Regulation Redux: Grid, cyber, economy, Authorization and Big Tech

Financial services commentator and former regulator Gavin Stewart rounds up November’s UK regulatory events.

The Financial Services Regulatory Initiatives Forum’s Grid, the latest version of which has just been published, always warrants close inspection. Since its first edition in May 2020, the Grid has grown from 20 to 64 pages, and this time, at a quick count, nearly 40 initiatives have been rescheduled and just over 30 that are new.

I’ve been a fan of the Grid since it started, but there is a risk here that it might eat itself. At the regulator, I was involved in more than a few initiatives that started out relatively streamlined and efficient, but then gradually collapsed in on themselves under the weight of requests for more detail, which then stimulated more debate over wording, and the related inclusion of projects originally seen as below the threshold. In the Grid‘s case, there is also probably an increase in external feedback to respond to.

Three other areas of the Grid worth examining: how many initiatives are high impact and whether they are the right ones; which initiatives have had their timing updated multiple times; and which have had their scope materially reduced.

Looking outwards?

This recent debate in Hong Kong on the source of the next financial crisis is a reminder that regulators need to keep looking outwards for possible risks – not everything that matters is in front of you, originates in the UK, or revolves around Westminster.

This is hard for regulators to do consistently well, as there are huge forces pulling them inwards to focus on the many big issues they already know about. The FSA tried to fill this gap with its Financial Risk Outlook (FRO) but, as the various post-crisis dissections demonstrated, the regulator largely failed to translate the FRO’s insights into supervisory strategy. And while the FCA started with ambitious outward looking plans, it quickly turned inwards.

Hopefully, the FCA and PRA are tracking some of these wider risks and debates and feeding them into its strategy and planning. But given the other pressures the regulators currently face, the short term incentives to do so will be weak.

Remember cyber

The ransomeware attack on Allen & Overy is a reminder of the continuing threat of cyber and the long term importance of improving the industry’s operational resilience. The latter has faded into the background somewhat as more immediate risks and initiatives, often with a bit more glamor attached, have taken centre stage.

Arguably, for example, operational resilience and, more specifically, minimizing the probability and impact of cyber attacks are as important for consumer protection as the Consumer Duty, but their profile will always be smaller … until there is a major incident. Behind the scenes, supervisors and firms are hopefully ploughing on with the good work.

It’s the economy, stupid

Confirmation from the ONS that UK productivity has stagnated since the 2007/09 financial crisis has since been brought into sharp relief by the Resolution Foundation.

Regulators have often underestimated the impact of this stagnation – starting with the real terms flatlining of wages – on both the risks to their objectives and their ability to manage those risks. This was evident in the FSA during the crisis, and even more at the FCA in the early years of austerity, during which it took on responsibility for consumer credit. More recently, it’s not clear that the cost of living crisis was properly taken into account when the FCA set the outcomes and metrics that underpin its current strategy.

There are significant risks the other way too, of course, not least of being accused of lack of ambition. But as it stands, the risk of regulators setting themselves up to fail seems bigger.

Measuring authorization

The FCA Authorisation metrics always present a fascinating window into the regulator’s activity, but it’s important to understand their context. Fortunately, the FCA provides a good deal of information to help.

For example, the number of cases decided in the quarter varies between 1 and 1,984 and the complexity of the type of decision also varies hugely.

Consequently, providing the quality of assessment was maintained, increasing the percentage of SMCR-related Approved Person cases decided – of which there were 1,397 – from 82.8% to 97.2% over the last five quarters looks to be a different order of achievement from any of the other changes.

These SMCR cases (relatively complex judgments) will have been a particular challenge because a substantial proportion of them will be context specific, materially dependent on the firm involved. As such, liaison with the supervisors is both important and potentially time-consuming, and so generating such a jump will have needed improvements in both process and resourcing.

Big Tech and regulators

The FCA feedback statement on the responses to its recent discussion paper on Big Tech is only the latest step in what I suspect will become an elaborate dance between regulators and the major tech companies.

Three aspects to watch out for along the way:

  1. The development of tech, for example as AI use cases grow in number and significance, will alter the balance of value brought by the two sectors to the partnerships.
  2. As a result, the nature of the partnerships between tech and financial services firms will change. I suspect the former will do more over time and that, as a consequence, regulators will feel increasingly distant and unsighted, and therefore uncomfortable, with the arrangements.
  3. How regulators then respond, in the face of pressure from industry and politicians, to amend/evolve/lower their standards to enable greater competition.

This is an area, where internationally, regulators should be seeking a common approach.

Gavin Stewart is an independent commentator on financial regulation; former regulator; novelist; ex-international rower and sports administrator. He has 27 years’ experience working for financial services’ regulators (Bank of England, FSA & FCA), holding a wide variety of roles including as a Bank of England Supervisor, FSA Head of Strategy, Planning & Performance, and FCA Chief Risk Officer.