The FCA’s “Dear CEO” letters are a bit like buses; you wait months for one and then three come along at once. Since the turn of the year we have had one “Dear CEO” and two portfolio letters addressed to chief executives. All three papers are focused on the prevention of harm to the clients of the financial services sector. Harm to client was also a big theme in the FCA’s recently published sector review. Together, are these early indications that the FCA is about to start showing its enforcement “teeth” again?
The second letter, dated 20 January, is addressed to the asset management sector and covers a wide range of specific challenges to that sector that the FCA intends to focus on and which therefore, by extension, the industry needs to get its act together on. The challenges are fund liquidity management, firm’s governance with particular reference to the Senior Management and Certification Regime (SMCR), product governance, Asset Management Market Study (AMMS) remedies, LIBOR transition preparation, EU withdrawal and Operational Resilience. I thought it might be interesting to focus on the last of these challenges.
Reliance on Technology
The FCA states that “Asset managers are heavily reliant on robust and reliable technology, which underpins the smooth operation of their businesses and the protection of client assets. We expect your firm to ensure it manages its technology and cyber risk appropriately, including through appropriate oversight of third-party firms and intra-group service providers.”
Nothing new in that perhaps, as the paper points out, higher risk asset managers are already subject to FCA proactive technology reviews. However, the rest of that paragraph is unsettling. Using the understated and extremely moderate language of a “Bond villain” to remind firms that they could be “selected to participate” or that the FCA may “choose to involve” them in these types of reviews in the future.
The FCA also has a consultation paper (CP19/32) out on “Building operational resilience: impact tolerances for important business services and feedback to DP18/04”, which is aimed at the wider financial services sector including Enhanced scope Senior Managers Certification Regime (SMCR) firms. It is therefore undeniable that systems resilience will remain close to the FCA’s heart for the foreseeable future.
Is it time therefore to review your firm’s technology stack or that of your outsourcers? Well the answer to that is probably yes but not just because of the threat of an FCA inspection. While much of the asset management industry has moved processes such as CRM or corporate accounting to the cloud or to a full SaaS model, there still appears to be some reluctance to move core administration functions there. However, if long-term resilience is your firm’s goal then surely hosted or SaaS services must be the way to go.
To get the full benefits from the cloud requires more than just a “lift-and-shift” of your existing applications. Once there, your firm needs to develop or upgrade its applications to a true cloud-native standard if it is to get the full cost, performance and resilience benefits of the cloud. However, if this is done it should allow your firm to move to a standard configuration of its applications and allow it to achieve a higher level of automation of its support processes.
Thereafter the cloud in many ways is a driver and facilitator of the necessary change, as standard systems can be more easily supported, upgraded, tested and delivered as part of a supplier’s service model. Without this strategic level of rethinking, going forward, asset management firms may struggle to implement new products and propositions, drive ongoing efficiency improvements and meet new compliance requirements. Leaving them vulnerable to new fintechs entering the market with a more tech-savvy approach.
It is easy to commiserate with firms faced with this level of challenge, but the reality is that they may have little choice. Perhaps the most threatening note in the “Dear CEO” letter was the FCA’s reminder to firms that there remains a fundamental requirement to report material technological failures or cyber-attacks on it. I wouldn’t want to be the firm making too many of those type of reports.
Visit us at TSAM
We will be at TSAM in London on the 10th of March so if you would like to speak to us further about how Cashfac’s Asset Management Solutions can help, please fill in your details below.