What does the data tell us about the FCA’s Supervisory work?
There seems to have been quite a lot of press recently about FCA supervisory action, particularly the seeming increase in the use of voluntary requirements (VREQs), particularly for investment platforms. This mirrors what we’re seeing at Square 4, with an increasing number of firms approaching us for support with FCA engagement and remedial action plans following an FCA request for the firm to impose a VREQ. But is this reflective of the wider supervisory picture for the FCA?
In a recently published response to a Freedom of Information request, the FCA has highlighted that there has actually been a decrease in the number of published VREQs being issued year on year. The peak of published VREQs across all sectors came in 2022, with a total of 158 being issued, with that number decreasing to 98 in 2024 – a 38% decrease over the two years. However, the one outlier in the data is the investment management sector, which had no published VREQs in 2022, but 20 in 2024. What this data does not tell us is whether there have been any VREQs issued but not published, or where the FCA agrees to an alternative path.
The data on FCA own initiative interventions paints a similar picture, albeit with a later peak of 35 in 2023 across OIREQs (Own Initiative Requirement), OIVOPs (Own Initiative Variation of Permission), OIVAPs (Own Initiative Variation of Approval), s137S (powers to ban financial promotions) and combined interventions. That figure dropped to just 11 in 2024.
What are we seeing in the market?
So, can firms take any comfort from this? The short answer is no – whilst the number of voluntary and own initiative interventions may have dropped, in our advisory work, we’re seeing the FCA being more active in their supervision of firms since before the pandemic. They’re using data more effectively than ever to direct them to firms that appear to be outliers or present a higher risk.
In the recent PIMFA Financial Crime Conference, the FCA highlighted that they are carrying out proactive, targeted financial crime supervisory work. They have developed a list of firm risk characteristics to focus attention on, as well as making use of whistleblowing reports to support their work. They are carrying out unannounced supervisory visits to assess firms’ financial crime compliance across the full range of financial crime risks. In conversations we had with members of the supervisory team, we were told that the FCA is taking a more assertive approach to these supervisory visits and is really challenging firms and their senior management to demonstrate to the FCA how they’re compliant.
We’re seeing a similar approach from the FCA’s CASS team with proactive supervisory work involving requests for information followed by short-notice supervisory visits where they see a need. The requests for information are driven by a variety of factors – the FCA routinely follows up on audit reports to find out what action firms are taking to remediate breaches or in some cases, to find out why no breaches have been recorded. They are using CMARs to identify changes in the business as well as using wider supervisory work for insights on where CASS enquiries should be directed.
More generally, where firms are connected to overseas regulated entities or branches, the FCA is using information shared by global regulators to gain insight into UK-regulated entities. We’re also seeing the FCA actively following up on the data survey responses they receive, particularly where there’s something that flags a risk to them. In cases where the FCA can’t gain confidence in the firm’s approach to compliance, these supervisory contacts can quickly move from a routine call or visit to s166 and VREQ discussions.
When a VREQ or OIREC is imposed, the FCA expects the firm to ensure it is able to comply with the terms of the restriction by adapting its control environment and monitoring as needed. We’re seeing an increase in the number of firms that breach VREQs, particularly in the retail lending sector. This gives a very concerning message to the FCA. Ultimately, breaching a restriction will be one of the factors considered by the FCA in the context of enforcement action, as we saw in 2024 in the case of Starling Bank.
How can you survive FCA scrutiny?
What can you do to make sure you’re in the best possible position to avoid or successfully deal with supervisory action? Without wanting to make this sound overly simplistic, you should ensure that you have a strong compliance culture and that your systems and controls are fit for purpose. In practice, we all know that this takes a lot of work on a continuing basis, but there are some useful things you can think about:
- Make sure that your senior management has the right mindset and understanding of compliance risk and control. The senior management team should make sure that they understand the key risks that the firm needs to manage and how they’re managed. We can help you to ensure that the senior management team as a whole keeps abreast of regulatory change, emerging issues and themes as well as having a good understanding of the compliance risks the firm faces.
- Make sure that people in key roles have the right skills, knowledge and expertise to do the job. For instance, does your Compliance Officer, MLRO or CASS Oversight Officer have relevant qualifications and experience? Do they have the support they need from a knowledgeable team? We can help you support key individuals in your team by providing training and day-to-day challenge, support and technical guidance.
- Make sure that your second (and if relevant, your third!) line of defence is effective. First-line controls need to be challenged and overseen by an independent second-line, but this should go further than simply making sure controls are being run, it should consider the effectiveness of the controls in managing compliance risk. This can be challenging for second-line teams, which will need to have a good knowledge across all rules the firm is subject to. We can support your compliance teams by providing subject matter expertise for your internal monitoring reviews, or we can carry out monitoring on your behalf, whether on a routine basis or by carrying out occasional focused, thematic reviews.
- When you’re submitting data to the FCA, whether through surveys or routine reporting, make sure that it’s complete and accurate. We can help you review data submissions, identify areas that are likely to be probed further by the FCA and support you in preparing for further engagement.
What should you do if the FCA comes knocking?
If you do end up with contact from the FCA’s supervisory team, how you communicate with them can make a big difference to the outcome. Square 4 can support you in preparing for a visit from the FCA, whether through training the team members who will meet with the FCA or carrying out mock walkthroughs of processes that the FCA will want to see. In cases where issues need to be remediated, we can help you prepare a remediation plan to show the FCA how you intend to address the issues comprehensively and promptly.
And what if the worst happens?
If you’re the subject of a VREQ or OIREC, getting your engagement with the FCA right is crucial. You will need to ensure you understand what the FCA expects to see for the restriction to be lifted and develop a clear remediation plan. The plan will need to include not only correcting the issue but also understanding the root cause of the problem and taking action to prevent it from happening again. The FCA will expect regular updates on progress towards remediation. How these updates are communicated will give the FCA valuable insight into how well the firm is addressing its issues. The final puzzle piece is understanding how the restriction will be lifted. Ordinarily, firms are expected to apply for the restriction to be lifted, but as highlighted by the Financial Regulators Complaints Commissioner in August 2024, the FCA is not always clear in communicating the process to firms.
Get in touch if you would like to discuss what we’re seeing from the FCA, or if you’d value support. We have expertise across a wealth of FCA Supervisory focus areas including client assets compliance, financial crime, consumer duty, vulnerable customers and outsourcing.
