On 8 September 2023, the FCA published its first portfolio letter in four years and, in doing so, determined the supervisory agenda for wholesale banks over the next two years.
Whilst the letter is wide ranging, focussing on several different areas including Operational Resilience, ESG, Consumer Duty and Artificial Intelligence, this blog will concentrate on the heart of the FCA’s agenda: risk. The FCA considers the challenging market environment seen in recent times and the impact that those market stresses have had on wholesale banks noting that “a failure to manage operational or reputational risks can quickly result in broader concerns about a firm’s safety and soundness”.
The interconnectivity of our global financial markets means that any failure in risk management can quickly escalate to have a wider societal implication and the FCA is understandably determined to avoid this.
The FCA is blunt in its assessment of failures in risk management citing several recent examples within the letter; the tone suggests that the FCA is frustrated with these incidents given their expectation that wholesale banks should already have been prioritising the improvement of their risk frameworks since the default of Archegos in 2021.
The FCA is clear that it expects firms to have put in place “remediation programmes in response to events of the last 18 months” whether they were directly affected or not and as part of its supervisory agenda in the next two years will be assessing these programmes to ensure they align with the FCA’s expectations of sound risk management. Wholesale banks should consider:
Where there is no remediation programme in place:
Where there is a remediation programme in place:
The FCA have specifically called out non-financial risks as a focus area for them and will be “ramping up [its] testing programme to look at how banks are controlling these risks”. The remediation programmes called out above, tend to concentrate on financial risks, for example, unauthorised trading. Yet there are a number of less tangible risks that need to be accounted for, for example, market abuse, conflicts of interest and financial crime.
Whilst these risks are more challenging to quantify, the implications of failing to control for them can be significant, not only financial losses, but also reputational impacts on not just the organisation in question but the wider market. Wholesale banks should consider:
Underpinning the FCA’s letter is a clear message that wholesale banks should expect increased supervisory scrutiny in the foreseeable future and should be prepared to react to requests nimbly as well as the expectation that responses be “data-led”. This inevitably will lead to an increased need for effective MI which firms can use to evidence their ability to control for both financial and non-financial risks but crucially, firms will also need to show the review of that MI has been actioned appropriately. Wholesale banks should consider:
In this letter, the FCA has set its supervisory stall for the next two years across a number of focus areas and acknowledges that it will need to be flexible and re-prioritise as market events occur. However, there is one consistent theme throughout all these areas and that is risk and the ability for wholesale banks to manage that risk appropriately.
The FCA expects firms to discuss this letter with Boards within the next 2 months and “where necessary, take action” and if firms deem it not necessary, the FCA will expect a thorough justification for why not.