How can Hogan Lovells help?
At Hogan Lovells, our combined legal and consulting Financial Services team helps firms navigate and comply with their regulatory requirements including in relation to Consumer Duty, operational resilience and financial crime/fraud. If you would like to know more about the Hogan Lovells team and how we can help you with the operational practicalities of the FCA’s findings, please get in touch.
Importance of effective culture and controls in challenging times
Given the combined challenges of, among other things, regulatory change, ongoing compliance, acting to deliver good customer outcomes, and evolving business models and technology, the FCA states that it’s very important for firms to have effective culture and controls applicable to both financial and non-financial conduct (see this November 2023 FCA speech and the related proposals in this September 2023 FCA consultation on diversity and inclusion in the financial sector). This includes:
- Leadership and people management which establishes healthy purposeful cultures in which staff at all levels act with integrity and in a customer-centric way.
- Governance and oversight which is strong and balanced enough to plan and execute major changes in a way that safeguards customers.
- Risk management frameworks which give proper early consideration to both prudential and conduct risks, and to monitoring the customer outcomes being delivered and improving any shortfalls.
The FCA plans to engage with firms on their cultures and controls during its work with them in 2025 on the priority areas that it has identified.
Priority areas identified in the portfolio letters
The FCA has identified a number of priority areas for firms in the coming year, some of which only apply to certain sectors:
- Consumer Duty: Unsurprisingly, this features in each of the four portfolio letters. The FCA signposts its various Duty related publications and sets out areas on which firms should now be focusing. These encompass all of the core elements of the Duty such as ensuring that products/services offer fair value.
- Financial resilience (only appliable to LMPs and NBMLs/MTPAs): The FCA makes the point that in a potentially volatile environment, firms must be aware of interdependencies between risks, which could increase the overall risk profile of the firm. It emphasises the importance of firms’ ability to manage applicable risks and the links between them, given the potential knock-on effect on consumer protection and market integrity.
- Operational resilience: The FCA reiterates its expectation that firms have adequate systems and controls, processes and policies, and appropriate governance and oversight, to mitigate the risk of operational events and failures. It is expecting to see increasing sophistication and maturity in firms’ testing of resilience in different scenarios, and their refinement of action plans for remediating vulnerabilities and remaining within their tolerances.
- Financial crime and fraud: There is a reminder that financial crime remains an FCA top four priority in its 2024/25 Business Plan. It will make increasing use of data and analysis to identify outlier firms and target its engagement and other interventions.
- Sustainable finance: The FCA makes clear that firms have a role to play in helping the economy transition to a more sustainable long-term future, including looking beyond net zero targets and climate change to consider wider environmental risks such as those related to nature and biodiversity. In relation to the development of sustainable finance offerings, the FCA points to its new anti-greenwashing rule that came into force on 31 May 2024. It encourages firms to use the finalised non-Handbook guidance that accompanies the new rule. Similar considerations apply where firms publish climate transition plans. The FCA will be paying close attention to firms’ claims and controls in this area.
- Access (only applicable to retail banks/building societies): The FCA makes the point that as banks and building societies transform their channels, products and services, their customers must not be left behind and consumers must not be unreasonably or unlawfully excluded from payment accounts and banking services. There is a reminder of key publications, including its recent update report setting out findings from follow-up work on payment account access and closures.
Retail banks and building societies
- On Consumer Duty:
- In relation to the continued importance of sharing information with other firms in the value or distribution chain, the FCA mentions that firms should think carefully about sharing information in the context of offering and/or using ‘banking as a service’ or ‘embedded finance’, eg to help ensure effective monitoring and controls over conduct and other risks whilst also remaining alert to their own data protection and competition law obligations.
- The FCA highlights the same points on responsible lending and closed books as for LMPs and NBMLs/MPTAs (see below). However, it also mentions that retail banks/building societies should take particular care with their handling of the forthcoming maturity of historic interest-only and part-and-part mortgages.
- In addition, the FCA is seeing banks enter into forward flow arrangements with NBMLs, whereby the latter originate mortgages for them. It points out that both firms will wish to consider, and reach a shared understanding of, their respective Consumer Duty responsibilities, if any. As part of this, the FCA would find it helpful to be notified (under Principle 11 or SUP15.3.8) of new forward flow agreements.
- The FCA refers to its recent update on the actions it has taken since its July 2023 cash savings market review and suggests all firms offering cash savings products will wish to consider that feedback and analysis and improve their own assessments of the value offered by their savings products.
- On treatment of customers in financial difficulty, the FCA expects firms to continue to focus on improving outcomes in relation to overdraft repeat use following the publication of its findings of good practice and areas of concern.
- For operational resilience, the FCA emphasises that firms’ main focus now must be on testing and identifying emerging risks which in turn are to be incorporated into scenarios and testing plans. It reminds firms of its observations and insights on firms’ preparations (May 2024) which should help in reviewing approaches and assessing readiness for March 2025 when the transition period for the FCA’s Building Operational Resilience Policy final rules ends. The FCA plans to continue to share thematic observations and insights to inform firms’ approaches to building operational resilience. It also flags that retail banks should have well-tested plans to mitigate the likelihood of harm from cyber-attacks. As part of this, they should read the 2023 CBEST thematic report and consider embedding the findings into their cyber strategies.
- On financial crime and fraud, the FCA points out that managing financial crime risks will be especially important and challenging for banks in the context of their offerings of, or participations in, 'banking as a service’ or ‘embedded finance’ because of the often complex chains of multiple entities involved in such arrangements and the tendency for demands for rapid customer approvals and onboarding. There is also mention of the recently introduced Payment Systems Regulator’s (PSR) new reimbursement requirements for banks and other payment service providers, and the PSR’s expectation that this significant new level of protection will prompt more action to prevent these frauds happening in the first place.
Lifetime mortgage providers (LMPs)
- This portfolio includes firms providing lifetime mortgages, home reversion and later life lending products.
- On Consumer Duty, the FCA refers specifically to its expectation that LMPs will have reviewed and, where necessary, acted on its findings on later life advice and advertising (September 2023). The FCA considers its responsible lending requirements to be particularly important for later life lending, including lifetime hybrid products where consumers are expected to service mortgage payments. Firms should also be especially alert to any indication of vulnerability among customers in this market. Two ongoing challenges in relation to closed book products are:
- out of date or incomplete client records – if gaps can’t be filled, firms will need to take additional steps to mitigate the risk of harm, eg by enhanced outcomes testing for relevant customers; and
- tracking down less engaged customers – firms will need to test, monitor, and adapt their approach to communications, including timing and content, if these aren’t leading to the right customer engagement and understanding.
- Regarding financial resilience, the FCA states that LMPs should pay particular attention to MIPRU 4.2D on liquidity resources requirements, including stress testing and contingency funding plans. The FCA also signposts the further guidance in FG20/1 (Assessing adequate financial resources), its Wind-down Planning Guide and the findings from its recent Multi-firm review of consumer credit firms and non-bank mortgage lenders (see our Engage article). When taking steps to stay financially sustainable (eg cost cutting, increasing sales or fees, withdrawing from some activities/services, or merging with another firm), the FCA expects firms to make sure this does not result in poor customer outcomes.
- On operational resilience, the FCA points out that as sales of lifetime mortgage products are mainly made through mortgage intermediaries, firms relying on intermediaries should have clear policies on due diligence to be followed at the beginning of any relationship, with ongoing review to ensure firms minimise the risk to themselves and consumers in relation to operational resilience and business continuity. The FCA highlights that while the new Business Impact Tolerance framework PS21/3 does not strictly apply to LMPs, it should be a helpful framework for firms considering their own approach going forward.
- Although LMPs generally face lower inherent risks of money laundering or fraud against customers than, for example, retail banks, the FCA emphasises that they still have significant legal and regulatory responsibilities in the area of financial crime and fraud.
Non-bank mortgage lenders (NBMLs) and mortgage third party administrators (MTPAs)
- Financial resilience is at the top of the list of priority areas for NBMLs and MTPAs. The same points as for LMPs apply (see above).
- On Consumer Duty, as for LMPs the FCA expects firms in this sector to lend responsibly, including by conducting accurate and appropriate affordability assessments where applicable. It sees increased risks of harm and poorer standards in the areas of second charge mortgage lending (increasingly being used to consolidate debts) and later life mortgage lending (where a prudent, proportionate approach to assessing customers’ income both before and beyond retirement should be taken). Again as for LMPs, in relation to closed books the FCA highlights out of date or incomplete client records and tracking down less engaged customers as two particular challenges. It also flags the importance of providing appropriate support for closed book mortgage borrowers who may be unable to remortgage and will be paying variable rates of interest (some of whom will also be vulnerable and lack financial resilience).
- For operational resilience, the FCA expects arrangements between outsourcers (eg an NBML) and their chosen business partner (eg an MTPA) to be reviewed regularly by both parties to assess how effectively they are delivering in practice.
- As for LMPs, although NBMLs and MTPAs generally face lower inherent risks of money laundering or fraud against customers, there is a reminder that they still have significant legal and regulatory responsibilities in this area.
What’s next?
The FCA expects firms and their boards to discuss the letters, consider their business in the light of the risks it refers to, and review their approaches to mitigating these and driving improved outcomes, including the prompt remediation of any issues that firms identify. Firms should be prepared to show and explain to the FCA how they are taking reasonable steps in those respects.
Firms are also reminded of Principle 11 (relations with regulators) and the notification obligations under SUP 15.3.1R (matters having serious regulatory impact) and SUP 15.3.11R (significant breaches of a rule/Principle). The FCA highlights the particular importance of it being notified of:
- Any product, service or customer journey that is significantly non-compliant with the Consumer Duty;
- Any proposed business expansion, change or restructuring which could have a significant impact on a firm's risk profile or resources;
- Any proposed provision of a new type of product/service, or proposed cessation of a regulated or ancillary activity or significant reduction in the scope of such (SUP15.3.8G(1)(c)&(d)), including the purchase or sale of mortgage books or the transfer of legal title.
In its supervisory work, the FCA will also continue to consider carefully whether those with relevant senior management functions have carried out their responsibilities appropriately under the Senior Managers and Certification Regime.
If you would like to discuss any of the points from the FCA’s portfolio letters, please get in touch with any of the people listed in this article or your usual Hogan Lovells contact.
Authored by Stephen Timbrell and Virginia Montgomery.