In the UK, 2017-2018 Priorities for Financial Services Firms Published

By Bernadine Reese, Managing Director
Risk and Compliance, UK




The UK Financial Conduct Authority (FCA) has issued its annual business plan for fiscal year 2017-2018. The FCA is the conduct regulator for 56,000 financial services firms and financial markets in the UK and the prudential regulator for over 18,000 of those firms. Its annual business plan and mission statement gives firms and consumers greater clarity about how the regulator intends to prioritize its interventions in financial markets over the next 12 months.

The plan sets outs FCA’s cross-sector and individual sector priorities for the next 12 months. It identifies the following cross-sector priorities: culture and governance, financial crime and anti-money laundering (AML), promoting competition and innovation, technological change and resilience, treatment of existing customers, and consumer vulnerability and access.

The main individual sector priorities focus on the need to continue with the implementation of the Markets in Financial Instruments Directive (MiFID II); improving competition in all areas of financial services; supporting the implementation of ring-fencing in retail banking; and assessing the developing market for automated advice models (robo-advice) in the retail investment market.

A fundamental part of the plan is the risk outlook, which identifies key trends and emerging risks that help form the regulators’ priorities for the coming year. Technological change, cybercrime and resilience are noted as major risks. However, many of the largest risks detailed in the FCA’s risk outlook are external: international events, demographic changes, the course of the UK economy, and the impact of the UK’s decision to leave the European Union (EU), commonly known as Brexit.

We published a recent Flash Report, which lays out specifics and reasoning around each of this priorities. Financial firms in the UK are advised to familiarize themselves with the report so they can determine where to focus their compliance efforts and to better understand the regulator’s expectations.

Five Years of Dodd-Frank: An Internal Audit Perspective

Shaheen DilBy Shaheen Dil, Managing Director
Model Risk and Capital Management




Earlier this summer, on July 21, the financial world marked the fifth anniversary of the passage into law of the Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA). After the global financial crisis hit in 2008, politicians and regulators around the world were united in ensuring future banking crises would not require taxpayers’ money to avoid economic contagion.

The DFA was not designed to prevent the next financial crisis, which is arguably inevitable; the goal was to soften the blow. Debate continues over whether it has achieved this aim, with many critics using this fifth anniversary to highlight its perceived shortcomings. The slow progress of regulators in implementing all of the regulations required by the Act has been a common complaint, but critics are also pointing out the many unintended consequences of certain provisions. For example, Republicans have commented that banks have passed the cost of compliance on to consumers in the form of higher fees, while others in the market have argued that the so-called Volcker Rule has increased volatility in the market by reducing liquidity and pushing more investors towards the shadow banking sector.

Some of the more contentious criticisms suggest that Systemically Important Financial Institutions (SIFIs) are now essentially under government control, and that the free market has been placed in the hands of political actors. Conversely, Senators Barney Frank and Chris Dodd said during the DFA anniversary week that the concept of “too big to fail” is dead and that the markets are safer now as the possibility of making mortgage loans that cannot be repaid has been decreased dramatically.

The Act will remain a political football for some years. If nothing else, the anniversary provided an opportunity for old divisions to rise to the surface, the contentions aided by two bills currently under debate by Congress that seek to repeal certain provisions in the Act. Although the White House has stated that it will veto any attempts to roll back any provisions of the DFA, the controversy nevertheless remains.

As the political debates rumble on, firms must continue to stay focused on meeting the increased compliance burden. Although many provisions of the DFA still need to be introduced, a number of regulations have already been implemented. The requirements for stress testing and capital planning, which have been in force for the past five years, are showing signs of maturing, and banks seem to be catching up. Only two foreign banks failed stress tests in 2015, compared to five in 2014.

I had the opportunity to address some of these issues, along with several of my colleagues, during a webinar hosted by the Institute of Internal Auditors (The IIA) on July 9, entitled “How the Dodd-Frank Act Has (Not) Mitigated Risks from the Financial Crisis.” For those who missed the discussion, here are the points I believe are important to keep in mind:

  • Fewer stress test failures does not mean that banks are getting safer; rather, it demonstrates that firms are becoming more accustomed to the tests and that they have a better idea of what the regulators want. In fact, internal auditors have indicated in the latest Protiviti Internal Audit Capabilities & Needs Survey that model risk, including stress testing and capital planning, is one area where they need to improve their technical knowledge.
  • The issues flagged most frequently during the most recent round of stress tests revolve around governance (effective challenge, documentation, and inadequate or ineffective internal controls). This has overtaken data constraints as the number one concern for regulators when assessing stress tests. Specific areas of concerns were: a lack of effective channels; a lack of effective documentation of the thought processes underlying the stress tests undertaken by the bank; and inadequate effective challenge of the process.
  • Finally, there is a misconception that internal auditors need only oversee the models themselves. The role of internal audit for both the Dodd-Frank Act Stress Testing (DFAST) and the Comprehensive Capital Analysis and Review (CCAR) is wide-ranging and goes beyond simply looking at the models. Internal auditors need to ensure that they review the governance that overlays the entire structure.

Carol Beaumier, Steven Altier, Meghan Jankelow and Steven Stachowicz also presented during the IIA webinar, covering other areas of the DFA, including consumer protection and mortgage reform, risk management and culture, and investor protection. To access a recording of the webinar, click here.