July 15, 2024
What the FCA’s Business Plan and Strategy really means: collection and use of data | Allen & Overy LLP

The requirement for firms to collect and report quality data has never been more important, with the UK Financial Conduct Authority’s (FCA) outcome driven strategy looking to rely on firm data to realise its plans. In this post we explore the FCA’s data strategy going forward and what this means for firms.

The FCA’s data strategy

The FCA has resolved to become more effective by “harnessing data, converting it into actionable intelligence and improving our real time understanding of what’s currently happening and, crucially, emerging risks”. Aiming to become a more forward-looking regulator, it will use improved data and digital capabilities such as data dashboards to identify emerging issues. This ambition is shared by the Prudential Regulation Authority (PRA), which continues to strengthen and transform its data-related capabilities and is piloting new tools.

The FCA hopes to drive further cultural change across the industry and plans to track this via firm data. For example, it is gathering data from a sample of firms to understand their levels of diversity and the types of data being collected.

As well as collecting data for monitoring purposes, the FCA is interested in how firms themselves are collecting and using data. Earlier this year, it announced market studies looking into access and use of financial markets wholesale data. Together with the Bank of England, it is also considering firms’ use of data analytics and AI and whether this requires additional regulation. A joint Discussion Paper on AI is expected later this year, following its publication on the topic earlier this year.

Using data to intervene and take early action

The FCA plans to be more data led in its efforts to prevent certain firms from offering financial services in the first place; and when it intervenes, using data to more rapidly restrict financial services offered to consumers.

It is developing an automated approach for identifying simple threshold condition breaches. In addition, the FCA wants to rely more on tools that “have an instant effect when there’s immediate harm rather than launching fuller, longer investigations”. For example, making better use of automated web scraping for detecting fraud.

However, the FCA will need to ensure that it strikes an appropriate balance between speed and quality.

In the sphere of ESG disclosures, the FCA is developing metrics to measure the incidence of: (i) misleading marketing of ESG products; and (ii) the increase in quality and quantity of climate-related disclosures. It will monitor firms and take enforcement action depending on how firms manage the impacts, risks and opportunities from “ESG issues”. It seeks to “develop new interventions as necessary” with more FCA staff being empowered to take action. Asset managers should pay particular attention to this strategy because the FCA has previously provided examples of poor practices in this sector, which seems particularly vulnerable to future intervention.

Another area of continuing focus is operational resilience. The FCA’s Technology, Resilience & Cyber Department is monitoring the impact of operational disruptions to firms’ important business services. Recognising the inevitability of such disruptions, the FCA wants to see a measurable reduction in the frequency and severity of such disruptions. Firms must be prepared to demonstrate that they are employing measures to recover swiftly whilst learning from and preventing such disruptions.

Not everything can be quantified

The FCA is still considering the best way to measure market abuse / misconduct enforcement cases and outcomes. In the meantime, it is undertaking a number of assessments of firms’ anti-fraud systems and controls.

The FCA is also reconsidering the way it monitors principal firms and appointed representatives (ARs). It is looking at measures to improve principals’ oversight of their ARs, as well as increasing the information provided to the FCA, in a bid to raise standards across the industry. With principal firms generating 50 to 400% more complaints and supervisory cases than other directly authorised firms, the FCA will be closely monitoring complaint volumes. It is also consulting on changes to increase the amount and timeliness of information it receives on principals and their ARs. Consequently, firms can expect the FCA to intensify its supervision, using existing and new data to target its interventions.

Be prepared

The FCA’s data strategy is a commendable step with suggested metrics for internal measures of success. However, there is a notable focus on perception as a measure of concepts including value, effectiveness of interventions and market integrity, with a lack of detail on what it all really means in practice.

The FCA’s approach is likely to bring increased emphasis on the quality of regulatory reporting, an issue the PRA has recently focused on from an enforcement perspective. Firms should pay heed to this to avoid: (i) similar enforcement attention from the FCA; and (ii) becoming a false positive for supplementary attention due to poor data quality.

As the regulators look to be more preventative and interventionist there are a number of things firms can do to ensure their house is in good order.

  • Review D&I strategy, data and governance.
  • Analyse your customer outcome measures – the FCA’s Business Plan refers to using consumer perceptions as a measure of harm.
  • Consider ESG implementation approach.
  • Review operational resilience frameworks and incident management protocols (including associated customer communications playbooks).
  • Review the firm’s regulatory relationship strategy in light of a more assertive regulator.
  • Seek early support if you find yourself subject to formal regulatory scrutiny, for example, a skilled person review.