Written by Ben Mason, CEO, My Compliance Centre.
Autumn 2023 Newsletter.
So, what has been going on with our regulators over the last quarter?
In summary, we can say that regulators are about as busy as they usual. One simple metric that we often apply is simply to consider their output level of regulatory updates and other documents. Over the last 12 months, there has been a remarkable consistency in terms of the productivity of the primary regulators that we track. By way of reminder, the FCA in particular dramatically increased its output in Q4 of last year and has now remained constant at around 100 to 110 documents per quarter. Similarly, the primary European regulators, the PRA, and the ICO are all very consistent in their levels of output.
If we look at fines imposed by the FCA, so far this is a quiet year relative to 2022. As of the 2nd of October, only seven fines had been imposed by the FCA, compared to 22 fines during all of 2022. Why the slowdown? There could be many reasons, but it seems reasonable to expect an increase in 2024 and beyond in relation to non-compliance with the Consumer Duty.
How are they Regulating?
In terms of how the FCA is regulating, then the trend that we’ve noted previously, of a move away from consultation and towards guidance, continues (in other words, they’re telling us rather than asking us). During the last quarter, there were only four FCA consultations, most of which were of no relevance to the vast majority of the financial services industry. However, by contrast, there were 18 difference issuances of guidance by the FCA.
What are the primary trends and topics of note that have happened in the last quarter?
A number of different issues have caught my eye recently. Firstly, the recent simultaneous consultations by both the PRA and the FCA on Diversity and Inclusion is of significance for everybody. The FCA is recommending extending the scope of conduct rules to include all forms of harassment and bullying, amending FIT assessments under SMCR and including these aspects as contributory factors when considering the Suitability Threshold Condition.
Moving on, what appears on the outside to be a very mundane Consultation by the FCA on its “Rule Review Framework” caught my eye because a key factor within this initiative, again, is data. The FCA has always referenced being a data-driven regulator, but as we’ve noted elsewhere, its new Leeds office apparently gives it a greater capability to use data in all aspects of its operations, and this appears to be another example.
The ongoing involvement of politicians and politics in financial services regulation continues unabated. The hot water that RBS got themselves into over the closure of Nigel Farage’s bank account by Coots was front page news. Additionally, politicians have been very happy to wade in on the topic of Consumer Duty, regarding issues such as banks failing to increase their interest rates paid to depositors at the same rates as those charged to customers. The repeal of European law is an ongoing process, with several major initiatives being driven through by HMT, and the Edinburgh reforms are still ongoing. Personally, I find too much political involvement in regulation distasteful and unhelpful, but it is reality, and right now there is a lot.
Having summarised the above, two primary issues I’ve really caught my eye over recent months.
The first is what I think will become a proper bun fight around the issue of the regulation of crypto firms’ financial promotions. The UK already has extraterritorial aspects to its regulation (although these are not as aggressive as the US.) However, the proposals for the regulation of financial promotions made by unregulated crypto firms appears to go much further than we’ve previously seen in terms of extraterritorial regulation. This is because the new crypto regulations are being imposed on the global crypto industry regarding any marketing carried out towards UK consumers, but the global crypto industry is not geared up to comply. The FCA’s position has become increasingly action-oriented through the year, most recently, issuing a final warning to crypto firms, quite clearly believing that the vast majority are simply ignoring it and are going to carry on marketing to UK consumers as before. Where this all leads will be very interesting to see. If non-UK based crypto firms are fined or sanctioned in any other way by the FCA, will they care?
The other issue that has caught my eye through the year is the approach of different regulators towards the regulation of AI. Most obviously, what do the FCA and the ICO think respectively? And what does it mean for us all?
Let’s take the ICO first.
The ICO broadly thinks that the current governance (i.e. number of regulators) is absolutely fine. They don’t want any more regulators just for AI – as far as they’re concerned, they are involved in numerous AI regulatory forums already and the current legislation and rules work.
For me, that was very interesting: in short, they are saying that if current regulators do their job properly, as UK consumers we can expect to be protected from the dangers of AI going forward. I wonder how many UK residents and consumers believe this to be the case?
To summarise, in its regulation of AI, what does the ICO care about? It cares about:
- The application of existing data protection principles by AI providers
- Identifying and managing future risks
- Bias and discrimination in decision making and the explainability of decisions made (i.e. why your mortgage was turned down by AI)
- Specifically, accountability and transparency (both in regard to automated decision making and how personal data is used)
What is the FCA’s view of its role regarding the regulation of AI?
Overall, the FCA offers a predictably cautious welcome to the potential benefits of AI for consumers, while expressing concern about the risks posed. Like the ICO, it also cares about the explainability of AI decision making. Also, like the ICO the FCA also believes that the existing principles embedded within the legislation which underpins its regulations are fit for purpose in an AI driven world as much as they were pre-AI.
Very understandably, the FCA believes that agency lies with firms regarding the performance and actions of any AI system. Put another way, firms can’t simply blame the AI for what happens; they are responsible.
The FCA is also quite rightly concerned that cyber prevention continues to improve at the rate of AI driven cyber fraud and cyber-attacks.
However, what really interested me from the FCA’s observations on AI is about the impact of social media misinformation on price formation in global securities markets. It is very easy to understand how fake news and deliberate misinformation can impact markets, but the extent to which this is happening I was really surprised by. The FCA reports that intraday volatility has doubled compared to during the 2008 financial crisis, blaming social media, and AI driven automated trading for this.
Oh, I nearly forgot.
Consumer Duty happened this quarter as well.
For any further enquiries, please contact Ben Mason at firstname.lastname@example.org