| UK & Europe | Articles
The publication of the FCA’s Business Plan is an event carefully tracked in the diaries of most compliance officers. The latest plan maintains areas including market abuse and operational resilience as key priorities for the regulator, while shining a spotlight on the expanding EMIR reporting regime and financial fraud. Now that the dust has settled, compliance officers have a chance to review and reprioritise their ever-growing to-do list.
Financial crime – are you assessing fraud risk?
Reducing and preventing financial crime remains the FCA’s commitment number one. Over the past year, two key national strategic documents, the Economic Crime Plan (March 2023) and the Fraud Strategy (May 2023), have been released. While the FCA aims to stop all areas of financial crime, there’s been a focus on reducing the growth of fraud cases. And it’s reasonable to assume that the regulator expects all firms in the industry to up their standards and controls in relation to fraud.
Although the level of exposure to fraud varies from firm to firm and sector to sector, you certainly won’t be able to quantify your exposure without conducting any kind of fraud risk assessment. Depending on your firm’s activities, this can be a standalone risk assessment or incorporated into your existing financial crime risk assessment.
So how would you go about designing such an assessment? There’s no one set approach, however we suggest looking at risk from the perspective of who the potential target of fraud is: is it the firm, its customers, or any other third party? Then, within each bucket, identify the activities at your firm that could expose each group to fraud. For example, while false accounting is a risk to your firm alone, unauthorised trading could expose both your business and your customers to fraud. This approach will provide sufficient granularity in identifying potentially fraudulent activities, enabling you to build out appropriate controls.
Market abuse – are you ahead of the curve?
Regulatory focus on market abuse detection and prevention shows no signs of letting up. The FCA has made it clear in its plan that it’ll significantly increase the capability to tackle market abuse. It plans to build advanced analytical capabilities, such as network analysis and cross-asset class visualisations, and to develop improved market monitoring and intervention of fixed income and commodities, covering both market abuse and market integrity. As the regulator’s toolkit gets more tech savvy and sophisticated, you need to make sure your market abuse systems and controls are not falling behind.
If you’re still doing manual trade surveillance, this is a great time to assess whether your setup is effective, efficient and, more importantly, appropriate to the size and scale of your business. And if your trade surveillance is automated, when was the last time you revisited system calibration? We frequently see cases where systems are so poorly calibrated that the surveillance is rendered ineffective. As trading patterns and client activity can change over time, calibration needs to be adjusted accordingly.
EMIR reporting – is your framework fighting fit?
The FCA has committed to ensuring that derivative markets are ready to implement the new derivative reporting rules in September 2024 under the UK European Market Infrastructure Regulation (UK EMIR). No doubt that this means it’ll expect that firms get their reporting infrastructure in place and ready to go live by 30 September. With a list of new requirements that require extensive resources and efforts to implement, it’s essential your current EMIR reporting framework is fit for purpose and ready to be scaled up.
Use this opportunity to give your reporting an overall health check to ensure you have correctly interpreted the requirements of each reporting field, identified all trading scenarios applicable to you, and set up the correct reporting logic for each scenario.
With almost double the number of data fields required to be reported, ensuring data quality and accuracy will be a challenging task. Identifying reliable and accurate data sources is, therefore, vital. And as we get closer to implementation date, you’ll need to make sure you carry out sufficient testing to discover and rectify all potential issues before the go-live date. The role of testing cannot be overstated in the implementation of any regulatory change of this magnitude.
Operational resilience – a continued focus
Against a complex geopolitical backdrop and high levels of systemic risk – stemming from reliance on critical third parties – the FCA notes that firms still face a high, and growing, level of cyber and operational resilience risk. Larger firms in scope of PS21/3 (such as dual regulated firms, Recognised Investment Exchanges (RIEs), enhanced SM&CR firms and entities under Payment Services Regulations or the Electronic Money Regulations) now must have arrangements in place before 31 March 2025. These need to enable the continuity of vital business services without causing intolerable harm to clients and markets, including:
- identifying important business services
- mapping critical processes
- setting realistic impact tolerances
- detecting and addressing weaknesses
- stress-testing processes
- most importantly, documenting these activities and justifying assumptions.
In addition, beefing up business continuity and third-party oversight and management frameworks is also recommended.
We can help
Whether through specialist technical advice, conducting a health check of your systems and controls, or bolstering your team with experienced resource, we can make sure your compliance set up meets regulatory expectations.