In our latest Wired-In webinar, Ben Mason, Founder of My Compliance Centre and Lucy McClements, Independent Consultant and NED, examined the current regulatory context of the latest issue of the FCA’s Business Plan and provided actionable insight for compliance teams.
Nat Davies, Content Marketing Manager at NorthRow: Hi everyone, good morning and welcome to today’s instalment of the Wired-In webinar series. We’re just waiting for a few more delegates to join and get settled but while we do that, I’ll just do a few intros and a quick rundown of what to expect for the next 45 minutes.
My name is Nat, I’m part of the marketing team here at NorthRow and I’m joined by two special guests this morning who should hopefully be able to see at the top of your screens.
Just before we do get started, Ben if you could pop the slide forward for me. I just wanted to do a quick intro to the Wired-In series if you’ve not joined before and a bit about who we are here at NorthRow.
So if you’ve not joined the series before or, indeed, heard of us here at NorthRow. We are an AML compliance software provider, we provide software that helps you to grow your business safely while complying with the ever-changing regulatory requirements.
Wired-In is our way of giving a bit back to our audience, we run these every four to five weeks and invite guests such as Ben and Lucy who you can see to speak about a topic that is relevant to the world of compliance at this moment in time.
So now that the shameless plug is out of the way, Ben if you could pop the slide forward one more for me. All that is left for me to do is introduce our two guests.
We’re joined by Ben Mason who is the Founder of My Compliance Centre, and Lucy McClements who is an independent consultant and together they’re going to be discussing the latest issue of the FCA’s Business Plan and taking a look at how that will impact regulatory compliance in 2023, and indeed into 2024.
Without further ado, I’m going to jump off camera and let these two take the floor. So, you guys, it’s over to you!
Ben Mason, Founder of My Compliance Centre: Thank you, Natalie, and good morning everybody.
Now, if you’ve read the FCA’s Business Plan and, away from the obvious, wondered what it means to you, and what you should be doing about it, then you’re in the right place!
So, over the next few minutes, we’re going to be talking a little bit about the regulatory context, only a little bit about the Business Plan – I should emphasise this is not going to be a list of what’s in the Business Plan, anybody can read it and most people on the call today will already know that it talks about consumers, financial crime, and market integrity.
What we’re going to do is pull out some themes, there’s a few things changing and different emphases from the FCA in a couple of areas and we’re going to lead on to what we think you might be doing about it as compliance teams.
We’re going to end with a couple of worked examples and hopefully make it very practical. A quick spoiler alert, we are going to be providing you later on with a practical tool which we think could be very useful for you. Essentially, we’ve taken the FCA’s metrics which are published in a very difficult to use format and tabulated them. We’ll provide access to that Excel file later on and explain why it’s relevant to this conversation. And we’ll finish up with a Q&A.
So, we’re going to kick off by talking about the context of the FCA and there’s nobody better to do that than Lucy. Lucy, please get us going!
Lucy McClements, Independent Consultant: Hi Ben, hi everybody. I think this is a great starting point and one of the reasons is I used to work at the regulator. I spent the best part of 18 years working at a bank, the FSA and lastly the FCA. And it was great fun, but it was sometimes frustrating and some were the three things on this slide that we’re going to dive into, explain a little more about that.
So if we think of it first in relation to the political landscape. It may be Ben that you want to move the slide on.
So we’ve the delivery of the Brexit Dividend and that includes replacing the EU legislation, and that’s quite a difficult job because you’ve got to maintain EU equivalence or, at least to a certain degree, otherwise we’re going to get chucked out of things on a global level.
So that’s going to be an interesting line to travel along. And then you’ve got the political expectations. I always find it amusing that politicians want their cake and they want to eat it!
On one hand they want less regulation because that is good for business, and on the other hand they don’t tolerate failures and they want to know why we weren’t on it, et cetera.
I’ll just hesitate a moment, I keep saying ‘we’, and although I left the regulator in 2016, unfortunately if you break me in half, you’ll find regulator running right through me! So when I talk about ‘we’, I’m generally talking about the regulator rather than my current role which is a non-exec director and independent consultant.
I think the really good example is the SM&CR (Senior Managers and Certification Regime) that’s been running for nearly 20 years. So three financial crises, it was all about senior people at the FSA at that time, telling us: “It’s all about senior management responsibility. If the firm is on it, and you think they’re doing what they should do, get out of the way!”
That was a big message that we got pre-financial crisis.
Obviously everything changed. The public outcry, no one was held to account although they were in many other countries, and that was the genesis of the SM&CR. You think back to originally, the work was thought to focus on individuals proving that they were acting reasonably, and you’ll recall that that was flipped back round.
That was just how angry the TSC (Treasury Select Committee) and the PCPS were at that time. Since then, the FCA has been encourage to broaden it out to most solo-regulated firms, and they’ve done a simplified version and, hats off to them, I think it has been a good middle ground that they have tried to navigate in terms of the SM&CR, the FCA and solo-regulated firms.
But of course, there’s been no big enforcement action, no major things against COCON (Code of Conduct), and so, at the same time the PRA and the FCA have also reviewed their SM&CR and broadly said: “You know what? It’s okay.” In 2019 and 2020, they’ve both published short reports saying we think it is broadly working.
Then, you get the Edinburgh Reforms from the end of last year saying: “Actually, we want to look at SM&CR, because we think it might need reforming.” And I’m thinking, “Hold on, have we gone full circle?”
And this is what regulators can be like. I’m really interested, Ben, what are your perspectives? Obviously, I saw it from the inside, you saw it from the outside. What are your thoughts?
Ben M: Well, my thoughts are that I could talk for an awfully long time about the contradiction of politicians coming from both sides and the pressure that puts on the regulator. And not just politicians who want less regulation and zero failures, but also from the FCA Board as well.
I think these challenges made me much more sympathetic, I guess to the roles that regulators need to carry out. They represent so many different things to different people.
Lucy M: So moving on to what’s happening inside the FCA, which I lived through for many years, although I did leave in 2016. A few things to draw out. Staffing has significantly increased, when I left in 2016 it was more around 3,000 people, and we’d already started to beef up the consumer credit authorisations, for example. It’s now 4,500 which is phenomenal, really! And there is also some regional office expansion as well, so they’re opening a Leeds office on some data science type aspects.
You’ve always got the perimeter as well which is always changing. So you’ve got funeral plans, Buy Now Pay Later, consumer credit came in 5, 6, 7 years ago. And I’d argue that that is unmanageable, if I take it back to when I started at the FSA back in 2000/2001, I think we had about 20,000 firms we were responsible for. And since then, there’s been intermediaries joining, consumer credit, funeral plans, CMCs (Claims Management Companies), some elements of crypto and it’s blown to 60,000 firms. Three times the number of firms they were used to looking at just over 20 years ago. And that is a phenomenal increase, and I think you can see that in their annual funding requirement.
I was quite astonished to see just how much they managed to get through in the last year in terms of increasing the budget. It’s gone up by 8.5%, broadly in line with inflation. Whereas the PRA has had their annual funding actually fall slightly by 2 or 3% so there is a lot going on in that organisation, there’s a lot of people there, a lot of people to train, and there’s a lot of change.
Again, Ben, what’s your reflection from the outside helping organisations try to get authorised in the past.
Ben M: I think we’ve seen a huge evolution of the FCA. I’m just going to pick up on the AFR (Annual Funding Requirement) actually. I’ve had a look at this and the size of the FCA’s budget always amazes me.
I’d like to give you some reference points, I’ve looked at the budgets of other regulators. So we take the three main European regulators: EIOPA (European Insurance and Occupational Pensions Authority), ESMA (European Securities and Markets Authority), EBA (European Banking Authority) – regulating insurance, capital markets and banking respectively. Their annual budgets, forget the currency, are 35 million, 67 million and 50 million respectively.
The ICO in the UK regulates all DPA in the UK, 62 million. The PRA is 293 million, more than all those four put together. The FCA is 684 million, more than all the other five put together. So the size of the budget that the FCA is managing is absolutely phenomenal in the context of any other regulator.
And, I couldn’t help but notice that the Economic Crime Levy is on its way and regulated firms will get hit with another cost on top of FSCS (Financial Services Compensation Scheme)and all that stuff. Just to pick up on one thing, is the FCA’s budget. It’s difficult to ignore what a monster it is.
Lucy M: Totally agree. Moving onto the strategic framework, I think the key point we want to get across here is that the Business Plan, to the right there, is just one part of the overall framework. There is an important three-year strategy which started last year, they’ve talked about what year two looks like, and that obviously feeds into the Business Plan. They’ve got a number of commitments and metrics which we’ll go on and talk about. And of course we have those changes to the regulator’s perimeter. Andrew Bailey (served as CEO of the FCA from July 2016 to March 2020) used to talk to staff about how the perimeter was more akin to, and more complex than, the Norwegian coastline. I always thought that was an interesting analogy.
And then you’ve got the regulatory initiatives grid, and if you’ve ever had a look at that, it is huge. It covers everything on the regulatory map moving forwards over the next three to five years. And it is just constantly changing, so when you’re reading the Business Plan, take into account the strategic framework and where that fits overall. And what Ben has tried to do is make a bit of sense of it, which is the next slide.
Ben M: Absolutely, I think that as a compliance officer, a compliance professional, you have a choice. Do you just read your ‘Dear CEO’ letter and the guidance, and there has been a massive drift towards guidance, policy statements. Or do you look at the whole thing and understand where the movement is over time?
I’m not sure there is a right or a wrong, but certainly I think seeing the whole picture is preferable.
And so, coming back to the Business Plan itself, we are not into casual ridicule of the FCA here, we understand they’ve got a difficult job to do. I just wanted to sympathise with anybody that has read the Business Plan and might have found certain aspects of it confusing.
Let me explain what I mean by that. So first of all, the Business Plan fits into the three-year strategy, which fits into the operational objectives as they’re called. That’s all fine. The strategy and the business plan has three themes. Those themes will not be a surprise to anybody here. They are also called focuses, and the focuses are different to eight other focuses that they have in the business plan and that’s fine as well. But those focuses, you might think are the same as priorities, but in actual fact they’ve got four different priorities which are different to the 13 commitments, although if they’ve got a bit more time, they’ve got four additional commitments, just in case they can get there.
And, in preparing for this, I had to remind myself of the difference between the outcomes and the commitments, which are different to the top-line commitments. So my point is that fitting all the bits together, is a bit of a jumble of a jigsaw. And if anybody else got a bit confused the first time they read it, I did as well!
I know, Lucy, you’ve got an observation on this and the FCA’s board.
Lucy M: Maybe I’m the sad person that reads the minutes coming out of the FCA board, they are published along with a whole range of other things and it is notable just how much the board were commending them on the readability of the document and the work that had gone into it. They were really pleased with how it had evolved and I find that interesting because it makes me wonder what it was like when they did the first draft!
It just shows the board is very focused on this and they will know that it sets the train for the coming year, two years.
Ben M: So, Lucy, you’re going to pick a couple of themes out for us.
Lucy M: Yeah, so I think one of those is data-led. It isn’t new, I think about how I used to work in the small firms division as it was back in 2007, 2008, and we were talking a lot about bad firms that went under the radar. We were always very conscious of that, and what we could join together in the sense of the data that we had, and being able to focus on the greatest areas of risk.
That was when we had 28,000 firms to regulate rather than the 60,000 there are now. And I think this is one of the biggest risks the FCA faces, and by that I mean it’s bad firms going under the radar. London Capital & Finance, which failed back in 2019, 2020, that was the real focus and that focused people’s minds in saying: “Actually, FCA you have a lot of information from a variety of sources, some of it was from consumers, some of it was intelligence you had internally, some of it was because the firm was applying for a variation of permission for example. So there were a variety of touch points that you had at this firm and you didn’t realise that they were bad and they were trying to sell retail mini-bonds and rip people off.”
And I think that hit hard. For a long time, the FCA has been focused now on this data-led thing. And they’re getting cleverer, all these things with AI and data science et cetera means that it’s not as simple as it was back in 2007, 2008, where we’d maybe put together two or three metrics. They’re looking to put together a whole range of quantitative and qualitative information to tell them where to look, because 60,000 firms is a lot of places to look.
Their solution to this is more sophisticated data analysis.
But what to do about it? Ben is going to go on to talk a little bit about that in the next couple of slides. But first let’s go on to the second theme which is really around the interpretation of threshold conditions.
Ben and I always have good fun on the threshold conditions, because I worked in authorisation at the time when he was supporting a lot of applicants trying to come through the perimeter to be authorised.
So he will know better than any that, to a certain extent, the thresholds are rather ambiguous and you can debate why that is the case. But it’s always been a tool, it’s always been there, we were always able to cancel an individual firm’s permission. We were always able to say to them that they didn’t meet that threshold condition, but we didn’t actually use it that often. I think what we’re seeing now is a real increase in appetite, particularly around the legal risk because that is predominantly why it wasn’t done five, six, seven years ago to say: “We’re not going to tolerate this, we’re going to intervene earlier, and if you haven’t got a decent story to tell, we’re going to take your permission away.”
For example, the rules currently say that if you don’t use your permission for 12 months, then the FCA can take it away. It was relatively rare that they did that. I think there is going to be a lot more focus on that. Another example is around the banning of phoenixing in claims management companies, I thought that was quite an interesting angle. Arguable, they should be banning phoenixing in all types of regulated firms but that might have been too far to go.
As I say, Ben and I used to sit opposite on this so I know he’s got some quite strong views about how the FCA interprets threshold conditions and this shift in emphasis.
Ben M: I thought this was really interesting. As Lucy says, they weren’t used very often but it seems to me to be this completely ambiguous net that the FCA could use to throw over anything in the event they wanted to. That was my perception from the outside. Lucy didn’t always agree with me! So the fact that they needed to clarify that they were going to broaden it, and give themselves even more flexibility was interesting.
I don’t think there is a lot you can do about this as a firm, other than note that this is alongside a number of other actions they are taking to say they’re just getting tougher. They’ve created metrics for. themselves to deauthorise firms. They’re trying to take people out of business that they regulate, it’s an extraordinary approach for a regulator to take.
Nikhil Rathi, the CEO of the FCA, said: “If you’re an overseas firm in the UK, you are here to serve consumers.” Well, they’re not. They’re here to make a profit. The fact that the FCA has just lined up this range of tools and wants to clarify it’s going to use them, I think just tells you where it’s at!
Moving on, we’d like to talk now about what you should be doing as a compliance function in response to the business plan, and the strategic framework. Our first answer, just do the simple things well.
We’re going to move on from there, but let’s try and define what those things are. In my view, you may have a different one, you should be aware of what is in the strategy, the business plan, look at the regulatory initiatives grid – that’s how the FCA fits into other regulators outside of its own purview and how it’s cooperating with those. Read the ‘Dear CEO’ letter, all that stuff. At least be aware of it.
From there, you can take some action. You should absolutely be challenging your framework. Your framework should be moving on year-to-year, as the regulator moves on. Most obviously, make sure your risk focus matches the FCA’s risk focus.
The thing that I would strongly encourage you to do is as follows. I think most people will brief their board on what the regulators say, and most people will brief the board on what they’re doing as a compliance function. I would strongly encourage you to draw the two together, if you can demonstrate that what you’re doing is directly aligned to what the regulator is doing, then that really gives confidence to your board that they’re sponsoring the right compliance team, that you’ve got their backs, that you know what you’re doing. It just gives a far more strategic approach to what you’re doing.
Lucy, you’ve spent a lot of time on board effectiveness reviews and all that stuff, do you want to give a view?
Lucy M: I sit on a couple of regulated boards myself, and what do I want the compliance function to do? I want them to keep me safe. Seeing some kind of briefing along the lines of item three on that slide really gives me confidence that my compliance and risk guys know what they’re doing. And that they’re trying to anticipate and know what is coming down the line. Some of this I do because it’s naturally my background, but for those that can bring out and highlight to their board what matters to us really does focus their minds and focuses them on the things that matter.
Ben M: Brilliant. We’re going to move on from that and we’re going to answer the same question a couple of different ways here. What should you be doing about the FCA’s approach at the moment? We think there is an opportunity to think strongly about this whole data thing. The fact that they’re committing 200 new staff to data analysis and being data-led means they’re going to do something, and it means something to you as a regulated firm.
Aligning your data strategy, your risk indicators, and your reporting with them is probably where it’s at. Step one, joining the dots between the different data points. From the FCA’s side, they’ve got these 13 commitments, this is what they’re trying to achieve. Difficult to work with 13 different commitments, doesn’t get any easier when you look at their metrics. So the metrics are how they measure whether they’re achieving their commitments.
On your side, you submit regulatory reports to them. That’s the data they hold about you, amongst other data, other transactions they might have, market data they might get. And then you have your internal KPIs. So these are four different data points and when I looked at these, I thought they’re difficult to relate to each other. How do you tie these up and make them mean something?
Let’s ask the question from a different angle. How might we go about linking all of this? Let’s just give a simple process. If we take the FCA’s metrics, firstly, they are published and I’m going to give them to you in a different format you might be able to work with more easily than the FCA’s webpage.
Identify the metrics that apply to you. They will not all apply to you. Then you need to do a gap analysis. What are you currently reporting on? What are you currently tracking? What is the FCA tracking that relates to you?
In the event that those two do not match exactly, there’s probably an opportunity to incorporate into your risk report a few more metrics that might help you track more closely what the FCA is thinking about you. The FCA is now into this early intervention, can you detect a problem early like the FCA will try and do?
It gets more challenging and one thing you could consider is a separate risk report. An FCA risk metrics report which would pull out of your overall risk reporting, which will have all sorts of operational risk, just the stuff that you think the FCA is tracking because it’s published its metrics which relate back to your sector and your firm and your business.
Lucy, any comments on that from either side?
Lucy M: I really like the ‘D’ on this, consider the separate report. It makes me think of a couple of conversations I have had with boards around culture dashboards, so when I started talking about this back in 2017 and saying this is the way it’s going. Many boards were saying: “Look, we don’t need that.” Swing forward to 2023, virtually all of the regulated firms will have some kind of culture dashboard, and certainly if you’re of any size, that’s some kind of metric you want to be tracking.
These things do evolve, it’s getting ahead of the game and this is what Ben and I are trying to explain. This is where it’s moving and people will be ahead of the game, it’s doing this gap analysis and thinking through what it means for your firm.
Ben M: Absolutely. There is a challenge with that, which I’ve mentioned a couple of times and that is that the FCA’s metrics are not published in a very easy-to-use format. I’ve spoken to a couple of senior compliance people thinking about today and neither of them were aware of this webpage. You can Google it easily enough, and that’s the link. If you go to their metrics webpage, this is what you see. On screen here, we only have two metrics, and there are about 85 of them.
You can see that the data is quite difficult to take in and actually use. So, that’s something to be aware of, and probably why a lot of people§ don’t process it, because you don’t have enough hours in the day!
I’ve done a little bit of analysis for you. I think there were 85 metrics. Interestingly though, at the point of publication, that’s a year ago, only 59 were being tracked by them but they’ve told you where they are going with the other 26. I did submit a Freedom of Information request to find out when the rest are coming out. They’ve refused to release them now, apparently it’s in the public interest to tell you when they release their accounts at the end of the year. I cannot see any relation between the two points but that’s what they’re saying.
But if you’re not in a consumer-related business, then you can scrap a load. Some are single sector-related because of specific types of financial crime and you night be in insurance or something and it’s not relevant to you.
My point is that if you go through these, you will be able to find some which are directly related to you. The point at the bottom is important, for me, there are 32 that you just can’t worry about. The FCA is tracking industry-level things that you really measure anything that correlates, but there is plenty that you can track.
That’s the challenge, sucking out a webpage that is about two miles long and turning it into something useful. We’re going to give you a link in a moment to a spreadsheet that looks like this.
Let me explain what this is. Columns B, C, D, E and F, you can’t see because it’s a big one where I’ve just quoted verbatim from that webpage. Columns G, H, I and J, are filters we’ve added. You may disagree with how we’ve assessed them but they’re filters that we have added and the idea is that you can easily go through this list and work out what’s relevant to you and try to implement the strategy we’ve just suggested.
That link is coming up in a moment. Let me give you a couple of worked examples as to how you might work with these.
Lucy, was there anything you wanted to comment on?
Lucy M: No, I want to come in after you’ve done this first worked example as I think it’s a really good illustration.
Ben M: Okay, we’re going to go with one of the metrics that you can directly measure as a firm, and one that you can’t by way of contrast.
The metric in question: CFV1-M01 and it tracks the proportion of consumers who have been offered a financial product or service they wanted, but at a price or with T&Cs they felt to be ‘completely unreasonable’.
In actual fact, it’s quite easy to understand, this is some sort of customer satisfaction survey and the FCA’s got a baseline of 7% and they want to improve on that.
Now, I’m looking at hypothetical firm X and the question is what do they do about this? Firm X’s approach was to implement the same metric. Let’s go track that. But the question is what’s their target? What firm X did, they said: “Well, we don’t know what the FCA’s threshold is, but we know where its baseline was and it’s hoping to improve on. So let’s get inside that.” I picked 2%, that’s hypothetical, you could pick a different number. And thereby, what we’re hoping to achieve with that is to avoid getting on the FCA’s radar for the wrong reasons and if we are part of some supervisory action, we’re able to demonstrate quite easily that we’re well inside what they’re concerned about. And that’s how we’re going to keep ourselves out of trouble.
Want to jump in?
Lucy M: I think this metric really goes to the heart of Consumer Duty. What does the FCA want? They want people to get the products they need and want, at the right price, at a fair price. I imagine there are lots of people on this call scratching their heads at the moment about what metrics they need to provide to evidence that they’re delivering good outcomes for consumers. These metrics are a great place to start because this is how the FCA are going to measure it with an industry-wide perspective.
If you can translate that into something on a firm-wide perspective that is relevant to you and you can map that across, then you are going to be well ahead of the game in terms of explaining and evidencing to the FCA that you are delivering good outcomes to consumers.
It’s the big thing everyone is talking about in Consumer Duty, it’s a real headache. I don’t know the answers but I think this is a really good place to start if you are scratching your head.
Ben M: Indeed, and that leads perfectly on to the next one. So the same process would work also with the non-consumer facing metrics. It’s the same principle.
Moving on to a second example where the FCA has metrics which you can see would be directly relevant but you can’t really measure the same thing.
Let’s look at it, the metric CST1-M01. It’s a customer satisfaction measure with their providers but the issue it’s a composite index. And we don’t know what is in that index. Here we’ve got hypothetical firm Y, what do they do about it?
They define their own index, just take a pragmatic approach of having an index that reflects a number of different indicators. What we’re going to do is recognise that it doesn’t directly match the FCA, but we will measure it, we will have governance over how we improve our customer satisfaction index, we will have an audit trail to demonstrate to the regulators should they ever turn up here and that’s a great way of thinking about life, what we did and how we responded to the Consumer Duty in this case and improved our delivery of customer satisfaction via this index.
Hopefully the FCA would not only respect the governance process, the actions taken, but the fact that the metric is something they can’t completely release.
Now we move onto an interim bit of our session here today. NorthRow have very kindly allowed me to introduce My Compliance Centre but I should say before I start on this that I fully understand that nobody came here to be sold to aggressively in any sort of way!
So I’m going to make this quick and I’m going to talk to you on a compliance level, rather than a sales level!
First of all, what is the problem we’re trying to solve at My Compliance Centre? For us, it’s about compliance automation and as we see it, there are a number of challenges with the way in which compliance functions are run very often today.
Most obviously, many compliance teams are not using the most optimal tools. Would you use Excel and Outlook to run your sales team or your marketing team? Probably not, you’d use Salesforce. So why are you not using an equivalent tool to run your compliance team? In actual fact, I think there is a good answer.
The market has been poorly served, the systems that are prevalent to date probably have been built focusing on the biggest market which is the United States, and the capital market and asset management sectors. And that’s great, if that is what you do. But if it is not your entire focus, let’s say you’ve got to run a UK-based compliance team then you might have a wider set of challenges.
There are some other challenges, we think very often that compliance teams have their data all over the place. 25 different spreadsheets and they spend all day everyday updating those spreadsheets, and then when they have got to report off them, that becomes incredibly challenge and very similarly, compliance teams seem to have a challenge with having so many different tasks to do across quite a number of different functions and the amount of time spent trying to remind somebody about something, nudging the process along, this sucks the lifeblood out of compliance officers, and really detracts from being able to do other stuff.
Compliance teams face these challenges, they may find themselves less efficient, less effective. If that’s the problem, what’s the answer?
Unsurprisingly, I’m going to try and give it to you. So the answer from our point of view is a fully featured compliance management system that allows you to manage a wide range of functions from within a single system, within a single interface. Our system has a number of solution areas across compliance operations, governance and employee compliance, and I hope that a compliance professional looks at this screen here and sees a number of jobs that they are doing every day, and potentially might see the opportunity for enhancement and improvement in those jobs.
Most importantly, we have a number of unique selling points, I don’t have time to get into those today but there are a number of things here that you won’t see elsewhere. But our task management solution allows you to see the entire universe of all compliance tasks in the company, in one place. That in itself is incredibly powerful.
So, I hope that’s of interest. Of course the system is information-rich, allows you to really produce enhanced analytics and reporting, and if you just take three things away from this presentation. Please remember My Compliance Centre was built by compliance experts like you, for compliance experts like you. It’s got the widest range of functions in the market and it is designed to enhance the efficiency and effectiveness of your compliance function.
Many thanks for listening to that, if any of that resonates, just drop me a line via LinkedIn or on our website, or I think my email address is coming up.
I’m going to hand it back to Natalie to take over.
Nat D: Hey guys, thanks for that. That was really insightful and really fascinating.
Ben M: Sorry, Natalie. I mentioned the web link to get the Excel file, if you want to quickly take a snapshot of that, or I think you were going to circulate it after the session to people and they can go and download that.
Nat D: If you don’t make a note of it just now, we’ll pop it in the email that we’ll send out with the webinar recording so we’ll make sure there is a link to that so you don’t miss that incredibly valuable resource that I’m sure Ben spent many evenings working on!
Just wanted to jump into some questions. If anyone has any that you wanted to pop in, do let us know. We’ve got a couple that have come in during the session. So the first one, is: How can my firm know it’s potentially going to be on the FCA’s radar?
Ben M: Lucy, do you want to go first there or shall I jump in?
Lucy M: I think it’s exactly what Ben has tried to articulate in terms of the tool that he’s offered. I think my perspective as an ex-regulator is that you never quite know what the regulator’s appetite is, so you don’t quite know whether making losses of £50,000 on three consecutive years is enough as a payments firm to trigger them to ask for your wind-down plan.
You don’t know. But you can make some reasonable assumptions and some of this information and intelligence also won’t be available to you. But Ben, it’s the substance of your presentation! I think it came in early in the session because people were impatient and they wanted to hear what you had to say at the end!
Ben M: It’s an interesting question so you’re already on the FCA’s radar by definition. You’ve got an authorisation and they regulate you.
However, if you’re in certain sectors so if you’re a no resale client corporate finance firm, you won’t hear from the regulator very often. It would be an infrequent thing, but you’re on the radar.
Now at what point is that interest from the regulator going to ramp up? Well, you don’t really know and I think a really powerful way for me, and I was a compliance consultant for many years, to think about the risk that my clients were experiencing was just make the assumption they’re coming next week.
Because that may well happen. So, what are the things that might need to trigger it? Well, obviously we know about the stuff like complaints or if there is a major failing within the business or something like that. But let’s assume, you’re going well, you’re in charge of your compliance, your firm has a good culture and the FCA does arrive next week – have you got in place everything you need to defend yourself?
We talked about having good metrics, can you fight the regulator off? In my mind, if I’m a head of compliance I’m thinking: “The FCA is here next week, am I okay for that meeting?”
Nat D: We’ve had an influx while you’ve been answering that Ben so let me just have a quick peek through these. Does anyone have insight into the crypto side of the FCA and how that will be changing?
Ben M: I’m not quite as match-fit on this as I once was!
I did found the APC, the Association of Professional Compliance Consultants crypto forum anticipating a massive influx of work, and of course nothing happened in terms of movement of the perimeter and it still really hasn’t!
From my point of view, this has been seriously disappointing. I find it absolutely staggering that the Select Committee, I would say going back five years, I might have my dates wrong, was hugely critical of the bank, of HMT, of the FCA for not doing anything in terms of putting a proper regulatory framework around crypto.
What we’ve seen, as some of you may or may not know, is that the FCA has used its regulation of AML, so the registration that firms have to go through, as a pseudo-route to regulating crypto and that’s by just keeping people out. You can’t have an AML licence, so you can’t operate.
We’ve seen firms take a couple of years to get through that process, there is a very high rejection rate, and I do wonder where that’s going.
Financial promotions around crypto are now being regulated. I don’t get it. Why wouldn’t you regulate it properly in the way that you regulate other industries?
And if you think it’s gambling then regulate it like its gambling! This isn’t about the FCA this is about politics, about primary legislation really and the regulator would follow suit. But where the regulator has got involved, it clearly doesn’t like it, clearly thinks consumers are at risk, it clearly thinks it’s a massive financial crime risk and it’s pushed back about as hard as it possibly could at every opportunity that it’s been given.
Nat D: Then just one final one: “How have we missed the FCA metrics as just presented? I’ve not seen or heard anything on those in any FCA presentation or the very many webinars we have all sat in throughout this year?”
Lucy M: You’re not alone! I mean if you look at how much the FCA publishes, I referenced earlier I’m looking at the minutes of the board meeting, hardly anybody looks at that! There’s such a vast quantity of information on there, it’s really trying to navigate and pull the key things out and that’s what we’ve tried to do today by drawing it to your attention.
But I’m not at all surprised people have missed it. It’s been there and it’s been there for a while and they’ve been building it out over time but it’s much more extensive than it was three, four, five years ago.
Ben M: The reason that we’ve focused on it isn’t so much that the metrics page just appeared because it hasn’t. That page has been there for over a year.
It’s because of these 200 extra people in Leeds. They’re not there for a joke. The FCA is going to be processing more and more data, and we’re triangulating where it’s going so I completely understand.
If somebody wants to drop me a line and tell me they think it’s completely irrelevant, I’ll be interested to hear but this is, from my point of view, this is a key part of what they’re doing.
If anybody reads the My Compliance Centre newsletter, you’ll see we have a regulator watch section where we track, amongst other things, the level of output of different regulators. The SEC is the highest and about 90% of what they come up with is all fines but moving on from the SEC, then the FCA is by far the highest publisher of regulatory documents. That’s why it’s difficult to stay on top of this stuff and hopefully we also articulated within the webinar you have the complexity of all the different bits and pieces. Just trying to get them to all hang together, it’s close to impossible! That’s why people don’t have the time to do that so we’ve tried to lift the veil on that and hopefully usefully today.
Nat D: Perfect, just conscious of time. If anyone does have any further questions, feel free to connect with Ben and Lucy on LinkedIn. We’ll include their details in the email that does go out or you can drop them to us on email@example.com and we’ll by all means put you guys in touch with Ben and Lucy directly to discuss those pointers and via email.
If you just want to pop the slide forward for me, Ben, if that’s okay?
So this is just a plug for our next webinar coming up. As I said we do host these monthly, the next one is taking place in July, towards the end of July, at the same time of 11:30am. We’re going to be joined by Corinna Venturi who is the Director of Financial Crime at Cosegic and she’s going to be running through some best practice for KYC compliance in 2023
The invites for those haven’t quite gone out just yet, do keep an eye on your inboxes for those or indeed keep an eye on our LinkedIn page, where we’ll publish any updates so you can find out where you can register for that.
Just one more slide for me, Ben. Another shameless plug, but if you are interested in getting in touch with us here at NorthRow, do feel free to reach out after the session to us on firstname.lastname@example.org or website is northrow.com, if you did have any interest in our AML compliance software but I’ll skip over that because you’ve had a few shameless plugs throughout this session.
Just one final one from us.
Do expect the recording to come out in the next 24 hours or so. A huge thanks, Ben and Lucy, you’ve been absolutely fantastic. I think you’ve compressed a lot of information into a very short space of time, so we really appreciate you taking the time.
As I said, that resource that Ben has prepared will be coming out with the email as well.
I hope you enjoyed it so thanks everyone for joining us and both, once again thanks so much for your time, appreciate it and hopefully we’ll see you in July. Thank you, everyone!