As we move towards 2024, internal audit is set to become an even more critical function. With the ongoing transformation of the business landscape, increasing regulatory requirements, including the Consumer Duty, and emerging risks, internal audit will need to adapt and focus on planning and preparing for the future.
This means developing a strategic roadmap that aligns with the organisation's overall objectives, identifying emerging risks and trends, and leveraging innovative technologies and data analytics to enhance the audit process. By taking a forward-looking approach, internal audit teams can play a vital role in driving business success and ensuring the long-term sustainability of the organisation.
Our quarterly internal audit hot topics will give you a thematic view across new and emerging risks on the regulatory horizon that's applicable across financial services. This will help you structure conversations and help define your own internal audit plans.
Our 2024 audit risk inventory explains the key priorities for 2024 that are intended to provide a useful reference point from which to drive conversations and help define internal audit plans.
Our risk focus radar is a combination of our view of key priorities and an extract from the UK Regulatory Initiatives Grid (where key milestone or formal engagement is planned), representing the risks and key priorities for 2023 and 2024 raised by the FCA, PRA and other leading UK regulatory bodies.
We identify the risk priorities at a single glance for the four key sectors segmented by time and risk dimensions to help develop audit planning and forecast upcoming requirements.
The FCA issued three insurance portfolio letters on 20 September 2023. The letters cover the letters cover four market-wide priorities: embedding the Consumer Duty; governance and culture; operational resilience and increasing reliance on third parties; and improving oversight of Appointed Representatives (ARs). With respect to the Duty, the FCA continues to see examples of insurers and intermediaries not sharing information, and distribution chains that are longer than necessary.
In each of the letters, the FCA explains that it is updating firms on its priorities for the insurance market for 2023-25. These are the areas where it intends to focus most of its work in the market. The letters also outline the specific risks of harm the FCA is most concerned about, and what it wants firms to do about them. The priorities outlined cover the following four market-wide priorities:
A significant part of the FCA's activity over the next two years will be to test firms against its priorities and expectations. The FCA expects firms in the market to take all necessary action to ensure that its requirements and expectations are met and that they are prepared for the additional requirements that the consumer duty brings to the priority areas outlined in the letters. It will use the Senior Managers and Certification Regime (SM&CR) to engage directly with accountable individuals on areas of concern.
On 20 September 2023, the Bank of England (BoE) published a speech given by Gareth Truran, BoE Director, Prudential Policy, and PRA Director, Cross-Cutting and Insurance Policy, providing an update on reform of the UK Solvency II regime.
The next big milestone is the forthcoming consultation on reforms to the matching adjustment (MA), which the PRA is aiming to publish around the end of September 2023. The PRA expects to publish its final policy in all these areas during the first half of 2024. Implementation of most of the changes is planned for the end of 2024, although the PRA is working hard with HM Treasury to allow its proposed MA reforms to come into force sooner, by June 2024. In 2024, the PRA will consult on transferring the rest of the Solvency II regime (set out in retained EU law) largely unchanged into the PRA Rulebook. This means there will be a single solvency regime for insurers designed for the UK and accessible in one place.
Most recently, the PRA published on 3 October 2023, the statement announcing that it intends to run a dynamic general insurance stress test in 2025. The exercise will assess the industry's solvency and liquidity resilience to a specific adverse scenario and the effectiveness of insurers' risk management and management actions following an adverse scenario. It will also inform the PRA's supervisory response following a market-wide adverse scenario.;
The dynamic nature of the 2025 exercise represents a significant change from previous exercises and will involve simulating a sequential set of adverse events over a short period of time. Consequently, the PRA intends to engage with the industry including trade bodies over the next six months, with a view to providing more details of this exercise (including participation, design, and timelines) during the first half of 2024.
Results of this exercise will be disclosed at an aggregate industry level.
The FCA published on 6 September 2023 a new webpage on firms' response to increased sanctions due to the conflict in Ukraine. The FCA explains that it has carried out a substantial programme of work due to the increased number of sanctions since Russia’s invasion of Ukraine, assessing the systems and controls relating to sanctions compliance for over 90 firms across the financial services sector. This has involved proactive assessments of firms' controls (using a new analytics-based tool), as well as the use of specific intelligence and reporting.
On the same day, Sarah Pritchard, the FCA’s Executive Director of Markets and International, gave a speech reiterating the findings.
The assessment uncovered good practices and several weaknesses across five themes which includes governance and oversight, global sanctions policies, third party reliance, contingency planning, skills and resources, screening capabilities, Customer Due Diligence, Know your Customer and breach reporting to the FCA.
The assessment uncovered some of the following areas of focus:
Some firms are still not able to show that they are providing senior management with sufficient information about their exposure to sanctions or are reliant on global sanctions policies which are not aligned with the UK sanctions regimes.
Some firms still lack adequate resources to ensure effective sanctions screening. Firms that have significant backlogs are at greater risk of non-compliance with sanctions obligations.
Sanctions screening tools need to be adequately calibrated and should include the necessary requirements under the UK regime. There were some poorly calibrated or tailored screening tools, with some firms also too reliant on third party providers with ineffective oversight over them.
There were instances of low quality CDD and KYC assessments and backlogs. This can increase the risk of firms not identifying sanctioned individuals.
Timeliness of reporting potential breaches or relevant sanctions information was inconsistent across firms.
Financial crime is never a victimless crime. It not only costs corporations and consumers, but it also damages the integrity and reputation of our markets, and this undermines our international competitiveness.’ The FCA published on 6 September 2023, a speech given by Sarah Pritchard, FCA Executive Director of Markets and International, on calibrating controls to build confident markets. Fighting financial crime remains a key focus of the FCA’s strategy. It has clear expectations of firms. We will increase our focus on whistleblowing in high-risk sectors and expect first line of defence employees to raise awareness of the process and benefits of whistleblowing for organisations and wider society. We will be testing how effectively these messages have been shared and will identify best practice across the industry.
Some considerations organisations should be thinking about include:
Firms should calibrate their financial crime fighting systems to the right risk level, whether it is high or low and expect spot checks by the FCA. Our sanctions update identifies good and bad practice. To calibrate, organisations need to understand their risks and calibrate their controls appropriately and proportionately.
Organisations should not palm off all responsibility for keeping on top of it to external firms. Firms need to understand their risks – both high and low – and make sure they have a proportionate and risk-based approach to deal with them.
The FCA is stepping up its testing of firms' risk-based systems and, as a data-led regulator, is using data and tech to do this. Firms who carry out tick-box compliance exercises should not be surprised to get a visit from the FCA.
The FCA is not able to move directly from whistleblowing to immediate enforcement, as this can be counterproductive. It can imperil the anonymity of the whistleblower and undermine the likelihood of the FCA being able to bring a case to court. It can also spur the wrong doers into covering their tracks and evading capture.
The Transition Plan Taskforce has published its final disclosure framework to help firms reach their climate goals.
Moving towards an effective D&I strategy as regulators set out proposals to boost diversity and inclusion.
The Consumer Duty is now in force for open products, but firms have a long way to go to meet the FCA's expectations.
Our in-person and virtual events will put you in touch with our technical teams who have already undertaken engagements and gained valuable experience in these areas. We do hope you can join us.
Staying ahead of key trends can help you manage challenging market conditions. Join us for our banking and capital markets conference to understand the most pressing issues facing the sector.
Wednesday 29 November 2023 | 12.00 pm - 6.00 pm
With only a year left before the new Basel 3.1 standards go live, join us for a deep dive into the PRA’s Basel 3.1 rules and requirements for implementing this globally accepted regulatory banking reform.
Wednesday 6 December 2023 | 10.00am – 11.15am
In the context of the UK government’s move to establish a regulatory framework for an alternative digital ‘stable coin’, we’ll take a comparative look at the financial crime profile of physical cash, a digital pound and other virtual currencies. Will a digital pound take off, and if so what difference could it make?
Thursday 18 January 2024 | 08.30am – 10.30am
To find out more about what’s happening in internal audit, listen to a special episode of our financial services risk and regulatory podcast.
In the fast-changing financial services landscape internal audit has become a force of innovation. Can your own function keep up with the pace? In this episode, Rob Benson and Vivian Lagan joined by Fotoulla Charalambous, Chief Internal Auditor at EBRD, Carley Eaton, Chief Internal Auditor at Provident Financial Group and Nick Curle, Chief Auditor at NatWest Group to discuss our recent Internal Audit Report 2022/23.