FCA Publishes Its Business Plan for the Coming Year

The plan will enable the industry and consumers to understand the entirety of the FCA work in a particular sector and what can be expected from FCA in the coming year. The plan also reflects the variety of changes affecting both financial services and the wider society and shows how FCA will use its resources to tackle these challenges. FCA states that much of what it does and the issues it addresses are complex and will continue to be priorities for future Business Plans. FCA will continue adapt its approach to the ever-changing landscape. The cross-sector priorities include the following:

• Supporting a smooth transition post-Brexit, strengthening international engagement with fellow regulatory bodies, and assessing the impact of EU Withdrawal on the industry and consumers
• Supporting culture transformation in financial services, performing appraisal of remuneration practices, and extending the Senior Managers and Certification Regime to all firms
• Focusing on operational resilience, with key priorities including policy proposals on operational resilience, setting clear expectations on outsourcing to third-party service providers, continued use of ethical hacking to test firms, supervisory multi-firm work on cyber-attacks, and communications with smaller firms to increase awareness of cyber-attacks
• Assessing Open Finance, building understanding of data ethics in financial services, publishing proposals on regulation of crypto-assets, encouraging innovation in global financial markets, and encouraging the development of regtech in data exchange
• Engaging with stakeholders that are considered the future of regulation, updating the rulebook in light of onshored requirements, reviewing costs and benefits of regulation for small firms, and publishing the first annual statement on perimeter issues

Along with the supervision assessment program, FCA will continue to use regulatory tools to test the cyber capabilities of the high-impact firms. CBEST (ethical hacking) gives insight into core areas of firms’ cyber resilience. While FCA has, so far, used CBEST in partnership with BoE on only a small number of firms, it plans to use regular CBEST testing for a larger number of priority firms beginning in 2019/20. The regtech activities in the year ahead will be focused on continuing the exploration and experimentation with industry on how to improve the method of data exchange between industry and regulators and specifically the opportunities for expressing requirements in a machine-readable and executable form. FCA has met with a number of start-ups, incumbent institutions, technology providers, and academics to see the impact regtech could have. This has helped in understanding where efforts should be focused. FCA has also begun to develop and test a number of activities and ideas based on its learnings. It will complete a cost-benefit analysis to better understand the business case for delivering Digital Regulatory Reporting in conjunction with industry participants and BoE. 

Related Links

• Notification
• Business Plan (PDF)

Keywords: International, Banking, Insurance, Securities, Operational Risk, Regtech, Brexit, SM&CR, Cyber Risk, Digital Regulatory Reporting, FCA