2. Agenda
Introductions
1 2
Eversheds Sutherland | Regulatory Risk | 10 January 2018 2
What is it?
How to measure it?
Is there contagion to other risks?
What are the specific regulatory
risks in 2018?
Regulatory risk
4. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 4
Permanent withdrawal of licence to operate
Individual ban from industry
Temporary restriction from undertaking business
Temporary prohibition from taking on new business
Public censure
Losing client business
Financial penalty
Financial penalty with mandated operational change
Investigation
Supervisory letter
Operational change
The ultimate consequence of failure to comply with
regulatory requirements. Most frequently happens in the
context of a request for a new licence or new regulated
entity rather than withdrawing an existing licence.
Often not public as the firm agrees to wind-down prior to
being forced.
Example - Vantage Investment Group Limited (2016)
This could also include situations where the
fine/operational change makes the business unviable.
5. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 5
Permeant withdrawal of licence to operate
Individual ban from industry
Temporary restriction from undertaking business a
Temporary prohibition from taking on new business a
Public censure a
Losing client business a
Financial penalty a
Financial penalty with mandated operational change a
Investigation a
Supervisory letter a
Operational change a
Individual ban from industry
Caused when an individual is deemed to be no longer Fit
and Proper to perform a controlled function. Often as a
result of a very serious failing.
Examples
- Neil Danziger (2018) – Fine and Prohibition (LIBOR)
- Mrs Colette Chiesa (2017) – Fine and Prohibition
(Investment advisory)
- Clive John Rosier (2017) – Fine and Prohibition
(Complaints handling and investment advisory)
6. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 6
Permeant withdrawal of licence to operate
Individual ban from industry a
Temporary restriction from undertaking business
Temporary prohibition from taking on new business a
Public censure a
Losing client business a
Financial penalty a
Financial penalty with mandated operational change a
Investigation a
Supervisory letter a
Operational change a
Temporary restriction from undertaking
business
Often where a firm has not sought in sufficient time the
necessary permission or has not implemented regulatory
changes on time (MiFID II) where the effect is they may
not undertake a specific business line.
Likely to be a frequent occurrence if firms have not got
their post-Brexit licences in EEA jurisdictions or indeed in
the UK where branch passports are no longer valid.
CFD selling, promotion of UCIS to retail and lack of LEI as
an example.
7. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 7
Permeant withdrawal of licence to operate
Individual ban from industry a
Temporary restriction from undertaking business a
Temporary prohibition from taking on new business
Public censure
Losing client business a
Financial penalty a
Financial penalty with mandated operational change a
Investigation a
Supervisory letter a
Operational change a
Temporary prohibition from taking on new
business
Frequently seen in relation to financial crime-related
failures rather than conduct or prudential failures.
Public censure
A side-effect from a Decision Notice which may also
include a financial penalty.
CASS is a good example.
8. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 8
Permeant withdrawal of licence to operate
Individual ban from industry a
Temporary restriction from undertaking business a
Temporary prohibition from taking on new business a
Public censure a
Losing client business
Financial penalty a
Financial penalty with mandated operational change a
Investigation a
Supervisory letter a
Operational change a
Losing client business
As a result of:
public censure;
additional client disclosures;
not managing client communications during
regulatory change; or
mis-understanding regulatory requirements.
9. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 9
Permeant withdrawal of licence to operate
Individual ban from industry a
Temporary restriction from undertaking business a
Temporary prohibition from taking on new business a
Public censure a
Losing client business a
Financial penalty
Financial penalty with mandated operational change
Investigation a
Supervisory letter a
Operational change a
Financial Penalty…
Consequence of enforcement action or FOS decision (if
eligible complainant).
Note also potential fines from GDPR.
…with mandated operational change
Which might be more disruptive / costly than the fine.
10. What?
…could go wrong?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 10
Permeant withdrawal of licence to operate
Individual ban from industry a
Temporary restriction from undertaking business a
Temporary prohibition from taking on new business a
Public censure a
Losing client business a
Financial penalty a
Financial penalty with mandated operational change a
Investigation
Supervisory letter
Operational change
Investigation
Business disruption during the investigation, cost of
employing additional resources and paying for the skilled
person.
Might not lead to any regulatory action but still very
disruptive.
Supervisory letter
Risk Management Points following thematic review or Risk
Mitigating Plan following a Supervisory visit. Non-public
and may not necessarily lead to enforcement action but
may require the investment of significant resources
(including external support) to deliver.
Operational change
Financial and operational cost of changing business
practices to comply with new regulation.
11. Volume of business (int)
Errors or issues can be spread over a higher number of
client accounts and the financial or market impact could be
higher.
What?
…drives the likeliness of the risk occurring?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 11
Type of client (ext)
Complexity of business (int)
Volume of business (int)
Supervisory approach or regulator (ext)
Management of regulatory change (int)
Peer group regulatory action (ext)
Internal supervisory approach (int)
Internal supervision resources (int)
Training / clarity of policies (int)
Robustness of technology (int)
Complexity of regulatory requirements
Type of client (ext)
More supervisory focus for retail v.s. professional.
Complexity / degree of judgement in business
(int)
Higher inherent propensity for errors to arise in these
situations.
12. What?
…drives the likeliness of the risk occurring?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 12
Type of client (ext) a
Complexity / degree of judgement in business (int) a
Volume of business (int) a
Supervisory approach or regulator (ext)
Management of regulatory change (int)
Peer group regulatory action (ext) a
Internal supervisory approach (int) a
Internal supervision resources (int) a
Training / clarity of policies (int) a
Robustness of technology (int) a
Complexity of regulatory requirements a
Supervisory approach or regulator (ext)
Some issues are always “hot topics” and are
permanently on the minds of the supervisors…
…others are fads.
Management of regulatory change (int)
Insufficient amount or quantity of internal
resources leads to increased likelihood of:
misinterpretation
systems not being designed correctly
lack of time for supervision of change
13. What?
…drives the likeliness of the risk occurring?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 13
Type of client (ext) a
Complexity / degree of judgement in business (int) a
Volume of business (int) a
Supervisory approach or regulator (ext) a
Management of regulatory change (int) a
Peer group regulatory action (ext)
Internal supervisory approach (int)
Internal supervision resources (int) a
Training / clarity of policies (int) a
Robustness of technology (int) a
Complexity of regulatory requirements a
Peer group regulatory action (ext)
Barometer.
If it could happen to them…
Internal supervisory approach (int)
If there is limited compliance monitoring (in its variety of
forms) then the issues may not be identified in a timely
fashion.
14. What?
…drives the likeliness of the risk occurring?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 14
Type of client (ext) a
Complexity / degree of judgement in business (int) a
Volume of business (int) a
Supervisory approach or regulator (ext) a
Management of regulatory change (int) a
Peer group regulatory action (ext) a
Internal supervisory approach (int) a
Internal supervision resources (int) a
Training / clarity of policies (int)
Robustness of technology (int)
Complexity of regulatory requirements
Training / clarity of policies (int)
If the 1st line doesn’t understand the rules then it limits the
scope for self-identification of issues.
Robustness of technology (int)
Embracing “reg tech” or at least having a robust approach
to technology enabled solutions can assist firms in
reducing the likelihood of regulatory risk crystallising.
Complexity of regulatory requirements
Use your regulatory budget wisely. Focus time and effort
on those complex areas.
15. What?
…drives the impact?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 15
Actual or potential quantity of client detriment
Amount of market impact
Pervasiveness of issue within the business
Length that failings have persisted
Comparison to peers (Ext)
Extent of any governance failings
Other action taken in this area (Ext)
Seriousness of control failings
Extent of cooperation with the regulator
Regulatory confidence (goodwill) in the firm
“FCA political” environment (Ext)
Reaction times (Int/Ext)
All these items will drive the size of the
“stick” if there has been a failing.
16. What?
…operational issues did we see in 2017?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 16
Everything related to
transaction reporting
Logic for internally built best
execution reports
Business continuity test
failuresControlling mark-ups across
group entities
17. What?
…What are the specific regulatory risks in 2018?
Eversheds Sutherland | Regulatory Risk | 10 January 2018 17
Regulatory Change Thematic
Structural
GDPR
Prudential
Brexit
AML /
Financial
Crime
Cyber
SMCR
MiFID II
ESMA
Supervision
Customer
vulnerability
PSD II
Data
Resolution