The FCA and PRA are risk-based regulators. They allocate their supervisory resources in proportion to the risks posed by a particular firm. Being a regulated firm in the UK is as much about understanding and taking responsibility for the risks in your business as it is about following the rules. The FCA and PRA expect you to have effective systems and controls in place which reflect a thorough assessment of the risks posed by your firm.
There are many reasons you may be contacted by the regulators and asked to provide information. They’re not all sinister. But it’s worth understanding why they are asking, and being as cooperative as possible. Whatever the reason you’ve been contacted, we’re here to help.
The vast majority of regulated firms do not have a dedicated supervisor. This means that the window through which they view your firm can be both narrow and opaque. In theory a firm’s “scope of permission” tells the FCA what you do, but in practice this has limitations. Many firms don’t actually do everything they have permission to do – or only use some permissions to a very limited extent. This lack of clarity can raise questions that the FCA simply doesn’t have answers to. So it will get in touch. But it isn’t normally something to worry about and you should find the regulators open in relation to their reasons for asking.
Each year the FCA sets out its strategy and key areas of focus. Part of its approach is likely to involve ‘thematic’ work. It will identify a spread of firms associated with the theme in question (such as holding client money or trading options) and review these firms as a project. Often this will start with asking a broad range of firms to submit a questionnaire and go from there. Although receiving a questionnaire in itself isn’t a sign you’ve done something wrong, it may be a sign that you are under a greater degree of scrutiny. Thematic reviews can ultimately lead to further investigative work, skilled person reviews or enforcement so it’s best to offer your full cooperation.
The largest firms will have a dedicated supervisor and will be used to reasonably intrusive supervision. Degrees of contact range from every few months to almost continuous. Subjects can cover anything from financial stability and governance to conduct and financial crime. And interactions can happen at every level from Chair down so it’s worth making sure everyone involves knows how to respond.
If the regulator calls, we can help
Of course, you may also be contacted out of the blue, for example in whistle blowing cases. Whatever the reason you’ve heard from the regulators, we’re here to help. Many of our team have been regulators themselves in the past, or been on the receiving end of attention from the FCA or PRA themselves in previous in-house roles. We talk to the regulators regularly – whether it’s to help clients through authorisations or other applications, or support regulatory reporting. And our role as a skilled person for s166 work means we have a very clear understanding of the regulators’ expectation.