The requirement for companies to collect and report quality data has never been greater, with the UK’s Financial Conduct Authority (CIF) results-driven strategy seeking to leverage business data to achieve its plans. In this article, we explore FCA’s data strategy going forward and what it means for businesses.
FCA’s data strategy
FCA decided to become more efficient by “mine data, convert it into actionable intelligence and improve our real-time understanding of what is happening now and, importantly, emerging risks”. Aiming to become a more forward-looking regulator, it will use improved data and digital capabilities such as data dashboards to identify emerging issues. This ambition is shared by the Prudential Regulation Authority (ARP), which continues to build and transform its data capabilities and is piloting new tools.
The FCA hopes to drive further cultural shifts in the industry and plans to track this via company data. For example, it collects data from a sample of companies to understand their levels of diversity and the types of data collected.
Besides collecting data for surveillance purposes, the FCA is interested in how companies themselves collect and use data. Earlier this year he announcement market studies examining access to and use of wholesale financial market data. Together with the Bank of England, it is also considering the use by businesses of data analysis and AI and whether it requires additional regulation. A joint working paper on AI is expected later this year, following its publication on the subject earlier this year.
Use data to intervene and take early action
The FCA plans to be more data-driven in its efforts to stop certain companies from offering financial services in the first place; and when it does, use the data to more quickly restrict the financial services offered to consumers.
It develops an automated approach to identify simple violations of threshold conditions. In addition, FCA wants to rely more on tools that “have an instant effect in the event of immediate harm rather than launching more comprehensive and longer investigations”. For example, better use automated web scraping to detect fraud.
However, the FCA will need to ensure that it strikes an appropriate balance between speed and quality.
In the area of ESG disclosures, the FCA is developing metrics to measure the impact of: (i) misleading marketing of ESG products; and (ii) increasing the quality and quantity of climate information. It will monitor companies and take enforcement action based on how companies manage impacts, risks and opportunities related to “ESG issues”. He tries to “develop new interventions if neededwith more FCA personnel empowered to act. Wealth managers should be particularly alert to this strategy as the FCA has previously provided examples of poor practice in this sector, which seems particularly vulnerable to future intervention.
Another area of continued focus is operational resilience. FCA’s Technology, Resilience and Cyber department monitors the impact of operational disruptions on companies’ important business services. Recognizing the inevitability of such disruptions, FCA wants to see a measurable reduction in the frequency and severity of such disruptions. Businesses must be prepared to demonstrate that they are employing measures to recover quickly while learning from and preventing these disruptions.
Not everything can be quantified
The FCA is still considering how best to measure market abuse/misconduct cases and outcomes. In the meantime, he is undertaking a number of assessments of companies’ anti-fraud systems and controls.
The FCA is also reviewing the way it oversees principal firms and appointed representatives (ARs). It is exploring measures to improve managers’ oversight of their RAs, as well as increasing the information provided to the FCA, with the aim of raising standards across the industry. With primary firms generating 50-400% more complaints and oversight cases than other directly licensed firms, the FCA will closely monitor complaint volumes. He also consults on changes to increase the amount and timeliness of information he receives about principals and their RAs. Therefore, companies can expect the FCA to step up its surveillance, using existing and new data to target its interventions.
FCA’s data strategy is a laudable step with suggested metrics for internal measures of success. However, the focus is on perception as a measure of concepts such as value, effectiveness of interventions, and market integrity, with a lack of detail on what any of this actually means in practice.
The FCA’s approach is likely to put more emphasis on the quality of regulatory reporting, an issue the PRA has recently focused on from an enforcement perspective. Companies should take this into account to avoid: (i) similar FCA enforcement scrutiny; and (ii) become a false positive for further attention due to poor data quality.
While regulators seem to be more preventative and interventionist, there are a number of things companies can do to make sure their home is in good shape.
- Review D&I strategy, data and governance.
- Analyze your customer outcome measures – the FCA business plan refers to using consumer perceptions as a measure of harm.
- Consider an ESG implementation approach.
- Review operational resilience frameworks and incident management protocols (including associated customer communication manuals).
- Examine the company’s regulatory relations strategy in light of a more assertive regulator.
- Seek early support if you find yourself subject to a formal regulatory review, for example, a qualified person review.