Following reviews of the general insurance and investment management sectors, as well as lessons from the Greensill Capital report, the FCA has identified the AR regime as an area of compliance weakness. The regulator is looking at this closer, and considering reforms through a consultation paper. Final rules are expected by the end H1 2022.
The consultation focuses on three areas of change; notification and reporting, due diligence, and on-going oversight including annual reporting, and a discussion on regulatory hosting. In this article we will focus on amendments to the FCA’s approach to principals’ due diligence and AR oversight, as well as new reporting and self-assessment requirements.
We've observed instances where firms must improve their AR management, including where:
Firms should be prepared to review and improve their AR frameworks. This could mean investment or a reallocation of resources to ensure compliance with the new rules and guidance.
Firms are already required to carry out due diligence prior to appointing an AR by assuring that they're solvent, is suitable to act for the firm in that capacity and has no close links likely to prevent effective supervision. The principal must be able to meet its threshold conditions and have adequate controls and resources, as well as be ready and organised to comply with all applicable AR regime requirements.
The FCA is introducing a new requirement to the due diligence process. The principal will have to ensure that the AR’s activities do not, or would not, result in undue risk of harm to consumers and market integrity. This additional obligation is in line with the consultation papers issued on Consumer Duty.
When thinking about how to undertake this additional assessment - if not already considered - the principal should consider its existing conduct and vulnerability framework to ensure that their assessment is consistent with their customer risk profile.
The FCA is also proposing enhanced guidance. This should remind the market on the regulator’s expectations regarding the assessment of AR partners, directors, management competence, and capacity. This assessment has been made a separate section of the guidance rather than being part of the fit and proper section.
Firms must assess if they have sufficient experience, knowledge, skills, training and time. It's essential to ensure that the AR has sufficient capacity to manage and oversee the regulated activity it carries out on behalf of the principal. In assessing this, the principal should consider what their expectations would be if the roles were undertaken by their own employees.
Firms should also consider the size of the AR to ensure that the principal can effectively manage conflicts of interest, AR oversight and the remediation of potential issues. When assessing its capacity to assess the AR, the level of expectation should be the same as if the firm was undertaking the activity themselves and was carried out by employees.
During the due diligence process, the principal needs to consider the oversight arrangements to put in place to continue complying with its regulatory and legal obligations. If it considers that it will not be able to establish robust oversight arrangements, the AR should not be appointed.
Principals are already required to oversee the activity carried out by their ARs. The FCA is providing further guidance on how firms should go about undertaking such oversight and introduce a minimal annual assessment. The oversight should include, among other requirements:
The FCA has not materially amended its section on contractual requirements, apart from including the right to terminate when the principal is no longer able to oversee the AR. The principal should ensure that the scope of the arrangement is clearly established, service levels clearly documented, and that management information quality and frequency is sufficiently detailed.
In practice, the scope of arrangements often increases over time and arrangements are not updated. This is an area that needs appropriate focus. The principal needs appropriate recourse in the event of issues with the AR.
The FCA is enhancing its guidance on arrangement termination by providing further examples of where it would expect principals to consider the termination of AR arrangements. The principal should consider terminating the relationship in the following circumstances:
If the principal decides to end the arrangement, reasonable steps should be implemented to ensure an orderly termination that mitigates customer harm. Firms should include the lack of receipt or delay in receiving information from an AR as part of the issues that must be resolved satisfactorily and promptly. The lack of responsiveness from ARs in this area is often ignored.
The FCA is establishing a new section to SUP 12.6A assessment of compliance. These new requirements focus on oversight by the governing body. This includes monitoring the principal’s ARs - excluding introducer appointed representatives (IARs) - by introducing review and approval requirements by the governing body at least on an annual basis. This will ensure that each AR is solvent and is suitable to carry out activities for the firm, assess whether the controller, director, and managers of the AR are fit and proper and have appropriate ability to carry out regulated activities, and make sure the principal has sufficient and appropriate controls and resources to oversee each AR.
The governing body will have to approve reviews of ARs in the event of:
Records of the above review and approvals will have to be retained for at least six years from the date of the governing approval. This also applies to the self-assessment mentioned below.
The FCA is imposing an annual assessment, however principals should consider based in the volume of AR and their risk profile, if more frequent reviews should be considered, or if this annual review and approval should be considered in a staggered manner to support appropriate oversight by the governing bodies.
The FCA has called on firms to self-assess their compliance in recent consultations, with applicable requirements on the model used in the anti-money laundering regulation (MLRO) reports to the board. However, the FCA has not clarified who will have to produce the self-assessment to the governing body for review and approval on an annual basis.
The principal should at an early stage define who within its senior management team will be responsible for producing such reports and the impact of such allocation on the relevant individual(s) statement of responsibilities. The self-assessment will have to be a written document, including as a minimum the firm’s initial assessment and further work to confirm on a continuous basis:
The self-assessment must include elements relevant to IARs and will have to be made available to the FCA on request.
Principals should examine how they will comply with the compliance assessment and self-assessment requirements. They must develop, document and communicate appropriate methodologies. This work is often underestimated and under-resourced, leading to difficulty once requests are made to demonstrate compliance.
Principals should assess their ARs and their internal culture to ensure that customer outcomes are at the core of their business model and decision making.
Principals should also consider how these new requirements will impact their governing body’s oversight of the organisation.
We've observed increased expectations toward governing bodies’ review and approval as regulators have established self-attestation requirements in several areas. Producing such reports is resource-intensive and can add to the number of documents requiring board sign-off. Firm should consider how these new expectations influence the board agenda to ensure that appropriate time is given to consider such reports.
Considering the level of additional guidance provided by the FCA, firms should undertake gap analysis of their current due diligence and ongoing oversight to ensure that they meet regulatory expectations and include new requirements. The review of your AR framework should include all requirements.
You should act sooner rather than later as the final rules will be delivered quickly.
Sign up for our webinar on 23 February for additional insight and guidance on preparing for the AR regime changes.
If you want access to leading advice, consultancy and support, we offer a range of services across regulatory compliance for financial services. Contact Alex Ellerton or David Morrey for more information on our services.