First published by the CCTA in December 2017
In the August 2017 Regulation Round-up, the FCA announced that in the year to 30th June 2017, it had cancelled the permissions of over 200 firms. The bulk of these were for having breached COND 2.5; the suitability criteria under the threshold conditions.
It’s clear that gaining authorisation is just the start of the regulatory journey, and delivering against ongoing compliance commitments is equally as important as obtaining authorisation to operate in an FCA regulated market.
The regulator expects all firms to be ready, willing and organised to comply with regulatory requirements and standards once authorised, so the onus is on firms to demonstrate that they conduct their affairs in line with key regulatory principles.
Providing the suite of basic information required by the regulator is just one consideration of many, and this recent cancellation of permissions begs the question more generally; how should a consumer credit firm be operating in the FCA-regulated environment to ensure it is compliant? As well as ensuring the suitability criteria are met (which, apart from being vital, will be seen as an indicator of a firm’s overall attitude to compliance), there are some key behaviours that consumer credit firms should display to demonstrate good conduct.
Interaction is key
As far at COND 2.5 goes, communication with the regulator is a crucial factor when it comes to post-authorisation success, and shows the clear willingness of a firm to ensure that compliance takes its place alongside commerciality at the top of its business agenda.
Amongst other things, open and honest communication includes:
- Ensuring all information held on the FCA systems is up to date and accurate. This includes; registered address, principal place of business, contact numbers and email addresses
- Submitting regulatory returns on time and paying all FCA fees, including periodic fees, levies and any late payment fees, by a given deadline
- Providing all information requested by the regulator on time
Where a firm is unable to meet a deadline for a legitimate reason, they can contact the regulator at their earliest convenience to tell them the reasons why. The FCA values openness and honesty, and it’s likely this will be used as a measure of the integrity of an individual and /or firm.
Firms should notify the regulator if authorisation is no longer needed and apply to cancel or vary permissions as appropriate. This is to avoid an enforced cancellation of permissions and a final notice being published on the FCA’s website. This may affect reputation and future relationships with the regulator and the financial sector at large.
Since the financial crisis, the regulator has adopted a customer-focused approach to supervision. Regulatory principles state:
‘A firm must pay due regard to the interests of its customers and treat them fairly’.
Some behaviours that indicate this principle in action include:
- Actively seeking customer feedback and considering this when developing strategies
- Gathering management information (MI) and using the information gathered for consumer benefit
- Ensuring policies, processes, staff performance and reward schemes are being developed with the fair treatment of customers in mind
- Ensuring products and services (including advice) meet the needs of targeted customers
- Where advice is given, ensuring that the process is robust, and consumers have access to appropriate information to enable them to make informed decisions
- Ensuring all mandatory policies (including a vulnerable customers policies) are in place and enforced
- Adopting a proactive and not a reactive mindset to consumer protection
- Instilling robust governance and compliance monitoring programmes
Additionally, a firm must conduct its business with due skill, care and diligence, and must ensure:
- Appropriate due diligence is conducted on new hires
- After-sales processes are adequate, and long-standing customers are treated fairly
- All staff are aware of their regulatory obligations and are trained on conduct risk
- Customers are treated fairly throughout their customer journey and interactions with the business
All of this is vital to ensuring an FCA-regulated firm treats its customers fairly. However, sitting across all of this is the need to be able to provide evidence that the above elements have been considered. Firms that do not document their customer-centric approach may be unable to produce sufficient evidence to the regulator to this effect, and may therefore fail to achieve the full benefits of their compliance work.
Good culture is driven from the top
The FCA’s focus on culture and governance remains at the forefront of its approach to supervision. The regulator will continue to focus on drivers of poor culture, looking at how firms’ governance structures are facilitating their ability to provide good customer outcomes. So irrespective of a firm’s size, target market or business activity, it’s important that good culture is embedded in the firm’s strategy and is driven from the top.
For newly authorised firms, understanding what this means to their specific organisation, and how best to demonstrate this to the regulator, is a good place to start. Some activities which demonstrate a good top-level approach in this area include:
- Determining and documenting an appetite for risk, with potential risks falling outside of these bounds being mitigated with specific and demonstrable actions
- Undertaking a risk assessment that examines the business model against the risk appetite in key areas in order to identify and react to excess risk. How a firm reacts to identifying excess risk in its business model is the key challenge here; being able to evidence a documented risk assessment alone may not be effective
- Giving clear consideration to the firm’s values, and how the its business strategy will allow it to uphold its values
- Ensuring complaints processes work for customers, and that rules around complaints are incorporated into your approach – aside from being an important area of compliance, how complainants are treated is a strong indicator of culture
- Undertaking proactive forbearance – similarly, how firms treat customers in arrears is prominent on the regulatory agenda. A firm taking proactive measures to ensure customers falling or potentially falling into arrears are supported will demonstrate their good culture
Ensuring all senior managers have a good understanding of the business, including how frontline, middle and senior management operate (including the specific risks inherent in their business areas and their responsibilities) is also essential. Being able to present a consistent (and again, documented) articulation to the regulator of senior manager responsibilities is a vital pillar of compliance. The Senior Managers and Certification Regime (SM&CR) will mean that mapping out the responsibilities of senior managers will be a regulatory imperative.
This – along with making sure systems and controls are robust, documented, consistently implemented and reviewed on a regular basis – will help a firm demonstrate its good culture.
Embracing the challenges of FCA compliance
The regulatory environment is ever changing. Now more than ever, firms are feeling the impact of this changing landscape. Regulation, such as new proposed consumer lending rules and SM&CR, are just some of the changes consumer credit firms are facing. Ensuring the basics are in place and that the firm meets the suitability criteria under the threshold conditions is a vital requirement, and is likely to be seen as a marker of a firm’s attitude to all areas of compliance.
One way a firm can maintain a contemporary view of prevailing requirements is through membership of trade bodies. These trade bodies provide great insight and give firms the chance to share views and discuss topical issues, enhancing the approach of individual firms and the sector as a whole.
Understanding that there are no short cuts or ‘single approaches’ to incorporating regulatory change is the key to successful life after authorisation. Regulation is subject to interpretation, and appropriate implementation for one firm may not necessarily be appropriate implementation for another, due to the unique set of risks each firm is exposed to. Firms focusing on customers, culture, communication, documentation and a clear view of risk are invariably well positioned to achieve compliance.