In our December 2020 article for Financial Regulation International, we looked back at UK financial regulation, and financial crime prevention regulation in particular. In this update, 18 months on from the start of the first UK lockdown, Emma Radmore of Womble Bond Dickinson looks at the broader financial regulatory response and how, in most respects, the regulators do not expect to have to give firms any further leeway – yet consumer protection concerns remain.
Rewind – where were we?
The key regulatory concerns at the start of the pandemic could be grouped into distinct, but overlapping, categories:
- How regulated businesses could comply with rules during a remote working scenario with staff shortages
- The hardships consumers might face, and what could be done to protect them
- The risks stemming directly or indirectly from the pandemic and what could be done to address them.
What did the UK regulators do?
Prudential and staffing issues
The UK regulators, particularly the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) sprang into action. They provided prudential help for firms, giving them some leeway around prudential requirements and regulatory reporting, while stressing that firms needed always to have resilience planning at the top of their minds, so in a worst case scenario they could prepare for an orderly wind down. The regulators could, and did, relieve a little of the strain by cancelling certain planned exercises that would have been resource-intensive for firms.
The regulators also considered that regulated firms, like most other businesses, would be considering the need to furlough staff. The FCA gave guidance to firms, expecting the CEO to be in overall charge of resourcing – both initially in deciding who would be designated as key workers and secondly in developing a plan for the firm to continue to comply with the requirements of the Senior Manager and Certification Regime if it decided to furlough some senior managers. Among the staff most likely to be considered essential were those in the risk, compliance, payment processing and audit teams, and it would be in exceptional circumstances only that a firm would furlough its Senior Manager appointed to the Money Laundering Reporting and Compliance Oversight functions. If a firm did do this, FCA would need to be convinced that another appropriate senior manager would ensure the firm's compliance.
Firms also had to consider their systems, controls and distribution chains, including assessing the performance and resilience of outsourced service providers and checking business continuity plans would respond to their failure, and ensuring any brokers acted in line with the firm's policies on treating customers fairly and communicating with them clearly.
FCA quickly rolled out several measures to protect consumers, especially the vulnerable. It recognised both that some consumers would struggle to keep up with their payments on mortgages or other loans, and that certain products they held, such as some insurance policies, may reflect poor value for money in the extraordinary circumstances. The measures originally required firms to offer temporary payment freezes and exempted them from compliance with certain conduct of business requirements around affordability. The initial measures banned repossessions also. As time went on, many of the measures were extended, and adapted to give firms guidance on how to deal with customers approaching the end of a payment freeze.
As the pandemic continued, insurers and brokers came under pressure both to consider customers' interests on policy renewals and affordability of premiums, and to deal quickly with claims. It was anticipated, and turned out to be the case, that there would be many disputes about policy coverage in the case of a global pandemic, with insurers trying to interpret wordings not really fit for purpose. This culminated in the FCA's Test Case against a number of insurers to address how business interruption policies should respond, and has led to huge numbers of complaints from consumers, particularly in relation to insurance such as travel, wedding and event cover.
In terms of customer onboarding, and with a particular eye to financial crime prevention, firms that had traditionally relied on face-to-face meetings to conduct their customer due diligence had to find alternative methods. FCA suggested a number of alternatives, such as asking customers to send selfies, video calls, and the use of triangulation and verification codes. FCA stressed that firms should not turn off important triggers or alerts and, if reprioritising resources, should not delay reviews for high risk customers.
Continuing the vulnerable customer theme, the key practical concern was that certain customers depended on being able to access cash through branches of their banks. FCA was concerned that banks considering temporary or permanent branch closure should be looking at how they could continue to service and comply with their regulatory obligations in respect of these customers.
And, of course, the move to remote working and banking necessary increased the risks of cyber-crime – because of the numbers of unsophisticated consumers using online services for the first time, the human risk presented by staff working relatively unsupervised at home and at times in lack of staff because of illness, and the constant ability of criminals to exploit weaknesses.
Where are we now?
As time went on, FCA expected firms to have adapted their systems and controls to the new environment, and recognised that it was not in consumers' interests to receive automatic extensions of payment freezes. During the first quarter of 2021, it updated all its sectoral guidance, with key messages being that:
- From the end of January 2021, FCA allowed firms to repossess goods or vehicles where customers were in arrears, but only as a last resort and after carefully considering the impact on the customer of taking repossession action
- By February 2021, FCA decided that firms had had long enough to get used to new ways of conducting customer due diligence, so they no longer needed specific guidance or leeway, and considered they should no longer be delaying scheduled reviews and monitoring
- From April 2021, firms were no longer prevented from starting repossession action in relation to mortgages, but should still consider it only as a last resort and should continue to provide tailored support for customers who were in financial difficulties. Any agreed payment deferrals should have ended by July 2021 so any additional deferrals would be offered as individually tailored support and reported to credit files
- Firms should now, broadly, have moved back to business as normal in terms of key controls, and should be supporting customers who continue to suffer difficulties including giving guidance on dealing with refund requests.
The pandemic is of course not over, and it has already left a lasting effect on how many businesses and consumers conduct their day to day life. However, from a regulatory compliance point of view, the expectation is clearly that firms have had ample time to make any necessary changes to their policies, procedures, systems and controls to adapt to how they will run their business going forwards, and the regulators will not give any further leeway to firms.
For those involved in financial crime prevention, then, there may have been some temporary and some permanent changes, but by now, all CDD, transaction monitoring, reviews, reporting and auditing should be as strong as they ever were, with appropriate resource continuously assessing where the next challenges will be and preparing to mitigate their effects.