FCA letter puts wholesale banks on notice

The FCA’s latest Dear CEO letter to wholesale banks signposts a likely uptick in supervision in the sector and highlights the need to demonstrate your control environment is robust.

The letter, issued on 8th September, outlines the FCA’s priorities and supervisory programme for the sector and raises a range of concerns. Set against a background of market volatility, low growth, rising interest and inflationary pressures, and the increased interconnectedness of risks, the regulator reminds CEOs of their personal responsibilities under SMCR.

Recipients of the letter are expected to discuss these requirements with their Boards within two months. And Boards in turn are expected to discuss the contents of the letter and how it applies to their business, with the aim of agreeing actions or next steps.

The letter sets out a number expectations covering issues from LIBOR to diversity to AI to ESG. But for most businesses the greatest challenge is likely to be satisfying the regulators that your control environment is well embedded in the business, and is robust, effective and supported from the top.

Risk management

The letter notes that market stresses in the last 18 months have tested business models. In some cases, weaknesses in risk management have been highlighted which impact the FCA’s consumer protection and market integrity objectives. The case of Archegos Capital Management has been specifically highlighted to demonstrate this.

Firms are reminded to keep in mind the concentration of client risks and assumptions used in stress testing, and to ensure processes are updated as market events occur.

The FCA notes that many firms will have already taken action in this area and sets an expectation that senior management must be able to evidence how these actions have improved ongoing risk management, and more broadly that oversight of risk management is appropriate and underpinned by a strong culture.

The regulator will also undertake supervisory testing around new products and transactions to understand how well risk management improvements are embedded in firms. Ultimately, you should expect an increase in FCA engagement and information requests.

Control environment

Concerns about the impacts of the external environment and commercial interests on the quality of firms’ control environments are underscored in the letter. It expresses the FCA’s concern that firms may prioritise commercial interests over regulatory obligations, impacting the management of conduct risk. It also flags a blurring of responsibilities between first and second lines of defence as an area of concern, emphasising the need to ensure clarity of responsibilities between the two lines.

Boards and senior management play a pivotal role in setting a good conduct culture within their firms and are expected to be able to articulate how they do this. Senior management should take time to assure themselves that the control functions enable them to oversee the business appropriately, and report to the FCA if any material issues identified.

The FCA is increasing testing and in-person supervisory assessments on firms’ control environments, with a specific focus on financial crime, market abuse and conflicts of interest. The FCA specifically plans to assess the management of conflicts of interest, not just through policy review but also by testing outcomes. The work will be data led and firms can expect to receive information requests which will enable the FCA to select samples of firms for more detailed testing.

Operational resilience

The letter notes an increasing reliance by firms on third party service providers to support operational activities. These third parties can be subject to cyber-attacks that can impact the firms they service, threaten confidentiality of market info and, in cases where the third parties service several firms, the risks can become systemic. Remember that you are accountable for your own operational resilience and business continuity planning and it’s up to you to take ownership of the impact of third-party relationships.

The FCA expects prompt notification if a firm or any relevant third party is subject to a cyber-attack. It also expects firms to continue to review compliance with PS 21/3 – Building Operational Resilience and reminds senior managers to take lessons from operational resilience events, even if their firm is not directly impacted.

Organisational changes

If firms start to plan any organisational changes, for example, to how or where clients are serviced, the booking model or risk management arrangements, they should discuss these with the FCA before making any changes. The regulator will intervene if it sees changes that aren’t consistent with its objectives.

LIBOR transition

The FCA expects banks to continue to actively transition remaining contracts that reference USD LIBOR rather than relying unnecessarily on synthetic LIBOR. This should be done while always focusing on client and conduct considerations.

Consumer Duty

Wholesale banks are impacted by the Consumer Duty due to having direct retail relationships or manufacturing products that could be sold to retail clients. The FCA will be testing the implementation of the Consumer Duty, including assessing how well firms are considering the Duty as part of planning changes to activities or products.


The letter outlines an expectation for wholesale banks to be able to demonstrate that financing activities align with ESG transition plans, and that product and public commitments are delivered in practice. The FCA expects to have discussions with firms in the future focused on how well they’ve engaged with the Transition Plan Taskforce’s framework.

Artificial Intelligence

This is recognised as an area of rapid development in the document and one that could transform financial services. The FCA has stated that it will engage with wholesale banks on current and future plans in this area.

Diversity, equity and inclusion

In the FCA’s view, diversity, equity and inclusion are central to a healthy firm culture, as diversity of perspective and thought can lead to better judgements and decision making. A joint Discussion Paper published with the PRA and Bank of England in July 2021 proposed areas for potential policy intervention and the FCA expects to consult on these areas this year. The FCA will use supervisory work to understand what firms are doing to help accelerate change in this area.

Non-financial misconduct

Firms are expected to have controls in place to mitigate risk of all kinds, including non-financial misconduct risk, for example sexual harassment. If allegations of such misconduct come to light, the FCA expects firms to take them seriously and deal with them through appropriate internal procedures. The regulator will then assess the reports received and consider carrying out work to assess control effectiveness.

How we can help

We have considerable experience with helping clients set up their risk and control environment, from risk registers to frameworks.

We regularly advise on dealing with information requests from the FCA and can attend Board meetings or provide training to Boards and senior managers on the topics highlighted in the letter.

We can also help review risk assessments and control frameworks as well as assessing Consumer Duty implementation and ESG planning.