Expertise | Trust | Leadership

Data Led Enforcement – Enforcing Minimum Standards

When thinking of enforcement action by financial regulators it is the images of insider dealers being led away in handcuffs or the headlines announcing large fines for failure to store electronic communications that often spring to mind, but the FCA’s enforcement data, published last month, offers a different perspective, as it reveals the UK regulator’s pursuit of regulated firms for what might previously have been considered administrative failings or merely foot fault breaches.

Why does this matter?

The regulator reviews the data it is receiving (or indeed isn’t receiving) and leverages it as a way of enforcing minimum standards for firms, namely the Threshold Conditions of Authorisation. So, from the regulator’s perspective, such failings are not minor in nature, but rather offer a window into the firm’s fundamental ability to meet the conditions of being regulated in the UK.

And it matters to regulated firms because no-one wants to have to report regulatory enforcement action to clients, investors or indeed staff, especially when many of the enforcement actions are easily avoidable.

What can be done?

We have taken some of the common examples from the FCA’s data and suggested measures to prevent failure:

TypeEnforcement Cases
2023-24
Measures to Prevent Failure
Failure to submit a Directory Persons Notification132 (up from 13)• Diarise to make notification via Connect every 12 months. The notification confirms that data regarding Directory Persons is up to date and accurate

• Require Directory Persons to confirm, on an annual basis, that there have been no changes to their data.
Failure to submit a Firm Details Attestation996 (up from 203)• Set reminder in compliance calendar to file attestation via Connect within 60 business days of financial year end.

• Ensure data is consistent with Companies House ahead of FCA’s own reconciliation.
Failure to submit a Regulatory Return1056 (up from 232) • Set up at least 2 users to receive automatic reminders from RegData to ensure filings are made on time.

• Identify those colleagues outside of compliance that have a role in completing returns, e.g. Finance, and remind them of regulatory requirement of timely and accurate data.

• Review RegData filing schedule and confirm accuracy.
Failure to carry on regulated activity (so called Use it or Lose It)1,559 (up from 364)• Review business activity and map back to FCA permissions.

• We’ve seen several recent examples where activities have crept onto permissions, seemingly erroneously, for example, insurance business and peer to peer lending – have them removed ASAP.

• Review original FCA authorisation application to identify any activities / products that were never launched

• Submit a Variation of Permission to remove unnecessary activities / investment types – narrowing the scope of the FCA licence is typically a painless process.

In concluding, the above examples are all low hanging fruit for the regulator and are omissions that can be easily prevented, long before the FCA picks up the phone, let alone commences time intensive, costly and reputationally damaging enforcement action.

October 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

EXPERTISE | TRUST | LEADERSHIP

This site uses cookies.

We use one or two cookies to take care of security and a few non-personal cookies for analytics. If you click ‘Accept’ this will allow us to use Analytics cookies.