FCA Compliance Focus in 2024
Priority 1. Consumer duty
Once again, this is probably at the top of every retail firm's agenda for 2024, even if they don't have any legacy products in the scope of this July's deadline. Many firms completed their handover from project teams to business-as-usual teams last year but are starting to realise that there are still further enhancements that can be made.
Most firms will be spending time in the first half of 2024 making sure they are generating enough data that they can paint a good story for their boards in July. Those taking up the FCA's suggestion to get an impartial perspective on their implementation won't be waiting until it's too close to the board meeting to implement any recommendations, and they will be booking that sooner rather than later.
Priority 2. Fraud
Fraud landed on the agenda of every large UK business in October due to the new corporate criminal liability for a failure to prevent fraud. With the liability risk sitting extra-territorially, the new requirement triggered many firms to review their fraud policies and procedures, and they are now putting in place refresher training for all their staff.
The FCA is looking at the risk of fraud in terms of firms having inadequate systems and controls and risk management frameworks. They are also issuing stronger reminders and raising awareness of threats of cyber-attacks, which could potentially lead to consumer data being compromised, which will bring most of your internal discussions back to consumer duty.
These are all areas where your people are your best first defence, so investing in them and their knowledge and awareness about fraud and cyber attacks will keep your first line focussed on fraud. You also need to ensure that your risk and control frameworks have been reviewed and updated to reflect the current operating environment.
Priority 3. Interest rates
Since interest rates have risen and have become payable on accounts, many firms are discovering that their procedures are not working effectively or, worse, have overlooked updating their ways of working to consider interest. As a result, breaches in handling of interest on client money accounts are plentiful.
The FCA's expectation that interest earned on customers' accounts is passed on was well documented towards the end of 2022. We can expect the FCA to rigorously follow up on their Dear CEO letter to investment platforms and Sipp operators and read across the principles to other sectors.
Priority 4. Vulnerable customers
The combination of the cost of living and consumer duty brings the treatment of customers in vulnerable circumstances right back into full view. Many firms conducted a full review of their processes as part of their consumer duty implementation, centralising some processes leading to improvements in consistency due to the introduction of specialist staff, better quality data, and better compliance monitoring.
In 2024, firms are prioritising the areas of greatest harm, such as customers in difficult financial circumstances, being more alert to customers seeking support and making outbound calls to customers who may be drifting into difficulty.
Priority 5. Data quality
During 2023, the FCA hired a range of data analytics, data scientists, and synthetic data experts to support its shift towards becoming a data-led regulator. As those specialist skills start being deployed, you can naturally expect the data that you submit and exude to come under new scrutiny.
It is critical that any data you submit to the FCA is of high quality. This means ensuring that your governance plays a strong role in ensuring you are submitting high-quality data. It also means that your supervisors are effective in how they supervise and oversee people with responsibilities for data creation, collection, preparation, storage, and usage.
Many firms are just starting to realise that there are different people with responsibilities for each stage of the data life cycle and to clarify their reasonable steps with this in mind.
Priority 6. Operational resilience
The 31 March 2025 is fast approaching, and we can expect the FCA, prompted by the PRA, to start reminding firms about the impending deadline. That is likely to involve a series of outreach by the PRA and FCA to ask firms to send their evidence of the progress they are making to bring their important business services within their defined impact tolerances.
The most obvious items to test are lessons learned from testing and evidence of governance and challenges around those results.
Priority 7. Speed of action
The National Audit Office review of FCA last year concluded that the FCA has been far too slow to take action. Citing the three years that it took FCA to take enforcement action against illegal operators of crypto ATMs as an example.
The FCA is required to respond to that very public criticism and can only do so by speeding up its enforcement action. So, in 2024, look out for more final notices from enforcement and perhaps quicker interventions when they see something that is not right.
Priority 8. Investment advice regime
The FCA and government continue to consult on proposals for a new core investment advice regime. This aims to provide access to investment advice for mass market consumers who have straightforward financial needs which are broader than simplified advice such as stocks and shares ISAs.
That new regime is really starting to take shape, and in 2024, we should start to see a clearer framework and roadmap towards achieving that in order to close the advice gap.
Priority 9. Cryptoassets
The prevalence of scams and frauds in the cryptoassets sector will continue to draw the FCA's focus. We started looking at firms' compliance with the travel rule in 2023, and we can expect their focus to shift towards testing compliance with anti-money laundering rules in 2024. Such as Know Your Customer (KYC) and Source Of Wealth (SOW).
Additionally, the FCA's financial promotions team will be scrutinising the adverts issued by Cryptoassets firms, looking to ensure those adverts have been approved by a section 21 approver and meet FCA standards. We can expect to see some enforcement activity off the back of this.
The FCA has also been very clear that they expect cryptoasset firms to comply with consumer duty. Warnings issued by the FCA in 2023 to the cryptoasset sector suggest that enforcement action here is also very likely in 2024.
Priority 10. Payment services
The FCA has been taking an active interest in ensuring that under the CASS rules, only deposit takers are used to hold client money. It seems some firms have mistakenly deposited client money with a payment services firm that is not a deposit taker. So, no FSCS coverage was provided. Look out for some strongly worded warnings from the FCA about this.
Want to learn more about FCA Compliance?
We have created an SMCR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of FCA Courses.
We also have over 100 free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.