Ten years after the financial crisis most post‑crisis prudential policies have now been decided, and banks in particular are now much better capitalised and more liquid than before the crisis.

Nonetheless, regulatory scrutiny remains heightened across financial services. Firms need to be prepared to respond to the ever-changing focus of the regulator.

Our view of the change in IA focus from prior year to now:

Industry icons

Banking and Capital Markets


Investment and Private Equity

1.1 IBOR Reform

Overview The clock is ticking for firms using key interbank-offered rates (IBORs), such as LIBOR, and market participants exposed to them, due to the transition away from IBORs to Alternative Reference Rates (ARRs) such as Sterling Overnight Index Average (SONIA). The FCA will not compel the banks who contribute to LIBOR to continue to do so beyond 2021, meaning the viability of LIBOR continuing cannot be guaranteed beyond that date; other benchmarks such as Euro Overnight Index Average (EONIA) will also be reforming to €STR (‘Euro Short-Term Rate’) by 2022.

In June 2019, the FCA and PRA provided feedback to the market in their ‘Dear CEO Letter’ sent to large banks and insurers on LIBOR reforms. The focus of the feedback is on the identification and quantification of LIBOR usage and exposures and the management of risks associated with it. Whilst there has been tangible progress across the industry, a number of firms are yet to formalise their plans for the transition.

Working groups from each of the Central Banks for the UK, US, Eurozone, Switzerland and Japan have been tasked with driving consensus and establishing market standards to ease the transition.
IA's role Given IBOR’s extensive use in the financial markets and the significant exposures for market participants, IA should consider reviewing:
  • Progress of IBOR programmes and expected timing of complete transition.
  • Adequacy of work conducted to evaluate the financial impact across all product lines as a result of the switch from IBORs to ARRs.
  • Adequacy of stakeholder involvement, governance and approval of valuation methodologies and resulting implications (e.g. impact on hedging strategies).

1.2 Consumer Finance – motor finance and beyond

Overview There is greater regulatory focus on mainstream forms of finance and insurance. A recent FCA thematic review concluded that issues exist within both lenders and brokers arising from consumer borrowing to finance motor vehicles.

The regulator’s direction of travel is to investigate areas of potential consumer harm such as unfair treatment in rent-to-own, high cost short-term credit and insurance distribution channels which may represent established sources of income for many firms.

Unfair treatment or potential consumer harm, can manifest in a number of different ways:
  • Poorly designed products which do not consider the needs and circumstances of consumers.
  • Non-identification of potentially vulnerable consumers.
  • Unsuitable or unfit distribution channels which increase the risk of mis-selling.
IA's role IA should consider a review of sources of income within firms to identify areas where there could be considered to be unfair treatment of consumers, considering the risk and reward associated with these income streams.

Specific consideration should be given to:
  • Affordability assessments and lending decisions.
  • Review of commission element of premium income to ensure that customer value is not eroded by lengthy distribution chains.

1.3 Algorithmic Trading

Overview The finance sector is becoming increasingly automated, with many firms using or interacting with algorithms. The number of trading algorithms in active use has significantly increased in recent years. This trend is driving operational efficiencies, lowering costs and enabling firms to gain a competitive advantage.

There are specific requirements covering algorithms to ensure accountability and fairness in the use of algorithms. The specific requirements are set out in Markets in Financial Instruments Directives II Regulatory Technical Standard 6 (MiFID II RTS 6), in conjunction with various publications by the FCA, PRA and FICC Markets Standards Board (FMSB); these require detailed consideration by firms.
IA's role Assurance by IA should include a gap analysis of compliance with regulatory requirements and guidance, but should also consider:
  • The adequacy of the algorithmic trading control framework.
  • The adequacy of the approach algorithm validation.
  • Effectiveness of the governance structure for oversight of algorithms.
  • Effectiveness of testing and deployment of algorithmic trading.
  • Adequacy of the annual self-assessment process.
  • Controls over approach to real-time monitoring of algorithms.

1.4 Tax Compliance – FATCA and CRS

Overview With both the Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS) regimes now fully implemented and reporting in their third/fourth year, there has been a shift in focus by tax authorities from implementation to enforcement. In the UK, HMRC have opened the first enquiries into returns, while French tax authorities have opened compliance audits. Meanwhile, the Organisation for Economic Co-operation and Development (OECD) has requested that tax authorities report soon on enforcement efforts. This will likely lead to more formal requirements being set.
IA's role IA should consider a review of controls and governance over these regimes in order to be able to respond to any upcoming tax authority requests. IA should also consider a full review of a firm’s tax programme as compliance is largely untested in the majority of firms.

1.5 Tax Strategies and Responsible Tax

Overview Public and media scrutiny of firms’ tax affairs remains widespread. Tax authorities in many countries feel increasingly empowered to robustly challenge any perceived tax avoidance arrangements and tax is now firmly on the boardroom agenda. In addition to a focus on tax positions taken by firms and regulatory expectations, IA focus should also include controls and processes over tax advice given to customers to ensure associated compliance, financial and reputational risks are managed. The challenge for firms is to ensure compliance with the tax requirements.
IA's role IA has an increasingly important role to play in supporting the tax function to ensure it responds effectively to the regulatory change, in particular by carrying out periodic, targeted testing of the operation of controls over key tax risks. Taxpayers are expected to not only have adequate policies and processes in place to ensure correct tax compliance, but also regularly to test those policies and processes.

In addition to a focus on tax positions taken by firms, regulatory and therefore IA focus should also include controls and processes over tax advice given to customers to ensure associated compliance, financial and reputational risks are managed.

1.6 Operational Resilience

Overview Operational resilience is expected to be an increasingly important area of focus for the PRA and FCA over the next few years with regulators seeking to reduce the frequency and impact of operational failures that impact customers, markets and financial stability. This means making critical business services more resilient to the challenges that they face, including keeping pace with the rate of technological change and cyber threats. The PRA and FCA have released a discussion paper (DP1/18) outlining the approach they expect firms to take to improve their operational resilience and implement frameworks to support it. They expect to release a consultation paper later this year.

UK regulators are intervening in a small number of cases, and despite regulatory change still being in the discussion phase, have already requested that 40 small-to-medium sized firms to perform an audit of Management Information (MI) covering operational resilience reported to the Board.
IA's role IA’s scope should include:
  • Review of governance arrangements supporting the firm’s operational resilience work.
  • Review of the approach the business has taken to identify critical business services.
  • Review of impact tolerances in relation to critical business services.
  • Mapping of operational dependencies (e.g. people, system, suppliers and facilities) that support business services in order to identify concentration risks and single points of failure.
  • Assessment against the PRA’s expectations of communication plans.

1.7 Financial Crime

Overview The FCA’s view, as set out in their 2019-2020 Business Plan, is that the fight against financial crime requires a combined effort of sharing intelligence, data and technology. The Joint Money Laundering Steering Group (“JMLSG”) in the UK has set a good example of intra-agency cooperation and industry-led implementation of regulatory compliance. In the coming year, it is anticipated that the FCA will also continue to strengthen their partnership with the National Crime Agency and the Joint Money Laundering Intelligence Taskforce’s expert working group to identify and mitigate financial crime risk.

IA's role IA focus areas should include:
  • Assessment of the adequacy of actions and communications to reinforce the fundamental principles of management’s behaviour.
  • Conducting thematic reviews across the financial crime domain.
  • Review of governance framework over enterprise-wide risk assessment activities.
  • Assess whether the data analytics solutions adopted by firms are adequately designed, fit for purpose and effectively operated to address financial crime risks.
Did you find this useful?