Compliance Digest - 24th May 2024

This week came with the announcement that the General Election will be on 4th July.  Will a new Government continue to deliver the ‘Edinburgh Reforms’? 

Welcome to this week’s Compliance Digest.  Here is a selection of issues that were highlighted in my various industry news feeds over the past seven days.

• Implementing the Consumer Duty for closed products and services by 31 July 2024

• Financial Crime Guide Updates CP24/9

• Citigroup fined £33.9 million by the PRA and £27.8 million by the FCA

• Retirement income advice thematic review (TR24/1)

Feel free to share this Blog within your firm or industry network.

Implementing the Consumer Duty for closed products and services by 31 July 2024

In a Dear CEO letter, the FCA has reminded firms that the Consumer Duty extends it reach to closed products and services from 31st July 2024.  The letter covers five areas that firms with closed funds and services should already be considering.  This list is not exhaustive, but draws on the FCA’s supervisory insights, together with feedback given to it through its engagement with firms, trade bodies and other stakeholders:

1.    gaps in firms’ client data

2.    fair value

3.    treatment of consumers with characteristics of vulnerability

4.    gone-away or disengaged clients

5.    vested contractual rights

These themes should not come as any surprise.  The FCA understands that data gaps, vulnerability and fair value are likely to be the most challenging for Consumer Investment Firms.  The letter sets out action prompts for firms to consider assisting their implementation plans.  This is not designed to be an exhaustive list, and the FCA expects you to consider all issues that may be relevant to your firm.  Even if your firm is not impacted by the closed funds deadline, there are prompts that may be relevant for you to consider within your own firm.

If you would like Compliance Matters UK Limited to review your Consumer Duty programme, please contact us.

Financial Crime Guide Updates CP24/9

The FCA published CP24/9 Financial Crime Updates in April with comments requested by 27th June.  The proposed changes are in six areas:

• Sanctions: Post Russia’s illegal invasion of Ukraine in 2022, the FCA conducted extensive assessments of firms’ sanctions systems and controls.  It proposes to update this section to reflect what it and firms have learned.

• Proliferation Financing (PF): The guidance is being updated to ensure PF is explicitly referenced throughout the Guide where appropriate, and to highlight a 2022 update to the MLRs which requires firms to carry out PF Risk Assessments.  

• Transaction Monitoring: The FCA proposes to set out some key guidance for firms on how they can implement and monitor transaction monitoring systems and support responsible innovation and new approaches, such as use of Artificial Intelligence.

• Cryptoassets: Cryptoasset businesses registered under the MLRs have been subject to FCA supervision for AML purposes since June 2020.  The FCA proposes to make explicit reference that Cryptoasset businesses should consult the Guide.  

• Consumer Duty: The CP proposes that the Guide makes clear that firms should consider whether their systems and controls are proportionate and consistent with their obligations under the Duty.  

• Consequential Changes: The FCA is looking to make consequential changes to the Guide, including replacing expired links, outdated references to European Union rules and refreshed case studies drawing from more recent FCA enforcement notices.

The FCA has operational objectives to:

• protect consumers from bad conduct

• protect the integrity of the UK financial system

• promote effective competition in the interests of consumers

The fight against financial crime is integral to these objectives.  The Financial Crime Guide does not contain Rules, it contains guidance and examples of good and poor practices which are derived from its own work and guidance from the JMLSG and FATF. 

It is important that you have robust policies and procedures to reduce the risk that your firm will be used to facilitate financial crime.  Compliance Matters UK Limited can review these and your systems and controls to ensure that they meet industry best practice.

Citigroup fined £33.9 million by the PRA and £27.8 million by the FCA

The Prudential Regulation Authority (PRA) has fined Citigroup Global Markets Limited (CGML) £33,880,000 for failings in its trading systems and controls during the relevant period of investigation, being between 1 April 2018 and 31 May 2022.  FCA fines CGML £27,766,200 for the same reasons.

In a press release, the FCA has confirmed that failures in the firm’s systems and controls led to US$1.4bn of equities being sold in European markets when they should not have been. 

On 2 May 2022, a CGML trader had intended to sell a basket of equities to the value of US$58m. The trader made an inputting error while entering the basket in an order management system. This resulted in a basket to the value of US$444bn being created. CGML controls blocked US$255bn of the basket progressing, but not the remaining US$189bn which was sent to a trading algorithm.  The algorithm selected was designed to place portions of this total order to be sold in the market over the rest of the day. 

In total US$1.4bn of equities were sold across European exchanges, before the trader cancelled the order.  This coincided with a material short-term drop in some European indices which lasted a few minutes.  

The FCA Final Notice can be read here.

The PRA press release confirms that it has fined CGML £33,880,000 for failings in its trading systems and controls during the relevant period of investigation, being between 1 April 2018 and 31 May 2022.  Sam Woods, Deputy Governor for Prudential Regulation and Chief Executive Officer of the PRA, said:

“Firms involved in trading must have effective controls in place in order to manage the risks involved.  During the relevant period, CGML failed to meet the standards we expect in this area, resulting in today’s fine.”

Throughout the relevant period, CGML received repeated supervisory communication from the PRA on the need to strengthen its trading controls.  Notwithstanding this engagement and the remediation work CGML undertook during the relevant period, weaknesses in trading controls persisted.

The PRA Final Notice can be read here. 

Robust systems and controls in all areas of your business are essential for all FCA and PRA regulated businesses.  Whilst I am not suggesting that yours are in any way deficient, Compliance Matters UK Limited can carry out a review and give you comfort that your systems and controls meet regulatory best practice.

Retirement income advice thematic review TR24/1

The FCA has published its thematic review following the retirement outcomes review of 2023.  The findings are drawn from a representative sample of 977 firms who responded to a data survey, and a desk-based review of the advice models and advice files of a nonrepresentative (FCA’s word) sample of 24 firms. 

The review of advice models revealed a mixed picture across the firms we reviewed.  Some firms had evolved their approaches and adapted to the post-freedoms landscape.  They had clearly detailed processes, specific training on decumulation and used a range of tools to help illustrate complex information for clients.  The FCA found some examples of good practice where the advice and services delivered were clearly designed to meet the needs of clients in decumulation.

The headline areas for improvement are:

• Income withdrawal strategy/methodology

The FCA expects firms to use of cashflow modelling to demonstrate if the withdrawal rate is sustainable.  To calculate the withdrawal rate, advisers need to carry out a robust expenditure analysis with the client.  This can be used to establish if basic essential expenditure can be addressed with any guaranteed income.

• Risk profiling The FCA has set out clear requirements for risk profiling which firms must follow, and published final guidance on how to establish the risk a client is willing and able to take in making a suitable investment selection.  This means firms should assess capacity for loss (CFL) consistently, in addition to attitude to risk (ATR), to help identify suitable solutions for their clients.

Some firms were not assessing CFL for clients.  Failure to consider CFL in decumulation means firms may not be correctly identifying suitable income or investment-based solutions.  This could lead to clients taking on more risk than appropriate and enduring reductions to their income that they cannot withstand.

• Advice suitability

Firms are required to get the necessary information about clients to assess suitability before making a personal recommendation - KYC.  Establishing sufficient information about key areas of a client’s personal and financial circumstances helps firms show they have properly considered all relevant factors about the client.  So, fact finding should be complete, with no gaps, inconsistencies or missing relevant information.  It is a truism that people like talking about themselves, you just need to ask the right questions to get your client to open up.

The FCA had particular concerns around the suitability of the advice given in seven files.  The issues identified included loss of guarantees and features, penalties incurred and unnecessary charges or tax.  Some clients were also not given information about relevant options.

The review highlights seven deficiencies in KYC and records:

a.    potential vulnerability was not identified, recorded, or explored even where information on file suggested vulnerability may have been present

b.    knowledge and experience of investments and understanding of risk was either recorded at a high level, inconsistently, or not supported by the information on file

c.    expenditure analysis was not recorded or completed so it was not clear what the minimum income need was or what proportion of this was for essential (nondiscretionary) expenditure

d.    information about wider financial circumstances, for example, other pension provision and the state pension was missing

e.    income, including any lump sum capital needs were not quantified or the timeframe for which income was required was not stated

f.     future lifestyle changes were not explored or recorded, for example, when a partner would retire/receive a pension or how objectives or income needs were likely to change

g.   it was unclear whether information relating to the risk of capital erosion, the potential for annuity rates to be worse in future, or that income levels might not be sustainable had been disclosed

• Periodic review of suitability

Where clients are paying for ongoing advice, firms should clearly confirm the details of the ongoing service, its associated charges, and how clients can cancel the service and stop payment of associated charges.  Firms should not charge clients for services that are not delivered.  In the data survey, some firms indicated that some of their clients had paid for but did not receive an annual/ongoing review.  Not all firms were able to give this data as it was either not measured or not recorded centrally. 

The FCA expects firms to track and monitor when review meetings are due and identify whether any are missed.  Where firms do not measure key information or are not able to access this easily, they may find it more difficult to demonstrate the delivery of good client outcomes.  For clients in decumulation there is a higher likelihood that they have characteristics of vulnerability.  So, it is important that firms have a plan to ensure services are proactively delivered.

• Control framework

Firms must take reasonable care to establish and maintain appropriate systems and controls over their business.  This should include providing their management with information to identify, measure, manage, and control risks relating to regulatory concerns, for example, the fair treatment of clients.

Where firms were involved in the desk-based review, a number also had difficulty providing fully completed advice registers.  This meant the FCA did not receive a full record of advised transactions from which to select advice files for review.  From the advice registers the FCA received, it identified inaccurate or inadequate MI for over half of the firms.  In several instances, the FCA found advice registers were so inaccurate that the advice scenario for files it received did not match what was recorded.  Where the identified concerns with advice registers, it noted:

a.    the recommended solutions were not recorded which made it difficult to identify transactions that might pose higher risk of client detriment

b.    the ceding scheme arrangements were not shown so the arrangement the client had held before the retirement income advice was given was unknown

c.    the ceding scheme provider names were missing so it was not possible to identify plans that might have held underlying guarantees or safeguarded benefits

d.    where ceding scheme provider names were recorded, any ceding plan features such as underlying guarantees or safeguarded benefits were not always noted

e.    the type of advice, initial or ongoing, was not always recorded which made it difficult to select files according to the type of advice given

f.     the level of initial and ongoing advice fees was not always shown

g.    it was unclear whether files had been quality assurance (QA) checked.

These are broad themes from the review which also contains examples of good and poor practice that firms should take note of when reviewing their own procedures.

Compliance Matters UK Limited can help with a gap analysis of your systems and controls and can assist in implementing remedial action where appropriate.  Please contact us if you would like our help with an assessment for your firm.

Ian Ashleigh