Most in the financial services industry love to moan about the FCA. Although there are many reasons you might not love the regulator, you can’t argue that it’s pretty forward-thinking when it comes to fintech. In fact, regulators around the world are looking to the FCA to see what kind of ideas it has on fostering innovation and competition. And it has plenty.
With the release of its Business Plan 2016/17 in April, the FCA has made it clear that technological innovation is one of its top priorities for the coming years. As well as its latest brainchild, Project Innovate, the FCA also wants to encourage the industry to club together to form a non-profit umbrella company to act as a ‘sandbox’ for testing out new technologies. But it has also flagged the ‘systemic risks’ that come hand in hand with progress into uncharted waters.
“We remain alive to the risk – and potential rewards – of technological innovation,” said FCA chairman John Griffith-Jones. “Technology can drive down the cost of accessing products and services, and can push up the quality of service. But it can present challenges to markets and regulators alike, including resilience, cyber-crime and financial exclusion.”
Here are five big concerns the FCA wants financial services firms to think about:
- Widespread adoption of technology is likely to be limited by vulnerabilities in the design and management of systems and infrastructure.
- Many firms remain reliant on complex IT infrastructures which can make it difficult for them to maintain key services such as payments. These risks may be exacerbated by the ring-fencing of retail banks, unless firms use appropriate planning to manage them.
- Tighter margins are leading more firms to outsource processes to third-party firms, yet firms have little or no control over the security or functionality of these providers systems and processes.
- Cyber-attacks are increasing and pose risks to consumers and markets. Some attacks are likely to be successful and firms may not have adequate defences or effective plans to identify and respond to them.
- Rigid regulation may stifle innovation in financial services.
But it’s not all doom and gloom. The FCA has outlined a number of ways it plans to help firms overcome these challenges. These include keeping up with trends in Big Data (it may conduct a market study in this area), launching its Regulatory Sandbox, boosting the capacity of Project Innovate, and telling firms what it expects in terms of the resilience of their IT systems. It will also keep a close eye on the development of roboadvice, and take a joined-up approach to cyber-crime with other organisations, while providing firms with educational tools to tackle it.
In its analysis of the Business Plan, Ernst & Young (EY) noted the FCA “is leading the regulatory pack on innovation, digital and FinTech, and is reinforcing its focus on cyber risk.”
Patrick Craig, working in IT Performance Improvement at EY, said he expects to see the FCA giving more detailed guidance on the issue of cyber-security in particular:
“We anticipate that the FCA will…. become more explicit about the standards of cyber resilience it requires [authorised firms] to have in place.”
He highlighted the use of cloud technology as a particular area of concern for the regulator because of the involvement of third party providers. “An emerging FCA concern is that a growing number of firms are adopting or switching to cloud-based third-party services, which are provided by a relatively small number of suppliers. This could potentially create a new concentration risk from a regulatory perspective — not least because those providers sit outside the FCA’s remit.”
EY suggests three actions points for FS firms to consider when working out their strategy in this area:
- Use the regulatory sandbox to test digital interfaces to inform ‘go’ and ‘no-go’ decisions along with product reviews.
- Review the benefits of digitalisation against your risk, cyber exposure and due diligence from third-party providers.
- Understand the nature of cyber risk faced, why you might be a target, which assets might be targeted, and your ability to respond to breaches to limit customer impacts, reputational risks and financial losses.
The regulator is making technology a major focus moving in to 2017 and beyond. What this means for firms is that they will have to get ahead of the game, and be prepared to invest in the most advanced systems and safeguards possible, if they are to avoid seeing the dark side of technological progress. Are we convinced that this has been accepted and plans drawn up to not combat or accommodate, but to embrace development? Only time will tell, but the winners in all of this will be those who have.
Latest posts by Hannah Smith (see all)
- Insurtech: Five ways insurers are getting ahead in a digital world - January 3, 2017
- “We need you to make it go viral.” What’s the secret to viral marketing? - November 15, 2016
- UCITS and the rebirth of hedge funds - October 25, 2016