After a break of several years, the FCA has written (PDF 95.5 KB) to the CEOs of all wholesale (investment) banks active in the UK setting out its main supervisory priorities for the next two years. Recently wholesale banks have had to react to a number of stresses in the market ranging from a weak macro-economic environment, shocks to the commodities markets from geo-political events and a cyber-attack on a widely used financial data and services provider. The FCA's supervisory areas of focus are not a surprise given these stresses — risk management, maintaining high standards of control and operational resilience.
The letter also sets out the FCA's expectations for wholesale banks around booking models, LIBOR transition, Consumer Duty, AI, ESG, Diversity, Equity & Inclusion (DEI) and non-financial misconduct. The letter gives clear guidance to firms on what they should expect in their supervisory interactions and indicates a ramping up of those interactions. The FCA expects all CEOs to have discussed this letter with their fellow directors and/or Board and to have agreed actions and/or next steps within the next two months.
Supervisory priorities
Risk management
FCA expectations
- Firms should ensure that their stress assumptions have been updated in the light of market events last year and are fit for the current environment. Stress testing should recognise that severe stresses will often affect the entire system, and take into account that markets may be concentrated in a limited group of buyers and seller types that may react to events in a similar fashion.
- Firms should improve their management of client relationships. They should have good knowledge of clients' business profiles, and understand how counterparties could be related and their concentrations in the market.
- The FCA is keen to hear from firms if they see emerging pockets of risks which may affect the orderly functioning of markets.
FCA action
The FCA will:
- Expect senior management to evidence (i) that remediation programmes in response to events of the last 18 months have delivered better risk management and oversight across businesses and (ii) how they are comfortable that this is underpinned by a strong culture. Better firms will have undertaken remediation programmes whether or not they were directly affected.
- Look to Boards to evidence how they are ensuring that such improvements in risk management are long-lasting.
- Carry out supervisory testing on the embeddedness of improvements in risk management by looking at the production and approval process of new products and transactions.
Maintaining high standards of control
FCA expectations
- A challenging external environment should not lead to a reduction in conduct standards. For example, as a result of cuts to the control framework or when short term commercial interests are prioritised over regulatory obligations.
- Boards and senior management should provide an unambiguous tone from the top on the importance of good conduct.
- There should be clarity of responsibilities between the first and second lines of defence. For example, in ESG-related activities, the FCA has observed a lack of clarity of who is responsible for ensuring the bank is delivering against its public commitments.
FCA action
The FCA will ramp up its testing programme to look at how banks are controlling these risks, including more in-person supervisory assessments. Reviewing how firms manage conflicts of interest will be a particular area of focus. The FCA will look to test outcomes (rather than solely policies).
Operational resilience
FCA expectations
- Firms should comply with the requirements set out in policy statement on Building Operational Resilience. (PS21/3)
- Wholesale banks should understand their dependence on third party providers and take steps to mitigate the potential impact on business continuity that loss of service may have. The FCA hold firms, not the third parties on whom they might rely, responsible, and ultimately accountable, for their own operational resilience.
FCA action
- The FCA will continue to review banks' compliance with the requirements of PS21/3.
- It will engage with relevant senior management to assess how they have learned the lessons of operational resilience events, even if their firm has not been directly impacted.
Other expectations
Booking model — if a firm starts to consider changes in the way it serves clients, its location, booking model or risk management arrangements, the FCA expects to be notified promptly before any change is made.
LIBOR transition — firms should continue actively transitioning the last of the contracts that reference USD LIBOR and not rely unnecessarily on synthetic LIBOR. Client and conduct considerations should remain at the core of the transition programme.
Implementation of the Consumer Duty — the FCA will test the robustness of assessments made and actions taken to implement the Consumer Duty. It will also test the effectiveness of processes firms have to identify whether any new activity will be caught by the Consumer Duty.
ESG — firms should demonstrate that their financing activities are aligned with their own transition plans, and that product and public-facing commitments relating to ESG are delivered in practice. They should also have regard to the Transition Plan Taskforce's (TPT) developing framework for disclosure and implementation guidance. This will be an area of future discussion with firms.
AI — the FCA will engage with wholesale banks on current deployment of AI as well as plans for the future and the associated control infrastructure the firm has established.
DEI — supervisors will focus on understanding how wholesale banks are playing their role in helping to accelerate the pace of meaningful change on diversity, equity and inclusion in the sector.
Non-financial misconduct — should allegations or evidence of non-financial misconduct come to light, the FCA expects firms to take them seriously through appropriate internal procedures, and to act according to the established facts. The FCA's position is that a corporate culture that tolerates sexual harassment or other non-financial misconduct is unlikely to be one in which people feel able to speak up and challenge decisions. Such a culture also raises questions about a firm's decision making and risk management.
How KPMG can help
KPMG in the UK has been working with the largest wholesale banks to define and implement governance, risk and control frameworks. We have an in-depth understanding of the regulations, industry standards and emerging good practice. This has enabled us to support a wide array of firms by delivering advisory, assurance and change management services.
To meet regulatory expectations on conduct and culture, we have developed a range of technology applications to support digitalisation and automation of control processes. These can be adapted to a range of use cases across front office and controls functions and help drive efficiency whilst maintaining conduct outcomes.