2023 Regulatory Outlook: 5 Key Trends

In the absence of movement from the EU on equivalence, an opportunity presents for the UK to competitively distinguish its regulatory environment. It was partly in this spirit that, on 9 December 2022, Jeremy Hunt, the Chancellor of the Exchequer, announced a programme of reform designed to drive growth and competitiveness in the financial services sector: Financial Services: The Edinburgh Reforms – GOV.UK (www.gov.uk).  We summarised the proposals and considered their likely impact in our article published on 12 December 2022. This year will see this programme advance with a flurry of discussion and consultation papers. 

Jeremy Hunt has pulled back from describing this package of reform as a “Big Bang”. The more modest labelling of the programme may be a recognition that many of the reforms are unlikely to significantly impact the competitiveness of UK financial services. The reforms represent 31 measures or projects, some already underway or long trailed, such as implementing changes arising from the Wholesale Market Review; and others that will take years of work and aren’t designed to increase competitiveness, such as reform of the Consumer Credit Act 1974 (CCA). 

Although not forming part of the 31 measures, the government has now published various final consultations on plans to reform Solvency II, unlocking more than £100bn pounds for UK insurers to invest in long-term productive assets. It has also previously announced a relaxation of bankers’ bonus caps and a reduction from 1 April 2023 of the banking surcharge rate (from 8 to 3 percent). 

The Financial Services and Markets Bill 2022-23 (the FSM Bill) already proposes a new blueprint for financial services regulation, revising the existing model under the Financial Services and Markets Act 2000 (FSMA) and providing the framework for the revocation of retained EU law. Under this framework, UK regulators assume greater responsibility for determining regulation while retained EU law is gradually moved into the FCA/PRA rulebooks. 

The government has yet to respond with proposals with regards to the UK’s overseas framework following its call for evidence. We expect to see a consultation paper this year. The UK currently takes an unusually liberal approach to overseas firms operating in the UK compared to states with which it would compete. It does this through a relatively loose interpretation of the perimeter and through the use of exemptions such as the overseas persons exclusion. Any change to this liberal position would be consequential. 

2) Continued focus on consumer protection 

The Consumer Duty

The FCA continues to prioritise consumer protection. The principal vector for this focus is the new consumer duty, designed to establish a higher standard of conduct for firms in relation to their retail market activities. It represents a ramping up of the FCA’s (and before it, the FSA’s) longstanding commitment to Treating Customers Fairly (TCF).  

Deadlines 

The deadline for Boards to agree implementation plans in respect of the Duty was 31 October 2022. The next deadlines are as follows: 

• 30 April 2023: manufacturers to have completed all the reviews necessary to meet the outcome rules for their existing open products and services so they can share with distributors to meet their obligations under the Duty, and identify where changes need to be made;  
• 31 July 2023: implementation deadline for new and existing products or services that are open to sale or renewal; and 
• 31 July 2024: implementation deadline for closed products or services. 

The Consumer Duty summarised 

The Duty comprises a new Consumer Principle (that “a firm must act to deliver good outcomes for retail customers”) supported by cross-cutting FCA rules and 4 new outcomes defining FCA expectations (the Four Outcomes). 

The cross-cutting rules require firms: 

• to act in good faith; 
• to avoid causing foreseeable harm; and 
• to enable and support retail customers to pursue their financial objectives.  

The Four Outcomes represent key elements of the firm-consumer relationship which are instrumental in helping to drive good outcomes for customers.  It is these outcomes which will be the focus of the FCA’s assessment of firms’ compliance: 

Communications: The FCA requires firms to communicate in a way that, in addition to being fair, clear and not misleading, is understandable and facilitates informed consumer decisions, especially around costs, risks and benefits. 

Products and Services: Building on FCA product governance rules, the FCA requires that products and services are specifically designed to meet the needs of consumers, and sold to those whose needs they meet. 

Customer Service: The FCA considers that consumers should be able to realise the benefits of products and services without undue hindrance especially around post-sale service and exit from a product or service. 

Price and Value: The FCA expects that products and services should represent fair value for consumers. The FCA requires that firms should be able to demonstrate that the benefits of their products and services are reasonable relative to their price.  Although the FCA states that it is “not proposing to set the levels at which firms should price their products or services….In future we may need to use our regulatory tools to make such interventions where markets are failing to deliver fair value“.  Any further trend towards price regulation in financial services would be concerning.  

Vulnerability

The Consumer Duty is being introduced against the backdrop of the FCA’s “clarification” of its expectations around the fair treatment of vulnerable consumers in its finalised guidance published in February 2021. The guidance is relevant to all firms involved in the supply of products and services to retail customers who are natural persons, even if they do not have a direct client relationship with the customers. Broadly, a vulnerable consumer is defined as someone who, due to their personal circumstances, is especially susceptible to harm.  A real challenge for firms is that in the FCA’s ‘Our Financial Lives 2020 survey’, it found that just under half (46%) of UK adults 24.1 million people), display one or more characteristics of vulnerability.  

Financial Promotions

With a view to strengthening the financial promotion rules for high-risk investments the FCA is implementing new rules classifying “high-risk investments”; segmenting the high-risk investment market; introducing frictions into the customer journey; and restricting the ability of FCA authorised persons to approve third-party financial promotions to those firms with the express permission.  See PS22/10 for the detailed proposals.

Under the new rules, the FCA has “rationalised” high-risk investments into two categories: (i) restricted mass market investments (RMMIs), including non-readily realisable securities (e.g. unlisted securities), and peer-to-peer agreements; and (ii) non-mass market investments (NMMIs), including non-mainstream pooled investments (e.g. units in unregulated collective investment schemes), securities issued by SPVs and speculative illiquid securities (e.g. mini bonds).  

The new rules also introduce “frictions” into the customer journey where RMMIs and NMMIs are offered to retail investors. These include:

• New risk warnings and risk summaries (with prescribed wording required in some circumstances); 

• Certain promotions of some high-risk investments being limited to high net worth, certified, self-certified or “restricted” investors only; 

• A ban on “inducements” (such as new joiner bonuses); 

• New 24 hours cooling off periods applicable to certain promotions; and 

• Changes to appropriateness assessments to prevent retail investors gaming or circumventing such assessments.  

All of these rule changes will be in force from 1 February 2023.

Firms approving financial promotions for third-parties will require a “gateway” permission from the FCA and will also be required, inter alia, to take a more active role in ensuring that promotions remain complaint for as long as they are being used. These new rules are expected to be finalised in the first half of 2023. These changes are likely to significantly constrain the ability of unregulated firms to have their financial promotions approved for distribution to retail customers. 

As part of the Edinburgh Reforms, the government plans to repeal the PRIIPS Regulation with a view to an alternative framework for retail disclosure in the UK.   

Broadening access to financial advice  

One of the issues with overprotective regulatory regimes is that the supply of services can become restricted. In November 2022, the FCA published CP22/24: Broadening access to financial advice for mainstream investments in which it proposed a new “core investment advice regime” to facilitate firms to provide mass‑market consumers with straightforward financial needs greater access to simplified advice on investing into mainstream products, specifically within stocks and shares ISAs. In particular, the FCA proposed: 

• Proportionately reducing the existing qualification requirements to reflect the lower risk of this narrow scope advice, focused on only the necessary technical and regulatory understanding to advise on mainstream investments. 

• Reframing the existing suitability requirements to reflect the narrower scope and complexity of this advice relevant to the decision that consumers will be making. 

• Limiting the possible investments advisers can recommend under the new regime to a set of mainstream investments by excluding any recommendations to invest in high‑risk investments. 

• Allowing greater flexibility in charging structures to allow consumers to pay for transactional advice in instalments 

3) Crypto regulation extended 

The current UK position is that cryptoassets which amount to security tokens or e-money tokens, and derivatives which reference cryptoassets, are regulated financial instruments. The UK Money Laundering Regulations 2017 (MLRs) also now apply a registration requirement to UK-based “cryptoasset exchange providers” and “custodian wallet providers”. However, the application of the MLRs, and financial services regulation more generally, to non-fungible tokens (NFTs), decentralized exchanges, peer-to-peer platforms and decentralised autonomus organisations is not clearcut – requiring legal advice analysing the particular facts. 

The UK and EU are now moving towards more comprehensive regulatory regimes for crypto issuers and service providers. This determination is likely to have been fortified by the FTX collapse which may have shifted the balance between considerations of consumer detriment and a desire to facilitate innovation. Both the UK and EU are prioritising the regulation of stablecoins used as a means of payment requiring a regulatory licence in connection with their issuance, value stabilisation and reserve management, custody and exchange services.  

One option for the UK’s approach to the further regulation of cryptoassets would be to follow the EU’s Markets in Cryptoassets Regulation (MiCA) which comes into force, in a staged manner, from spring 2023. As well as the regulation of stablecoins, MiCA would, likely from late 2024, require the authorisation of crypto custodians, exchanges, advisers and portfolio managers. 

Crypto marketing will be brought into the UK financial promotions regime this year. The regime will apply to a wide range of “qualifying cryptoassets” (widely defined) and will severely restrict the marketing of cryptoassets in the UK, which will either have to fall within a limited range of exemptions or be pre-approved by FCA authorised firms with a relevant permission to approve financial promotions.

From 1 September 2023, FCA-registered cryptoasset exchanges and custodian wallet providers will be required to share personal information about the originator and beneficiary in relation to transfers of cryptoassets. This requirement flows from the UK’s version of this FATF rule, known as the travel rule, which is to be added to the MLRs.

The Bank of England and Treasury continue to move forward with plans to launch a Central Bank Digital Currency (CBDC). A consultation is imminent to assess the case for a UK CBDC looking at the merits of doing more work to develop an operational and technology model for one. 

4) A fragmented approach to ESG disclosures 

The regulatory agenda in relation to environmental, social, and governance (ESG) continues to gather pace with divergent approaches across jurisdictions. The FCA is currently consulting (in CP22/20) on plans to introduce: 

• Sustainable investment product labels comprising three categories – including one for products improving their sustainability over time – underpinned by objective criteria.  The use of these labels will be voluntary but any products that do not qualify for these labels will face limitations in terms of their marketing and naming. 

• Restrictions on how certain sustainability-related terms – such as ‘ESG’, ‘green’ or ‘sustainable’ – can be used in product names and marketing for products which don’t qualify for the sustainable investment labels. The FCA is also proposing a more general anti-greenwashing rule covering all FCA firms.  

• Consumer-facing disclosures to help consumers understand the key sustainability-related features of an investment product. 

• More detailed disclosures, suitable for institutional investors or retail investors that want to know more. 

• Requirements for distributors of products, such as investment platforms, to ensure that the labels and consumer-facing disclosures are accessible and clear to consumers. 

The FCA is also stepping up its supervisory engagement on sustainable finance and enhancing its enforcement strategy. This includes checking how firms have responded to the expectations set out in the Dear Chair letter issued to authorised fund managers in July 2021. 

Meanwhile, this year will see the EU move to more detailed Level 2 requirements under the EU Sustainable Finance Disclosure Regulation (SFDR).

5) Operational resilience within and without firms

Operational resilience continues to require the focus of firms as a regulatory priority. By 31 March 2022, relevant in-scope firms had to be compliant with the FCA’s rules on operational resilience. In-scope firms included not only banks, insurers and enhanced scope SMCR firms, but also all payments firms. Such firms must have identified their important business services, set impact tolerances for the maximum tolerable disruption, and carried out mapping and testing. Firms must also have identified any vulnerabilities in their operational resilience. Vulnerabilities must be addressed no later than the 31 March 2025. After this date, firms must remain within impact tolerance levels in the event of severe but plausible disruption.  

Senior management will be held to account for delivering operational resilience. The board must approve and regularly review the documentation which records compliance with the regime. The FCA has made clear that responsibility for signing off operational resilience documents should not be delegated to someone that is not on the board. 

In connection with outsourcing, the FCA continues to have regard to the prescriptive European Banking Authority guidelines on outsourcing which apply to PRA-regulated firms and payment and e-money institutions. 

UK critical third party regime 

HM Treasury has made proposals to address systemic risks that can emerge where several regulated entities rely on a common service provider. In order to mitigate this concentration risk, the UK regulators will be empowered to oversee some unregulated tech firms providing critical services to the regulated sector. 

The powers, derived from the FSM Bill, will give HM Treasury the power to designate a person who provides services to financial services firms or financial market infrastructure as a “critical third party”. This designation would be on the basis that the failure of, or disruption to, those services could threaten the stability of or confidence in the UK financial system – taking account of the materiality of the services to activities that are essential to the UK economy or to the stability, or confidence in, the UK financial system; and the number and type of recipients to which the third party provides services. The FCA, PRA and Bank of England will make rules this year in connection with the provision of critical services, presumably in connection with minimum resilience standards  

EU regulation

Meanwhile, in the EU, the digital operational resilience act, or DORA aims to harmonise higher resilience standards across the EU. Like the UK regime, DORA expects sources of Information and Communication Technology (ICT) risk to be identified, interdependencies mapped and risk tolerance levels set. However, in what will be a challenge for firm, there are differences. For example, DORA explicitly requires firms to use up-to-date, reliable and resilient ICT, and DORA’s concept of a risk tolerance limit is not the same as the UK definition for impact tolerance.  

DORA also includes an equivalent to the UK’s critical third party regime allowing the European Supervisory Authorities to designate and directly oversee what DORA calls “critical ICT third party service providers”.