Dear CEO | Release Date: 22nd March 2022
To read a shorter summary of this Dear CEO letter, click here.
To access the original FCA document, click here.
Long Summary
The Financial Conduct Authority (FCA) is intensifying its supervision strategy for the custody and fund services sector, which is crucial for the safekeeping, servicing, and oversight of assets within the UK financial system. This letter communicates the FCA’s expectations and the primary areas of risk that need management to maintain market integrity and protect investors.
Compliance Expectations
Firms within the custody and fund services sectors are urged to rigorously ensure their operations align with FCA regulations. The FCA mandates that these firms not only adhere to operational standards but also engage in proactive measures to mitigate risks. The sectors addressed include third-party custodians, depositaries for authorised and non-authorized funds, and third-party administrators offering services like fund accounting and transfer agency.
Key Risks and Causes of Harm
The FCA identifies four principal areas where potential harm could arise, impacting both clients and the overall market integrity:
Operational Resilience and Cyber Security:
Firms must bolster their cyber defences and operational resilience to prevent data loss or compromises, which are critical given the sectors’ reliance on technology.
Client Money and Asset Oversight:
There is a crucial need for enhanced oversight and control mechanisms to prevent financial losses and ensure efficient asset recovery.
Depositary Oversight:
Depositaries must ensure investment schemes are managed in accordance with the rules and in the best interests of investors, highlighting the necessity for vigilant oversight of fund managers.
High-Risk Investments:
Firms must manage the risks associated with high risk, illiquid, or speculative investments, particularly those sold to retail investors, ensuring they do not contribute to adverse consumer outcomes.
Supervisory Priorities and Actions
Operational Resilience
Firms are expected to have robust processes to handle operational disruptions and secure client data against cyber threats. The FCA’s Policy Statement PS21/3, effective from March 31, 2022, outlines requirements for firms to identify critical business services and ensure they can operate within set impact tolerances.
Client Asset and Money Protection
Compliance with the Client Assets Sourcebook (CASS) is emphasised to safeguard client assets effectively. The FCA points out that many issues stem from inadequate governance, underinvestment in systems, and poor change management, urging firms to address these root causes.
Depositary Functions
The role of depositories in overseeing fund activities is crucial. Firms are expected to ensure that they are effectively challenging fund managers and maintaining a high standard of fund oversight.
Managing Speculative and Illiquid Investments
While custody and fund service firms typically do not promote high-risk investments, their association with such products must be managed carefully to avoid lending undue legitimacy to potentially harmful investment opportunities.
Regulatory and Market Changes
Firms must stay informed and prepared for regulatory changes, such as the Investment Firms Prudential Regime (IFPR), and anticipate how technological advancements could impact their services and business models.
Conclusion and Key Takeaways
Proactive Engagement Required
Firms must actively engage with the FCA’s regulations, ensuring all operations and services comply with established standards, particularly in managing client assets and ensuring operational resilience.
Continuous Review and Adaptation
Ongoing assessment and adaptation to new regulatory requirements and market conditions are crucial. Firms should be prepared to implement changes in their operational and business strategies to align with these evolving standards.
Reporting and Transparency
Immediate reporting of significant operational incidents or failures is mandatory under the FCA’s guidelines. Firms should have clear procedures in place for such reporting and ensure transparency in their operations.
Final Reminders
Firms are reminded of their responsibility to prioritise the interests of their clients and the integrity of the markets. They are expected to maintain a culture that fosters compliance and supports the overarching goal of market stability and investor protection.
By adhering to these guidelines and actively managing the outlined risks, firms can contribute to a more secure and reliable financial market infrastructure.