Dear CEO | Release Date: 6th February 2020
To read a longer summary of this Dear CEO letter, click here.
To access the original FCA document, click here.
Short Summary
The FCA’s letter to CEOs of firms operating within the ‘platforms’ portfolio outlines the supervision strategy focused on pre-emptive measures against potential harms. It stresses the importance of the Senior Managers & Certification Regime (SM&CR), which expects clear accountability and a thorough understanding of roles among senior management.
Key harms identified include technological and operational resilience challenges such as insufficient investment in technology, poorly managed migrations, and the vulnerability to cyber-attacks. The letter emphasises the need for platforms to maintain business continuity, protect customer data, and ensure robust security against financial crime.
Outsourcing is also highlighted as a significant concern. The FCA expects firms to maintain strict oversight and risk management of third-party services, ensuring that contractual arrangements are clear, particularly regarding incident management and business continuity plans.
Conflicts of interest represent another critical area. The FCA expects firms to identify and manage conflicts effectively, particularly in activities like constructing Best Buy lists, where impartiality and rigorous governance are crucial.
The letter also references the Investment Platforms Market Study (IPMS), urging firms to implement its findings and recommendations. This includes improving the transfer process for consumers, ensuring best execution of trades, and providing transparent information about costs and charges.
In preparation for the UK’s exit from the EU, firms need to consider the implications of the end of the transition period on their operations and client relations, ensuring readiness for changes starting January 1, 2021.
Key Take-aways and Actions:
Firms should rigorously assess their operational, technological, and outsourcing risks, enhancing governance and oversight accordingly. They must ensure compliance with SM&CR by clearly defining roles and responsibilities. Platforms must also implement IPMS recommendations and prepare for post-Brexit regulatory changes, maintaining open communication with the FCA for any strategic issues that arise.