Five compliance focus areas for the Investments sector in 2024
Five compliance focus areas for the Investments sector in 2024
2023 has been another incredibly busy time for the Financial Conduct Authority (FCA). As of early December 2023, there has been 124 publications published by FCA and 91 of these are relevant to investment firms. Add to this other FCA publications, publications from other regulators including in Europe, and it becomes a significant volume of material for any compliance officer to keep up with.
Considering this, we have highlighted five areas compliance heads should focus on as they build their compliance programmes for 2024.
1. Financial Resilience
With the Investment Firm Prudential Regime (IFPR) now approaching its second-year anniversary, firms will now be expected to have fully embedded the requirements of the regime. The IFPR was a bottom-up rewrite of prudential rules that apply to firms in scope of MIFID. New rules were set out in relation to the calculation of own funds requirements, liquidity requirements, governance arrangements, remuneration, and public disclosures.
Of particular importance however is the Internal Capital Adequacy and Risk Assessment process (or ICARA) which sets out a different approach by which firms may assess the adequacy of the financial resources they hold. In February and more recently November 2023, the FCA published findings from its multi-firm reviews into firms’ implementation of the IFPR with focussing on own funds and liquidity adequacy; and wind down planning.
Some common areas of weakness include the robustness of liquidity requirements and operational risk assessments, adequate consideration of group risk, and inadequately developed wind down plans.
Regulatory reporting, which now forms an increasingly important component of the FCA’s new data led supervision strategy, should also be assessed to ensure these are accurate, complete and timely.
With two publications from the FCA now setting out good practice, it is not inconceivable that the FCA may then begin serving s166 notices on firms that appear not to have taken the published feedback onboard.
Compliance programmes should therefore assess the overall compliance of the firm’s prudential artefacts and reporting in line with the rules and guidance of the FCA.
2. Consumer Duty
The Consumer Duty represents the biggest regulatory change in consumer regulation in the UK for some time. It is clear that the Duty is the lens through which the FCA is currently assessing firms with retail consumers as part of its commitment in April’s Business Plan, to ensure successful embedding.
The FCA is particularly focused on price and value, fees and charges, monitoring and outcomes assessments. We are seeing a significant number of s.166 Requirement Notices across all sectors.
Focus in early 2024 should be on the annual review of Consumer Duty outcomes by the Board. The expectation is that this review will be led by the first line of defence and challenged by the second line. Compliance Teams should be enabling the Board’s review through challenge and assessment of areas such as management information, root cause analysis and remedial actions.
Please see here for an article we have previously written on the annual reporting process. Compliance programmes, which are likely to support the Board’s annual confirmation of compliance with the Duty, should therefore target the areas of highest regulatory risk to the achievement of good customer outcomes.
3. ESG and Sustainability
In November 2023, the FCA published its final rules on sustainability disclosure requirements (SDR) aimed at tackling greenwashing. In principle, the new rules seek to ensure that financial products marketed as sustainable perform as claimed with evidence to back it up.
All firms are in scope of the anti-greenwashing rules, whilst manufacturers and distributors of investment products have separate additional obligations with respect to the use of sustainability labels, disclosures, and distribution. We have published a summary of the rules here.
Investment firms making claims about the sustainability characteristics of their products or services should ensure those claims are true and verifiable. With the new rules coming into effect in 2024, compliance programmes should consider whether the new rules and guidance are being met.
In addition to training for marketing, product and compliance teams, the metrics for independently verifying any sustainability claims should be reviewed and assessed.
4. Fraud, Sanctions and Market Abuse
In the FCA’s 2023/2024 Business Plan, fraud was listed as an area of concern. Fraud continues to be a huge drain on the UK economy with consumers and firms susceptible to the risk of being defrauded.
Firms (in particular MLROs) should be reviewing their financial crime risk assessments for fraud and identifying any weaknesses that they could address. Compliance programmes should incorporate an assessment of fraud risks and controls.
Sanctions risks should also be on the agenda. With more reports on how sanctioned companies and individuals are evading the current sanctions regime, firms should be reviewing the continued effectiveness of their controls in this area.
Finally, there have been multiple publications from the FCA this year on continued weaknesses in the systems and controls to identify, investigate and report suspicious transactions. Incorporating a thematic review on market abuse prevention and detection controls is advised for the coming year.
5. Operational Resilience
Finally, there should be an assessment of the operational resilience of the firm’s key services. The FCA have indicated that firms should have appropriate metrics to understand the operational health and resilience of their businesses and have adequate mechanisms to be able to prevent, adapt, respond to, recover and learn from disruptions.
Whilst the rules in PS21/3 (Building Operational Resilience) are only directly applicable to certain firms such as enhanced scope SMCR firms and designated investment firms, they represent best practice guidance for other firms.
As the risks to firms’ operations increase from local and global risk factors such as cyber threats, it becomes even more important to take reasonable steps to ensure the firm’s systems and key services are protected.
The compliance programme should therefore include a review of the firm’s operational resilience. Regulatory and IT teams should support the delivery of these reviews.
2024 looks likely to be another busy year for the regulators with more scrutiny on specific areas of firms’ businesses. With proper planning, firms will be able to self-identify any issues and be on the front foot with the regulators.
In a subsequent article, we will build on how to approach planning for the year ahead and consider the key elements that define an effective compliance function. If you have any questions about your 2024 Compliance programme or would like to find out how BDO can support your firm’s compliance function, please get in touch. More detail on our compliance support services may be found here.