort will need to be put into tightening up your referencing process.
- Job descriptions (JDs): Although the best practice is for job descriptions to be regularly updated, change is such a constant in organisations that JDs are often out of date. Added to that, SM&CR will force attention on accountability, competence etc., and the need to make explicit any new accountabilities taken on as a result of SM&CR. Combined, this means that it is very likely that there will need to be a significant overhaul of JDs across large parts of your firm. Time should be assigned to create and gain agreement to these updated JDs.
- Employment contracts: Our experience in the banking sector was that as soon as JDs were updated, many individuals started discussions, which sometimes led to a negotiation, about employment contracts. Increased pay to reflect the increased accountability was the most common discussion point, particularly for those holding SMF Functions. However, similar discussions were also had in key roles in the Certification Regime.
- Fit & Proper (F&P) checks: Like JDs, the approach to F&P checks varied widely between banks. However, the incoming SM&CR regulation is clear, firms must satisfy themselves that every individual in SMR and Certification is fit and proper to undertake their role each year. Some organisations assumed that F&P checks were all about financial soundness when in practice F&P covers three key areas, Financial Soundness, Competence & Capability and Integrity. This means that any F&P check introduced as part of your Certification Regime must be multi-faceted and not just focused on the financials. Firms in the wider financial services sector need their fit and proper checks to be robust. There is lots of guidance out there in the market place now the regime has been in operation for some time. However, we would advise firms to consider the wider market advice on this topic before they decide on what the fit and proper component of their response to SM&CR might look like.
Also a small, but often overlooked point is ensuring that the sensitive data underpinning F&P checks needs to be held securely, with a balance struck between tight control over access and visibility for those needing oversight.
- Competence: As discussed above, because the regulator’s expectations are for competent, not just compliant staff and senior managers, it is up for firms to be able to evidence this. Expect robust discussions about competence and, in the first instance, whether your performance appraisal process is ‘up to the job’. If so, that’s great; if not, however, something needs to be implemented that evidences employee competence on an ongoing basis.
Ensuring robust SM&CR records will ask searching questions of your supporting processes. Anticipate the need to review, and probably, strengthen your processes. If not, the quality of your records, and so decisions, may well be at risk.
Challenge 4 – SM&CR will start to fundamentally change how you operate.
Being compliant with the new rules is not just about providing accurate and up-to-date records, ultimately SMC&R is about a cultural change within financial services. The FCA, our conduct regulator, has been clear on their views and expectations on this. For firms that think they will just implement SM&CR as per the rule book then walk away, they are very much mistaken. It’s no understatement when I say that SM&CR is fundamentally the greatest change in regulation that I’m likely to see in the remainder of my working life.
When talking with senior executives in the banking sector, it’s clear that there is a far greater focus on corporate governance and personal conduct. Whilst many firms are not formally required to adhere to the Corporate Governance Code, SM&CR challenges firms to ask themselves questions such as: Are we effectively governed?; Do our committees and processes deliver the business results we want?; Are our committees effective or are they just ‘talking shops’? This focus on corporate governance is significant and certainly has increased since 2016. Alongside this, there is far more interest in the personal conduct of individuals at all levels in firms by senior executives. One could be cynical and say this new level of interest is the direct result of certain senior managers being personally accountable for the conduct of individuals in the Senior Manager Regime and Certification Regimes. Whilst there may be some truth in that cynical view, the reality remains that personal conduct is, and will remain, under scrutiny like never before.
It is true that culture in a firm is multi-dimensional and often elusive to define and so monitor. However, it is clear the changes brought about by SM&CR in the banking sector go beyond minor upgrades to internal processes and record keeping.
Whilst, in the early days of implementing SM&CR, the focus will inevitably be on defining communities, modifying processes and tightening up record keeping, in the medium to long term SMC&R will force attention to switch to individual conduct and culture change.
Being compliant with the new rules is not just about providing accurate and up-to-date records, ultimately SMC&R is about a cultural change within financial services.
Challenge 5 – Keeping SM&CR records will not be as straightforward as you expect.
The final challenge you can expect is that of record keeping. I expect the immediate reaction of your firm, like many banks, is to use existing systems to store your SM&CR records. However, doing this poses significant challenges, even if they don’t surface immediately.
Banks typically initially held SM&CR records in a variety of places, e.g. F&P records in the HR system, records of committee structures and meeting minutes in a governance system, appraisal records in another system, a record of the Management Responsibilities Map (MRM) on Excel etc. However, keeping records in this way created major challenges for central teams with the responsibility for oversight. The regulator expects ‘point in time’ reporting, i.e. for a firm to explain in detail which exec was accountable for what on any given date once the regime has commenced. So, fast forward a year or even a few months, and managing SM&CR via an Excel spreadsheet will unravel as board members leave, new ones join and others switch role (and so SMFs and responsibilities). As one Operations Director put it: “If you ask me what our MRM was in late September or early November I can tell you, but we completely lost track of what happened in October”.
SM&CR requires firms to model, map and record their governance arrangements, and ‘date stamp’ every change. Add to this the requirement to ensure continued compliance with SM&CR by maintaining records and completing tasks to time and to standard, there is no simple way or shortcut to comply. That is why the team at Worksmart decided to re-platform and upgrade the SM&CR offering taking into account the lessons learnt in banking.
Financial services firms need to think hard about their existing systems and whether they are up to the demands of SM&CR before they go live. And if an existing supplier tells you that their HR/E-Learning/Appraisal system can manage the complex and newly introduced SM&CR requirements, that’s great – but exceedingly unlikely. Your response should be “show me – in real time” or even “let me play with the system for half a day to see how intuitive and capable it really is.” If the solution provider is unable or unwilling to do it, then you should take this as a sign that maybe it’s not all it’s cracked up to be.
In the desire to get SM&CR implemented, record keeping is seldom ‘front of mind’ for the project team. However, the message is clear, if the quality of record keeping isn’t anticipated and confronted, major problems will bubble up after ‘go live’, and the longer sub-standard systems are relied on post live, the bigger the problem will become.
Since 2015, the Worksmart team have been involved in multiple SM&CR implementations in the banking and insurance sectors. Whilst not claiming to be the definitive list, these five challenges were by far the most common we experienced. Our hope is that by being aware of these challenges, your implementation project team will ‘land’ SM&CR without hitting the potholes encountered by many in the banking sector.
My job, with the help of all the Worksmart team, is to continue to support firms implement both the letter and the spirit of the regulation as speedily and painlessly as possible. It’s going to be a very busy year!
Website: https://www.worksmart.co.uk/
Many thought it was too good to be true, but was it? Below Karen Wheeler, Vice President and Country Manager UK at Affinion, gives Finance Monthly the rundown.
YouGov research highlights that 72% of UK adults haven’t heard of Open Banking and according to PwC, only 18% of consumers are currently aware of what it means for them. However, that doesn’t mean the changes aren’t filtering through.
The story so far
The Open Banking Implementation Entity (OBIE) reports there are now 100 regulated providers, of which 17 Third Party Providers (TPPs) are now using Open Banking in the UK. Open Banking technology was used 17.5 million times in November 2018, up from 13.9 million in October and 6.5million in September, with Application Programming Interface (API) calls now having a success rate of 97.7%.
One of the earliest examples was Yolt, by ING Bank. It showcases a customer’s accounts in one place so they can see their spending clearly and budget more effectively. Similarly, Chip aims to help people save more intentionally. Customers give read-only access to their current account and then sophisticated algorithms calculate how much a customer can afford to save, and puts it away automatically into an account with Barclays every few days.
High Street banks have certainly taken inspiration from fintechs. For example, HSBC released an app last year enabling customers to see their current account as well as online savings, mortgages, loans and cards held with any other bank. The app also groups customers’ total spending across 30 categories including grocery shopping and utilities, making it a really helpful budgeting tool.
Perhaps, most advanced of all, Starling Bank allows customers access to its “Marketplace” where they can choose from a range of products and services that can be integrated with their account. The offering currently includes digital mortgage broker Habito, digital pension provider PensionBee, travel insurer Kasko, as well as external integrations such as Moneybox, Yoyo Wallet, Yolt, EMMA and MoneyHub.
Open Banking and GDPR
One key question is whether Open Banking puts the needs of financial services companies over those of the consumer. There is a general cynicism regarding the real reasons for encouraging Open Banking and this is exacerbated when most customers aren’t seeing the benefits.
Also, there is confusion caused by the apparent conflict of interest between Open Banking and GDPR.
In this day and age, do consumers really want more organisations to have access to their data? Can they trust the banks? According to PwC, 48% of retail banking customers cite security as their biggest concern with Open Banking and this is a significant barrier to overcome.
The way forward
It’s hard to overcome cynicism and doubt. Perhaps, once customers begin to enjoy the positives, they will be less sceptical about Open Banking, leading to more opportunities to build longer term customer engagement. For example, if products help them avoid going into debt or nudge them when new mortgage rates are on offer, they will see that banks are using the technology to support wise financial management rather than just serve their own marketing purposes.
It’s also hard to change entrenched consumer habits. To encourage consumers to get in the habit of comparing and switching, financial organisations must create truly compelling propositions. They need to focus on delivering intuitive, useful digital products which make a real difference to customers’ daily lives.
They also need to demonstrate how seriously they take their role in the fight against cybercrime while educating the consumer about how Open Banking works and how to protect their data. For example, many may not realise that one of the key tenets of Open Banking is security. Open Banking uses rigorously tested software and security systems and is stringently regulated by the FCA.
Placing the customer at the centre of their finances and giving them complete control directly increases competition and brings a myriad of everyday benefits to the customer. There is huge opportunity for traditional banks, fintechs and disruptors to use Open Banking to pioneer new products that build longer term customer engagement. However, the current priority is communicating the huge advantages and opportunities that Open Banking brings while reiterating that their data will remain secure.
Martin Kisby, Head of Compliance at Equiniti Credit Services, explores the motivations behind the evolution of compliance functions in consumer credit firms.
Risk and compliance departments, once held in low esteem by other business units, have evolved into a crucial function for protecting profitability. This is still a controversial statement in the consumer credit industry, but it’s easily justifiable. To do so, let’s take a look back.
It’s 2008. The consumer credit market is regulated by the Office of Fair Trading (OFT). Firms have a set of guidelines they are required to adhere to, but in reality can interpret or even circumvent them entirely. Business objectives are often, if not always, placed ahead of consumer needs.
So what was the role of the compliance function back then? Well, it provided some assurance to the OFT that firms were not ignoring its guidelines in their pursuit of profits.
This often led to compliance functions being derided as the ‘Business Prevention Unit’ or ‘Profit Police’ and being allocated minimal resource.
Fast forward to 2014: the financial crash has altered the consumer credit landscape dramatically. Trends in mis-selling, together with poor consumer outcomes, have highlighted the need for fundamental change. The creation of the Financial Conduct Authority (FCA), by merging the OFT and Financial Services Association (FSA), is intended to add more stability and oversight to the sector, ensuring better service delivery for consumers.
Big changes ensued.
The FCA developed a more robust and detailed handbook, which not only provided guidance on how firms across the sector should be operating, but also changed what was previously ‘advice’ into hard and fast rules.
Firms were given only interim permissions and needed to complete an approval process to gain full FCA authorisation. This required firms to demonstrate strict adherence to the new and updated rules and guidelines.
From this point onwards, the role of compliance was transformed. Firms began to allocate significant resource to this function to ensure they could provide continued assurance to the FCA that its rules and guidelines were being followed. It became imperative to demonstrate that mis-selling, unreasonable collections practices, affordability issues and poor customer service were being eliminated.
The compliance department evolved from the ‘Profit Police’ into a pivotal function in every FCA regulated firm.
Risk management also became more prevalent under the new regulatory body, as the System and Controls section of the FCA’s handbook requires firms to assess and manage their risks, and have a Chief Risk Officer as one of their Approved Persons – individuals the FCA has approved to undertake one or more controlled functions.
These complimentary objectives meant that compliance and risk departments were consolidated. Compliance plans were established to monitor specific elements of the FCA handbook and verify adherence to them. Any identified control inadequacies could be migrated onto a firm’s risk register for monitoring and remediation.
Back to the present. Four years on from the introduction of the FCA, firms have, overall, implemented the necessary oversight to demonstrate that they are meeting their regulatory requirements and treating customers fairly.
But let’s be honest – there are selfish motivations too. A strong compliance department, empowered to change processes as best practice dictates, reduces the risk of both regulatory fines and exposure to defaults. This increases revenue and protects profit margins.
In a sector competing on cost at a scale never seen before, and where consumer brand loyalty is decreasing by the day, protecting a firm’s margins is crucial.
As compliance has increased in importance, technology has kept pace and evolved to reduce the time and cost burden regulation could otherwise have imposed. Now, best-of-breed credit management solutions seamlessly integrate compliance monitoring and reporting into their sourcing, approval and collections processes.
Happily, this combination of motivations and technological developments has created a win-win for lenders and borrowers alike: an established and proactive risk and compliance function that not only protects consumers but also contributes to the strategic objectives of the lender’s business.
Consumer trust in banks has plummeted in recent years. The 2008 financial crisis, as well as recent examples of bad practice such as TSB’s IT meltdown which compromised millions of accounts, has led to many consumers questioning whether their bank really has their best interests at heart. Indeed, RBS chief Ross McEwan recently predicted that it could take up to a decade to rebuild lost customer trust following decades of poor treatment.
In fact, as many as one in five customers (20%) no longer trust banks to provide them with a loan – ostensibly one of a bank’s primary functions.
Despite this mistrust, consumer appetite for credit remains high. We’re therefore seeing a rise in alternative lenders offering customers the flexibility and transparency customers desire - and which many traditional banks have conspicuously neglected – which could spell the end of the traditional banks’ role as leaders in the lending sector.
But how has the lending process evolved and what does this mean for traditional banks?
The rise of new consumer lending models
While consumers are willing to borrow outside of traditional banks in the wake of these institutions having cut back on unsecured lending, they will no longer trust a provider which does not operate transparently or ethically – as evidenced by the collapse of Wonga. This, combined with recent regulatory action from the FCA, has heralded a wave of change within the financial lending sector.
Following the lead of disruptive, digitally-focused providers such as Uber and AirBnB in other sectors, a number of fintech disruptors - such as Atom and Monzo - have materialised. These brands have analysed the day-to-day banking issues customers face – such as a lack of transparency and poor user experience (UX) - and designed their services from the ground up to mitigate these issues.
From taxi apps that invite you to register a payment mechanism, to autonomous vehicles that pay for their own parking or motorway tolls, “banking” without the need for a bank will gradually become a more everyday experience. In this vein, so too will consumer lending change through organisations that offer finance at the point of sale itself – both online and in-store - moving from traditional pre-purchase credit to a far more seamless service.
Flexible point-of-sale lending is changing the nature of financial transactions across a range of sectors, including how to fund a holiday, buy a house, and even pay for medical treatments at a rate which suits the customer. The potential of this lending method is huge, with more than three quarters (78%) of consumers saying they would consider using point-of-sale credit in the future.
What does this mean for traditional banks?
People seldom wake up in the morning thinking “I must do banking”. Banks don’t tend to inspire the levels of consumer loyalty seen in other sectors, and they must therefore work far harder to retain customers. Given this, the ongoing reticence of banks, to both lend and offer customers what they want, has created a gap in the finance market, which could be the death knell for traditional banks if left unchecked.
As frictionless point-of-sale lending businesses and customer-centric fintech brands continue to thrive, several key banking functions – such as money management and consumer lending - may be replaced entirely by newer, more agile providers. For example, could the fact that providers are now offering finance in the property sector put an end to the traditional mortgage?
If this growth of smaller, more agile disruptors continues, banks are highly likely to see reduced customer numbers. It was recently predicted that banks could lose almost half (45%) of their customers to alternative finance providers, and if banks do not adapt their offering there is a real danger they may be driven out of the market altogether.
Simply put, if banks do not place a greater focus on what customers want – flexibility and transparency – their status as the stalwarts of the lending market may soon be a thing of the past.
Almost a year in, is MiFID 2 fit for purpose, and what needs to be done to make sure that financial services companies start to comply? Below Matt Smith, CEO of SteelEye, explains.
Failure to comply implied threats of reputational damage and harsh fines from the FCA and so, come implementation day on January 3, those firms which hadn’t digested MiFID II’s 1.4 million paragraphs of rules in time were left living in fear of a crackdown from regulators.
Eleven months in, that crackdown has yet to materialise. And while a number of firms have undertaken the effort and expense to implement MiFID II’s myriad rules in full and have hopefully reaped the benefits of doing so, an equally substantial number haven’t – and regulators appear to be turning a blind eye.
This ‘softly, softly’ approach by the FCA has been picked up by commentators. Gina Miller, head of wealth manager SCM Direct, recently called for the Treasury to investigate the FCA for its failure to enforce MiFID II. This was in response to an April investigation which uncovered fifty firms in breach of MiFID II’s transparency rules. Despite receiving this dossier, the FCA wrote only to eight of the firms.
Given the breadth and complexity of MiFID II, most in the industry weren’t surprised that the FCA didn’t react strictly to non-compliance immediately after January 3. Equally as important as complying with MiFID II was that the markets affected by it continued to function effectively – which necessitated giving some time for the new rules to settle down.
But the lacklustre approach of the FCA is less understandable now we are approaching the anniversary of MiFID II’s implementation day. At the very least, it is unfair to those firms which took the time, trouble and expense to comply with MiFID II right from its implementation date – particularly smaller companies lacking substantial in house resources in technology and compliance.
The FCA’s unwillingness to enforce MiFID II is, unsurprisingly, having an effect on the number of firms making an ongoing effort to comply. As evidence, ESMA recently published its data completeness indicators, which showed a significant shortfall in companies’ compliance with ESMA’s data filing requirements – often submitting unsatisfactory data that is incomplete or late.
Ongoing ambiguity with MiFID II’s rules may be in part to blame. In the build up to MiFID II, many firms didn’t seem to fully understand what was actually required of them. This knowledge deficit was worsened by a lack of clear guidance from the FCA, which has continued.
Across the industry, the FCA has been criticised for this ambiguity, arguing that it makes it near-impossible to comply with the regulation. Even within firms, individuals have come to different interpretations of the rules and, throughout the industry, there is little coherence when it comes to compliance and what needs to be done by when.
The FCA has claimed that its soft approach to enforcing compliance is soon to end, meaning firms could soon have to embrace MiFID II or risk being left behind. But with ambiguity remaining and a number of hurdles ahead, many in the industry are beginning to wonder if the FCA even knows what exactly it is going to be enforcing.
The shadow of Brexit looms large and the future of London as a financial hub is still unclear, as is definitive information on what regulatory regime will apply: a paper backed by ex-Brexit Secretary David Davis suggests numerous reforms to MiFID II. Moreover, the form and scope of MiFID II could soon be set to change considerably, with MEP Kay Swinburne already hinting at the possibility of a MiFID III.
This leaves both the FCA and financial services firms flying blind when it comes to both compliance and enforcement. This climate of uncertainty puts on hold the achievement of MiFID II’s goals of increasing transparency, investor protection and market competition.
If these goals are to be realised, a more responsible stewardship of its own rules – and uniform implementation of them – must be enforced by the FCA. If the FCA delivers on what it promised with MiFID II, out of enforcement a more transparent, competitive and efficient industry should emerge.
Following recent incidents such as TSB's systems failure and Visa's service outage, operational resilience is increasingly vital. Bank of England and FCA recently published a report stressing the importance of business continuity during a disaster. Below Finance Monthly hears from Peter Groucutt, Managing Director at Databarracks, who discusses what businesses need/can to do to strengthen their operational resilience during a disaster to absorb any shock a business may experience.
In July 2018, the Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) published a joint discussion paper aimed at engaging with the financial services industry to improve the operational resilience of firms and financial market infrastructures (FMIs).
At the time it was issued, banks and FMI’s were capturing media attention, following several high-profile incidents.
TSB’s failed IT migration has been well publicised, costing the firm £176.4m in various fees and leading to the departure of its chief executive, Paul Pester. In June 2018, shortly before the release of this paper, millions of people and businesses were unable to pay for shopping due to a sudden failure of Visa’s card payment system.
Financial services lead in business continuity
The financial services industry is a leader in business continuity and operational resilience. It has a requirement of a high level of systems-uptime and is well-regulated. The best practices it introduces are often taken and more widely adopted by other industries. Our own research supports this. Our annual Data Health Check survey provides a snapshot of the IT industry from the perspective of over 400 IT decision-makers. The findings from this year’s survey provided some revealing insights.
64% of financial institutions had a business continuity plan in place, compared to an industry average of 53%. Of the financial sector firms with a specific IT disaster recovery process within their business continuity plan, 64% had tested this in the past 12 months – compared to 47% across other industries. Finally, 81% of financial firms had tested their IT disaster recovery plans against cyber threats, versus 68% of firms in other sectors.
While these findings reinforce the strength of the industry’s operational resilience, incidents like TSB and Visa prove it is not immune to failures.
The regulators want to “commence a dialogue that achieves a step-change in the operational resilience of firms and FMIs”. The report takes a mature view to the kind of incidents firms may face and accepts that some disruptions are inevitable. It provides useful advice that can be taken and applied not only to the financial services community, but other industries too.
Leveraging advice to improve operational resilience
So, what can be learned from this report? Firstly, setting board-approved impact tolerances is an excellent suggestion. This describes the amount of disruption a firm can tolerate and helps senior management prioritise their investment decisions in preparation for incidents. This is fundamental to all good continuity planning; particularly as new technologies emerge, and customer demand for instant access to information intensifies. These tolerances are essential for defining how a business builds its operational practices.
Additionally, focusing on business services rather than systems is another important recommendation. Designing your systems and processes on the assumption there will be disruptions – but ensuring you can continue to deliver business services is key.
It’s also pleasing to see the report highlight the increased concentration of risk due to a limited number of technology providers. This is particularly prevalent in the financial sector for payment systems, but again there are parallels with other industries and technologies. Cloud computing, for example, it’s reaching a state of oligopoly, with the market dominated by a small number of key players. For customers of those cloud services, it can lead to a heavy reliance on a single company. This poses a significant supplier risk.
Next steps
Looking ahead, the BoE, PRA and FCA have set a deadline of Friday 5th October for interested parties and stakeholders to share their observations. The supervisory authorities will use these responses to inform current supervisory activity, helping to dictate future policy-making. The supervisory authorities will then share relevant information with the Financial Policy Committee (FPC), supporting its efforts to build resilience in the financial system.
Firms looking to improve their operational resilience should take advantage of this excellent resource – whether in financial services or not.
The financial crisis in 2008 has cast a long shadow. There has been growing pressure on the government to increase accountability and governance in the financial services industry through legislation and regulatory reforms. One such reform that is set to take effect later this year and eventually apply to much of the industry within a year is the extension of the Senior Managers and Certification Regime (SM&CR), which seeks to improve the accountability and responsibility of senior personnel. This week Finance Monthly hears from Alexander Edwards, a Senior Associate at Rosling King LLP, who discusses the details of the new regime and explains what action management should take moving forward.
This extension of the certification regime is being overseen by the Parliamentary Commission for Banking Standards (PCBS), which was set up to improve accountability and standards in the industry.
When the certification regime was originally being considered, the commission’s recommendations ranged from general observations on standards – it suggested that firms need to take more responsibility for employees being fit and proper to ensure better standards of conduct at all levels, to the far more specific – notably recommending a new accountability framework for senior management.
As a result of the PCBS recommendations, Parliament voted through legislation in December 2013 which resulted in the Financial Conduct Authority (FCA) applying the SM&CR to the banking sector. Parliament subsequently voted through further alterations to the legislation in May 2016, requiring the FCA to extend the regime to all firms authorised by virtue of the Financial Services and Markets Act 2000 (FSMA). Similar measures have been adopted in other sectors as a way of building trust, such as the Financial Reporting Council that now oversees the appointments of directors at the big audit firms.
It is worth looking at the certification regime in greater detail and understanding what exactly the FCA has been saying about it to fully appreciate its implications. In its 2018/2019 business plan the FCA mentioned that the new rules, concerning the extension of the SM&CR to all FSMA firms in 2018/2019, were due to be published in the summer of this year.
In the FCA’s business plan, they highlighted that they were working on finalising the rules for the extension of the certification regime to all FSMA regulated firms, with a view to reflecting the FCA’s intention to tailor the regime to “reflect the different risks, impact and complexity of firms in a clear, simple and proportionate way.” Considering that the SM&CR is due to be extended to cover c.47,000 firms, that is no easy task.
There are three primary groups who will be regulated by the SM&CR: Solo-regulated firms, insurers and banks.
Solo-regulated firms
For solo-regulated firms (regulated by the FCA only) the SM&CR will replace the Approved Persons Regime. In July 2018, the FCA released feedback and near-final rules, along with a guide on the SM&CR for FCA solo-regulated firms. The aim appears to be, as it was from the beginning, to address and limit the lack of accountability of senior management which can subsequently drive poor conduct. The result: making senior management more responsible for their actions and conduct. The guide is designed to help firms which are moving across to the certification regime.
Insurers
For insurers the SM&CR will replace the Approved Persons Regime and the PRA's Senior Insurance Managers Regime. The Treasury has confirmed that the certification regime will start to apply to insurers on the 10th December 2018.
Banks
The SM&CR already applies to UK banks, building societies, credit unions, branches of foreign banks operating in the UK and the largest investment firms regulated by the PRA and the FCA.
So as we can see the certification regime has gone from covering banks, building societies, credit unions and PRA-designated investment firms, to covering all FCA solo-regulated firms.
It is worth noting that the extension of the certification regime will affect not only firms authorised and regulated by FSMA and the FCA but also EEA and third-country branches and insurers. Although the FCA has noted that the final rules in relation to the extension of the SM&CR are subject to change, particularly following any Handbook changes which follow the UK’s exit from the European Union.
To ensure that the new regime is proportionate and flexible enough to accommodate different business models, the FCA are introducing 3 different tiers of application:
Core Regime – this will apply to the majority of FCA solo-regulated firms;
Enhanced Regime – additional rules which will apply to c. 350 FCA solo-regulated firms, applying additional rules due to the size, complexity and potential impact on consumers of the firm;
Limited Scope Regime - applies to firms with a limited application of the approved persons regime e.g. limited permission consumer credit firms.
In response to the FCA’s consultation, respondents have requested further clarification in relation to the extension of the rules. Following receipt of responses, the FCA has confirmed that they will make some minor changes to the proposed rules. For example, they will lengthen the time period from 6 to 12 months for firms to implement the Enhanced Tier, once they meet the relevant criteria.
So what are the key conclusions firms should draw and actions they should take from the consultation?
Firstly, all firms which are regulated and authorised under FSMA and the FCA should be considering and reviewing the rules and functions of their personnel at this stage, to consider how the extension of the regime will affect them.
The date for implementation is set as 9 December 2019 (and 10 December 2018 for insurance firms), so firms should be looking at their own operations and consider transitional provisions at this early stage to ensure they are adequately prepared for the change. Particularly in the run up to Brexit, firms should also be re-reviewing their systems and operations to ensure that any changes to the Handbook are implemented as appropriate.
From a practical point of view, introducing the certification regime into firms in which it does not currently apply is likely to cross the borders of many departments, from Legal to Compliance to HR, so whilst December 2019 may seem far off now, experience has shown us that this will involve a broad spectrum of individuals and departments to successfully and smoothly transition to the SM&CR.
Lawyers have claimed the recent ruling between Christopher & Joanne Doran and Paragon Personal Finance is a new precedent that could mean that banks are liable for another £18bn in payouts.
This could mean huge changes to the way firms operate in this sphere, although there are many parts of the puzzle that remain unclear, namely in regard to commission, premiums and compensation. At this point, banks are on high alert for impending changes to the PPI deadline.
This week Finance Monthly reached out to a number of experts in the legal/banking sector to hear Your Thoughts on the potential for further PPI payouts.
Elis Gomer, Commercial Barrister, St John’s Buildings:
There doesn’t appear to be any basis for the FCA’s statement that there is a fixed tipping point at which a particular level of undisclosed commission becomes unfair. According to the FCA, only those people who unwittingly paid over 50 per cent of their total premium in commission are entitled to compensation. The regulator’s argument that the only appropriate remedy in these instances is to repay the excess compensation over and above that notional 50 per cent level is inconsistent with recent court rulings, and the legal principles around mis-sold PPI.”
Mrs Doran gave evidence that she would not have taken out the policy at all had she known about the commission level. Accordingly, the judge ruled she should be awarded the full amount of the premium in damages. This judgment - whilst not binding on other courts - is likely to have far-reaching significance, showing not only that the faulty FCA guidance is not legally binding, but also that it is a castle built on sand. If claimants challenge it, they could be repaid in full – at a potential total cost of up to £18bn to the banks.
Glyn Taylor, Solicitor, Anthony Philip James & Co:
This judgement is extremely important as the Defendant, Paragon Personal Finance, tried to persuade the Court that the unfairness related to matters that took place at the time of entering into the agreement and that the court should hold that the limitation to bring a claim should start to run from when the allegations of unfairness happened.
The Defendant also invited the Court to follow the FCA calculation, and only award relief amounting to the commission paid above 50%.
The judge wasn’t persuaded by these arguments and held that you cannot make a judgement on the fairness of the relationship without looking over the full course of the relationship, and therefore limitation doesn’t start to run until the end of the relationship.
The court also held that appropriate redress that should be awarded is the full amount of the PPI policy and the interest paid.
The current rule states that customers can claim back money if more than 50% of their PPI payments went through as commission and this information was not disclosed upon taking the policy.
The average commission banks were paid was 67%, which means millions of people who were sold PPI are entitled to compensation.
This decision is welcomed and shows the Courts are prepared to reject the tipping point approach that has been expressed by the FCA and also allows individuals access to justice through the Court.
The case opens space for a renewed claims frenzy as it suggests that even if the PPI policy was not mis-sold, customers could still reclaim due to excessively high commissions that were paid out.
Tim Dimond-Brown, VP Sales and Operations at Quadient:
The news that those with mis-sold PPI policies may be able to claim billions of pounds more in compensation, following a court ruling in Manchester, will no doubt alarm banks across the UK.
It is estimated that only 1.2 million claims have been made out of 13 million potential PPI pay-outs. The large number of outstanding claims may seem overwhelming for banks, but they can successfully deal with this huge number of potential claims by ensuring they communicate using the Three P’s: Process, Proactivity and Proof. Specifically, this means placing a firm focus on internal processes, acting proactively when reaching out to customers and being able to prove compliance will make it far easier for the industry to ride out the storm. Failing to follow this process means do this means financial services companies will run the risk of facing the FCA’s wrath, while damaging valuable customer relationships.
The real winners to emerge from this saga will be the ones who realise it is a wake-up call. We live in turbulent political and economic times – every stakeholder within the Financial Services sector must be confident they are laying the groundwork for full compliance and traceability, so they will be able to ride out future storms of a similar nature.
Stuart Murdoch, Partner, Burness Paull LLP:
With the 29 August 2019 deadline for new PPI claims approaching, we have started to see and will continue to see claims management companies try to drum up new complaint angles in the lucrative PPI compensation arena.
Traditionally, PPI claims were made on the basis of mis-selling. However, a new ground for complaint was established with the Supreme Court’s judgment in Plevin v Paragon Personal Finance. The Supreme Court ruled that a failure to disclose to a client a large commission payment on a single premium PPI policy made the relationship between a lender and the borrower unfair, under section 140A of the Consumer Credit Act 1974.
The Supreme Court’s view was that anything above 50% commission was excessive and automatically unfair. The consensus was that anything which was paid above 50% should be returned to the Customer. That threshold was endorsed by the FCA and is now reflected in the FCA rules. It was quite common for a large portion of the sum which a customer paid for in PPI to in fact be paid to the intermediary as commission.
Christopher & Joanne Doran v Paragon Personal Finance follows on from the Plevin case. It seems as though the County Court judge has decided that customers should get back the whole commission value (ie. 75% in this case), as opposed to the residual percentage above the 50% threshold (i.e. 25%).
The impact of this judgment remains to be seen; however, the court’s decision has not yet been made public and it was issued by a County Court (4th tier). The FCA has already confirmed that it will not be changing its guidance. Plevin was a Supreme Court judgement (top tier), before five Supreme Court justices, and is binding on all UK courts and beyond. By comparison, the County Court has no binding authority on any court in the UK. Even if the case is appealed, it will not have the status of Plevin, which remains the leading authority in this area.
The Supreme Court’s judgement, paired with the FCA’s guidance, will continue to be the guiding lights on this issue.
We would also love to hear more of Your Thoughts on this, so feel free to comment below and tell us what you think!
The Financial Conduct Authority (FCA) cryptocurrency review will be one of the most impactful regulatory reviews in modern times and will shape the burgeoning crypto market for years to come. The UK regulator’s proactive and cautious approach must be welcomed.
This observation from Nigel Green, founder and chief executive of deVere Group, comes as the UK’s financial services and markets regulator has confirmed it will publish its review of cryptocurrencies in the third quarter this year.
Mr Green, whose firm launched deVere Crypto, a cryptocurrency exchange app earlier this year, comments: “The highly anticipated FCA cryptocurrency review is set to be one of the most impactful and far-reaching regulatory reviews in modern times for two key reasons.
“First, because of the sheer numbers of people it will directly affect. There’s been incredible growth of the cryptocurrency market in recent years. This growth can be expected to soar further and quicker over the next decade as more and more investors pile into the likes of Bitcoin, Ethereum, Ripple, Litecoin and Dash, and as adoption by businesses and organisations further increases.
“And second, because the FCA is one of the world’s most influential and respected financial regulators. As such, it can be expected to help shape and define the thinking and policies of regulators globally, the majority of which in the major economies are now also carefully looking at the crypto space.”
He continues: “In our increasingly tech-driven, digital age, cryptocurrencies are here to stay; they simply can no longer be ignored.
“Therefore, the FCA’s proactive approach towards the crypto market must be welcomed as it will help protect investors and tackle illicit activity and unscrupulous firms.
“I expect the regulator to issue warnings and this caution should also be championed as these digital assets remain highly speculative and the market relatively new.”
In its business plan for the financial year ahead, the FCA said the review was part of a taskforce with the Treasury and The Bank of England.
The watchdog noted that cryptocurrencies themselves do not fall within its regulatory remit, but "some models of use or packaging cryptocurrencies bring them within our perimeter, making the landscape complex".
The deVere CEO concludes: “The FCA cryptocurrency review will fundamentally shape this market that now, thanks to its exponential growth, needs a robust regulatory framework.
“It is right that firms operating within the crypto sector should comply with applicable FCA rules and expect to come under the regulator’s scrutiny.”
(Source: deVere Group)
