Regulation in the time of COVID: regulating the future

Gavin Stewart Gavin Stewart

Regulation may have been impacted by lockdown, but it hasn't halted. Gavin Stewart looks at what's happened in the world of financial services regulation this week.

This week's series of blogs covers the FCA, PRA and BoE's plans for how they will operate in the future and what that means for your business.

GI, loyalty penalties, and the arc of history

With the Financial Conduct Authority's (FCA) recent confirmation of its measures to protect General Insurance (GI) customers from loyalty penalties, it's a good time to look back at how we got here, both the length of the journey and the twists and turns of how the regulatory process worked.

It's a saga that has lasted more than six years, and it has seen a considerable evolution of the FCA's policy, which has the potential, at least, to shift the regulator's stance profoundly. The origins go back further, but the best place to pick up this story is the FCA's 2015 consultation on GI renewals.

This consultation focused on "increasing transparency and engagement", and there was a related discussion paper on "smarter consumer communications", but the FCA was pushed into changing tack in 2018. At the time, Citizens Advice issued a "super complaint" against loyalty penalties in several markets, including insurance.

The package the FCA announced at the end of May is consequently far more about straightforward consumer protection, less about competition, less about disclosure as a remedy.

Even in 2015, the evidence that "transparency and engagement" were the solution to the renewal penalties experienced by loyal customers was a stretch. But there was arguably a degree of consensus that behavioural nudges and switching could make a difference.

With help from Citizens Advice, the FCA has now moved away from disclosure as a remedy in regards to GI loyalty pricing, but less so in its Consumer Duty proposals. The question for the future is whether it carries on moving.

Climate risk and globalisation

Last week, in the run up to the G7 Summit, the Bank of England's (BoE) governor made two important speeches on climate risk: on the Bank's role and on its work so far. Today sees the launch of the Climate Biennial Exploratory Scenario exercise (CBES).

Together with operational resilience and (emerging) financial crime, climate risk completes the trio of major external threats regulators have identified. I see this forming a core theme of the next decade of regulation.

Of course, there are layers of context to all this, including COP 26, the UK's related commitment to reach net-zero carbon by 2050, and Shell and Exxon both suffering major defeats by activist investors.

From a regulator's point of view, however, climate is, first and foremost, about risk management in its various forms. Much of the noise around regulatory scope creep and central banks diluting their core purpose is, therefore, misplaced.

It's also notable that key elements of the speeches were focused around the push for more and better transparency, and on the increasing roles of Basel, the FSB (Financial Stability Board) and the reliance on the Network for Greening the Financial System (NGFS), the central bankers' climate club, on whose work the CBES is based.

Reports of the death of globalisation have been much exaggerated.

Haste versus speed

The FCA's update to the Treasury Select Committee (TSC) on its Woodford investigation is a reminder that legal processes can often be lengthy, that the regulator's enforcement pipeline is packed, and that its wider ambitions to be more agile could easily be stifled by the reality of the issues it deals with on a daily basis.

Some of the delay might also be reasonably attributed to the desire for assurance that there are no loopholes in the investigation. Frustrating as it can be, there are good reasons for a regulator to have a low risk-appetite in such areas.

As an example, the further delay in the Swift Review of the FCA's supervision of interest rate hedging products (IHRP) highlights how long it can take to get to the bottom of questions about whether the FCA got it right on a particular issue.

The regulator's intervention on IHRP - itself a high profile example of the FCA being "fleet of foot" - began in 2012, and the Swift Review was commissioned in June 2019 with an original planned completion date in Sept 2020.

Of course the questions around the regulation of LF Woodford Equity Investment Fund are broader than the current enforcement investigation. But these wider issues typically need to wait for any enforcement cases to be concluded.

One of the most difficult challenges in leading a regulator with the extensive remit and powers of the FCA is maintaining a consistent and balanced 360-degree view. There's a temptation to focus solely on the new and an equally strong (but less appealing) requirement to fix legacy problems and learn the appropriate lessons (eg, LCF).

In this context, if the delay in the Woodford investigation leads to the right outcome, and effectively concludes the set of issues involved, then it will be time well spent.

Fastly and operational resilience

Regulators won't have been surprised by the impact of the recent Fastly outage, and will have been heartened, as evidently was the market, by the speed with which it was fixed.

They have long understood the extent of the dependencies and the concentration risk within the system, and the premise of their approach to operational resilience is that, inevitably, such incidents will sometimes occur, and that the emphasis should therefore be on firms' tolerance of disruption to their most important business services.

However, reading across from the Fastly incident into financial services, regulators will be more concerned that they, and potentially regulated firms, might not be able to sufficiently put their arms around the third-party providers who, especially in technology, are increasingly critical to the system's resilience.

This complexity of modern outsourcing, with its growing reliance on highly specialist providers, is properly recognised in the PRA's recent policy statement. But there are no obvious or easy solutions.

In many ways, the crux of the problem is the regulatory perimeter and the extent to which the operational resilience of regulated firms depends on entities that operate beyond it. Regulators, by definition, have no direct authority here and so need to rely on firms to identify and manage effectively the risks involved.

However, concentration risk, as it exists with the cloud and its related services (such as Fastly), is a further complication and almost impossible for individual firms to manage by themselves. Finding the right regulatory mechanisms to do so will be the catalyst for much discussion and (hopefully) inventive thinking over the coming years, but it could be a bumpy ride.

FCA business plan and legal risk

I usually avoid posting on FCA board minutes, on the basis that they are deliberately too high-level to interpret with confidence, and so it would be too easy to set false hares running. On this occasion, however, the April minutes provide a useful pointer towards the delayed business plan, now due in July, together with an ostensible shift in its attitude to legal risk that will be worth tracking over time.

Section 8, on the Budget, talks about the "broader fiscal issues facing the FCA", an unusual reference as the regulator's fee base is typically quite stable, aside from scope extensions that are financed separately. Almost certainly, these issues are a reflection of Brexit and COVID-19.

With Brexit, there's a trade off between firms who have downsized their UK operations or even exited, and (as a partial offset) those who have effectively expanded (eg, EU branches that have become UK incorporated).

Regarding coronavirus, the FCA has already told us that a significant chunk of firms is experiencing serious prudential problems, and many of these will have shrunk or be in run off. The net result will be a smaller fee base and some uncomfortable choices, especially if the regulator wants to invest in its "transformation".

Elsewhere, the minutes talk relatively extensively about the board's willingness to take more legal risk, and some commentators view this as a sea change in the FCA's approach. I'm personally more sceptical.

When the FSA was criticised at tribunal over the Legal & General case in 2005 (it won on the substance, but that mattered little), it triggered a seismic reaction - both internally and from politicians and media, and I would be surprised if the response was any different today.

The examples given - unclear law and imminent consumer harm - are relatively narrow, but I would still be surprised if the regulator pursued a high-profile case that it judged there was more than 20% chance it would lose.

To discuss these issues further, contact Gavin Stewart.