Platforms next in line for Dear CEO letter

Another Dear CEO letter dropped through the letterboxes of investment platforms earlier this month. The regulator has set out a number of areas where it feels platforms are lacking. If you’re not already addressing these issues, it’s a wake up call that the FCA are taking notice, and that under SM&CR they expect someone to be on the hook.

The FCA’s Dear CEO letter on their platforms portfolio strategy was sent out to firms on 6th February 2020, and follows the completion of the Investment Platforms Market Study in 2019.

The document, ‘Platforms portfolio strategy letter’, presents several areas where platforms may be lacking or require extra attention: technology and operational resilience, third-party outsourcing, conflicts of interest, the Investment Platforms Market Study and Brexit with SM&CR being a continuing theme throughout the letter.  We’ll take a look at each of these areas in turn.

Technology and operational resilience

Operational resilience is a key area of focus for the FCA at the moment, across all sectors following a number of high-profile system outages in recent years. In the Dear CEO letter, the FCA highlight the connection between operational resilience, business continuity and cyber security. They address the negative impact of service disruptions on the end customer as well as the risk to customer’s assets and data that poor protection against cyber attacks can bring.

There’s a clear expectation set out within the letter for firms to consider operational resilience in everything they do, whether appointing a new cloud data storage provider or migrating to a new technological solution (for example re-platforming). They also remind firms of their obligations to report incidents to the relevant parties including not just the FCA, but also the Information Commissioner’s Office, National Cyber Security Centre and Action Fraud (as appropriate).

Third-party outsourcing

We are seeing more frequent cases of firms outsourcing core business processes without establishing adequate oversight controls and this is reflected in the FCA’s letter. Outsourcing arrangements could include processes that underpin regulated activities (for example back office dealing or CASS processes), and critical or important operational functions (such as IT or cloud data storage systems).

It is vital that when firms use an outsourcing model, that they do not think that they can wash their hands of regulatory responsibility or oversight of the activity. We are seeing that in some cases, firms are failing to retain the skills and knowledge internally to ensure effective oversight of the outsourced activity. Similarly, we see instances of firms not understanding the services provided by the third party well enough to be able to understand the risks it brings, particularly in the areas of operational risk and resilience and business continuity.

SM&CR is a theme throughout the letter but in this area in particular, SMFs must remember that they are individually responsible for overseeing any activity that’s been outsourced in their area of responsibility.  This includes ensuring that legal agreements reflect the realities of the day-to-day service provided, while ensuring the SMF at the firm remains ultimately responsible. Clear service descriptions and service level agreements are needed to make sure that everyone understands what they’re responsible for and, most importantly, what happens when something goes wrong.

Conflicts of interest

Conflicts of interest is another key concern for the regulator, and this is discussed in the FCA’s letter. The FCA expects firms to take reasonable steps to identify all potential conflicts and have arrangements in place to manage them. Management of conflicts goes to the heart of what firms should be doing. Without adequate identification and management of conflicts, there is the potential for poor outcomes for clients, for example one set of clients being given preferential treatment or a client investing in products that have poor value for money.

The FCA highlights to platforms that when offering ‘Best Buy’ lists, the lists need to be created in an impartial way and that the firm should not be conflicted when making its selection, for example funds being selected based upon discounts rather than objective criteria. Processes to oversee the selection of funds should be clear and documented, include regular monitoring, and include the ability to deselect funds whenever required.

There are a few measures you should make sure you have in place:

  • Have adequate processes in place to identify and manage any conflicts that arise – or may be perceived to arise – reflected in a clear conflicts policy
  • Have a conflicts register to document all identified conflicts and how they are being managed
  • Where Best Buy lists are offered, documented processes should be in place for the clear selection of, monitoring of, and deselection of funds from the list
  • Have sufficient review and monitoring of conflicts from the first and second line.

Investment Platforms Market Study

The letter makes reference to the Investment Platforms Market Study. In light of the final report being published in March 2019, firms should already be actively considering what work they need to do to implement its findings and recommendations.  Since the report, the FCA has issued a suite of consultation papers and policy statements to support their findings in the areas of Transfers, Best Execution, and Information on Costs and Charges.

There are a number of expections in each of these areas:

  • Transfers

    New rules on transfers were published by the FCA in December 2019 in PS19/29. The Dear CEO letter makes clear that firms should be working their way through the policy statement and the outcome of the FCA’s review of progress on improving switching processes and start a plan to implement the changes. The letter encourages firms to get involved in the industry STAR initiative which is intended to improve switching processes to achieve better outcomes for clients. The FCA have set out their intention to review progress on this matter in 2022 so firms must ensure they’re ready for further scrutiny.

  • Best Execution

    The letter discusses the need for firms to have robust arrangements for ensuring best execution is achieved on an ongoing basis. Operating in accordance with a comprehensive best execution policy will give firms a good foundation for being able to demonstrate that they’re achieving best execution. The FCA highlight the need to have robust processes for oversight and monitoring of best execution processes.

    For platforms using single Retail Service Providers (RSP), they need to be able to demonstrate that a single RSP enables them to deliver the best outcome for clients. This should be considered in the context of the firm’s business model, including the size and volume of trades and instruments dealt with. The FCA calls for improvements to be made “where necessary” and as such, if firms can’t demonstrate that a single RSP enables them to deliver best execution to their clients, they should give serious consideration to whether they need to move to a multi-RSP set up. This of course comes with its own pitfalls for ensuring best execution is achieved as the firm will need to review best execution on a trade by trade basis, rather than taking a blanket approach. It is a balance that must be struck for the benefit of the clients.

  • Information on costs and charges

    The FCA highlight that the need to make it as easy as possible for customers to compare costs of different platform options is the key focus here. With this in mind, firms must be able to demonstrate how they comply with MiFID 2 requirements on ex-ante and ex-post cost disclosures.

Brexit

The FCA reminds firms that while the UK is in the transition period, until 31st December 2020 EU law continues to apply in the UK, including the ability to passport to and from the UK. The FCA letter highlights the need for firms to consider how the end of the transition period might affect clients and ensure that they are ready for 1st January 2021.

SM&CR

It’s only been a couple of months since the roll out of SM&CR to solo regulated firms, but it seems the FCA is not holding back from using its latest supervision tool. Ever since the FCA started the rollout, it has been consistent with the message that as an accountability regime, the SM&CR will put individuals under the spotlight. As SM&CR is mentioned multiple times across the different topics, this letter continues that theme.

SMFs need to be conscious of the fact that, as the named responsible individual, its quite plausible that the FCA might question them on oversight of their area(s) of responsibility. If found to be lacking, we can expect the FCA to expect corrective action, as a minimum. As such, SMFs need to ensure they have a holistic view of the area(s) for which they are responsible, looking not just at processes and controls internal to the firm, but also at any third-party relationships that impact their area of responsibility.

What should you do?

First of all, firms should read the Dear CEO letter and ensure that senior management, SMFs, and key individuals within the firm are aware of the FCA’s expectations of them. Where the firm feels that it could do better, appropriate remediation should be started as soon as possible.

It’s likely that firms have already started to make progress in several of the areas mentioned in the letter – particularly following the FCA’s Investment Platforms Market Study Final Report which came out almost a year ago. For those that haven’t already done so, they should review this report, take note of the findings in it and if necessary, take action to improve controls.

Underpinning all of this is SM&CR. Firms should be tuned into the fact that almost all areas in the business will bring obligations upon individuals under the regime. The onus is now on individuals to demonstrate their responsibility and accountability. Oversight of the business (both within and outside of the firm) should be comprehensive and evidence of oversight should be demonstrable. Having the correct processes in place to be able to show this oversight is crucial.

Menu