Principal firms are under the regulatory spotlight… are you at risk?

Appointed Representatives
Written By Guest User

Principal firms who are not demonstrably managing their risks and holding appropriate capital are at risk

That principal firms now warrant a whole page in the FCA's latest Business Plan should send a message to the industry, but it should not be a surprise.

Many principal firms have 'enjoyed' some dialogue with the regulator in recent years (if not further action). With the failure of Greensill Capital (an appointed representative or AR) subject to a Treasury Select Committee inquiry...the regime is under the spotlight like never before.

The FCA summary of issues observed is succinct, specifically flagging “poor due diligence and oversight” of ARs by principal firms. The outcomes the regulator seeks has greater detail.

Principal firms should take note of the FCA's plan to 'consult' in order to improve and strengthen the regime.

Including reference to "...timely information on principals and their ARs and to improve principals' ongoing oversight and due diligence of current and prospective ARs.". This suggests new FCA reporting by principal firms (possibly via RegData).

And not just the numbers of ARs. The FCA could reasonably ask for information on business models of ARs, resources at principal firms (staff numbers, systems and capital), as well as the regularity of site visits / desk-based reviews and oversight/governance meetings. If not more granular details on ICAAP (ICARA), risk appetite and competence of staff.

If you are a principal firm – large or small – you need to be proactive. Taking on ARs and extracting profits from a separate business line without effective risk management is a recipe for disaster.

What should a principal firm consider?

Firms can undertake a review of their systems and controls by starting from the top down.

Examining governance and oversight structures, risk appetite statements and ICAAPs (ICARA) including Pillar 2 capital. This can be more effective where principal firms already have robust controls in place and effective due diligence and oversight.

Another approach is to review from the bottom up, considering the due diligence undertaken, oversight and risk scoring of individual ARs.

And then considering the oversight structures in place to review MI and make decisions. This can provide insight into the effectiveness of current arrangements, appropriate resourcing and Pillar 2 capital requirements.

Effective risk management, oversight and due diligence can only happen where a principal firm has a risk based monitoring strategy for individual AR’s, suitable MI feeding into decisions and pro-active governance aligned with risk appetite statements.

And no, simply stating in an ICAAP (ICARA) ‘we have a low risk appetite’ or a 'zero tolerance of risk' is not a risk appetite statement.

Such statements are common but lack meaning and can be seen as contradictory or misleading. If you take on ARs then you agreed to accept more risk than firms who do not have ARs. I suspect the FCA must be sick of reading such statements in ICAAPs in general, never mind from principal firms...

Consider quantitative and qualitative elements to the risk appetite statement here. Number of ARs, risk scores, types of business model, resources, SLA’s around monitoring of individual ARs and frequency of decision making meetings. This will allow the creation of a focussed suite of MI and look through to the performance of oversight and due diligence functions. So you can then demonstrate effective governance with a look through to the front line.

What action should you take if you are part of the Senior Management team at a principal firm (with direct responsibility under SMCR)?

Ask yourself if you have the data to provide the FCA on these different areas and functions. And then ask yourself if it demonstrates effective oversight. If it does not, you should take action. And possibly seek assistance from your friendly external compliance consultants (hint – that can be us at ComplyCraft Consulting).

With the new ICARA, you need to consider the risk to consumers and the risks to the market. Greensill is a good example of 'market risk' in the context of principal firms. There are plenty of examples where poor oversight of ARs could lead to poor consumer outcomes (particularly if your ARs deal with retail clients...but don't forget funds with retail investors and such). So, this is a call to action looking at IFPR as well as this extra scrutiny...

Whatever you do. Please do not wait for the regulator to ask you for information and realise you are lacking. The FCA have sent several 'Dear CEO' letters and published thematic reviews in general insurance and asset management in this area, over several years.

Ignorance is not bliss when you have a clear line of responsibility and the FCA can hold you publicly to account for failings.

We work with several principal firms and appointed representatives and are happy to discuss how we can help.

Guest User
Previous

Corporate finance, venture capital and private equity firms should consider opting out of the new FCA prudential regime
Next

What is your duty of care to clients?