The above misquote from my illustrious ancestor, Robert Burns (the actual line from his poem “To a Mouse” is “the best laid schemes o’ mice and men, gang aft agley”) came to mind in reading through the FCA’s Business Plan 2022/23 and Strategy 2022/25 both issued on 7 April.
While I’m sure my readers will be poring over the documents themselves, and at Cosegic Services will be publishing some more detailed analysis on the impact on different sectors, there are few things that stood out for me, and which I thought would be worth bringing to people’s attention.
One sentence which made me sit up and take notice is on page 14 of the Strategy document. It says:
“We will use breaches of threshold conditions to stop or restrict the activities of a broader range of problematic firms, even if they don’t pose a risk to consumers or markets.”
The FCA has defined “problem firms” as those which can’t meet their threshold conditions and the indication is that, unless a firm is able to show that it is meeting its threshold conditions when it appears on the FCA’s radar, it may find itself on a path to cancellation of authorisation or withdrawal of permissions. In fact the number of cancellations and withdrawals of permissions is one of the data points by which they will be measuring their progress on this.
The FCA is already, as many will have found out, being tougher at the gateway, as evidenced by the statistic quoted that withdrawals and refusals now account for 1 in 7 of applications submitted, rather than the previous 1 in 13.
Even once through the gateway and authorised, the implementation of the early oversight team providing enhanced supervision for the first 2 or 3 years is clearly going to mean more and tougher supervision rather than handholding, and any firm which doesn’t prove itself able to be compliant is likely to be following the cancellation route.
The Consumer Duty, coming in at the end of July, is mentioned throughout, with the FCA saying that they will be undertaking testing of compliance, so making sure that proper processes are in place will be key.
Similarly, there is a focus on operational resilience, which the FCA also say they will be testing, along with “business continuity, incident response plans, cyber security and third party management.” Making sure that the firms plans and processes in these areas are clear, evidenced and tested will be important, as the FCA may ask to see them at any time. Importantly (for payments firms), the FCA says “our authorisation process will include a consideration of how firms…have ensured they meet the expectations”, suggesting that new and in-flight applications will need to provide this.
In summary, these plans indicate a more assertive, even aggressive, approach from the regulator, with cancellation of authorisation being the potential end game for firms that can’t prove they are meeting the FCA’s expectations.
Those are their plans – it’s probably advisable firms take the time to look at theirs.
