Introduction

Amid the uncertainty brought about by the end of the Brexit transition period and the ongoing Covid-19 pandemic, asset managers should be aware that the UK Financial Conduct Authority (“FCA”) will retain an active approach to financial crime and regulatory enforcement in 2021. In the FCA’s areas of focus in the asset management industry are likely to be:

• Ensuring firms are continuing to operate effective systems and controls despite the disruptions caused by the ongoing pandemic. Indeed, a recent FCA Market Watch newsletter[1] reminded firms of the importance of effective controls for monitoring and recording communications and the role those controls play in deterring and detecting market abuse.
• Overseeing firms’ progress in addressing the areas of concern set out in last year’s “Dear CEO” letters to the asset management industry, including prioritising effective governance through the application of the Senior Managers and Certification Regime (SM&CR).[2]

Potential areas of enforcement focus in 2021

The FCA’s open cases as at 31 March 2020 highlight the emphasis placed by the FCA on financial crime (71 open cases) and insider dealing and market manipulation (117 open cases). While Covid-19 may have impacted the FCA’s enforcement capacity, we anticipate a continued emphasis on both of these areas, with firms needing to adapt to the evolving risks presented by new working environments. The areas we consider are likely to be a focus for the FCA over the next 12 months in its pre-enforcement and enforcement activity are set out below.

Market abuse

In last year’s Dear CEO letter, the FCA observed that there was “significant scope for improvement,” in alternative investment firms’ market abuse controls.[3] These risks have been heightened by the pandemic and, even prior to the pandemic, market abuse was a significant focus for the FCA. In an October 2020 speech, the FCA made it clear that “going forward, office and working from home arrangements should be equivalent – this is not a market for information that we wish to see be arbitraged.”[4] The FCA’s expectations in this area will require asset management firms to:

• Continuously update market abuse risk assessments and policies to ensure they remain fit for purpose amid changing working environments.
• Ensure that where encrypted messaging apps or video conferencing facilities are used for in-scope activities – including managing investments – they are “recorded and auditable”.
• Regularly review insider lists, those who have access to them and consider the changing nature of what constitutes inside information – for example, knowledge of whether a company has utilised the furlough scheme.
• Implement rigorous oversight processes reflecting the new working environment.

Cum ex issues

Firms involved in lending equities around dividend dates should review their practices for potential exposure to the world’s largest tax evasion investigation into dividend-stripping schemes, known as the “Cum Ex” investigation, with the FCA currently in the process of determining whether to take regulatory action against participants.

Short selling strategies

The FCA’s enforcement activity in 2020 included its first fine under the EU Short Selling Regulation in connection with a firm’s failure to make appropriate notifications and disclosures of a net short position. Short selling has recently been (indirectly) under scrutiny and firms employing short selling strategies should be particularly conscious of their reporting obligations.

AML systems and controls

AML systems and controls will remain high on the FCA’s agenda with a particular focus on governance by senior managers and the prominence afforded to AML within firms’ governance models. Recent enforcement activity demonstrates that firms and senior managers must ensure a comprehensive documented process for exiting customer relationships, a process for refreshing KYC checks, and effective transaction monitoring systems.

Alternative investment funds dealing with cryptoassets must also be alert to the heightened money laundering risks. We anticipate that further regulation and enforcement with respect to cryptoassets is inevitable, with HM Treasury launching a consultation and call for evidence in January 2021 on the UK regulatory approach to cryptoassets.[5]

AML issues are not just a focus in the UK. The US FBI identified concerns last year over the use of the private placement of funds, including investments offered by hedge funds, to launder money and evade sanctions, and has cited a lack of adequate controls as a risk area.

Sanctions systems and controls

The FCA is alert to sanctions systems and controls failures and some of the largest ever fines issued by the FCA have touched on weaknesses in sanctions-related controls. The UK sanctions regime has also changed as a result of Brexit.Firms must ensure that their sanctions screening systems take into account both the new UK sanctions regime and any nuances in the way that existing sanctions legislation has been updated post-Brexit.

Individual accountability – SM&CR

The FCA flagged in their Dear CEO letter last year to asset managers that “Overall standards of governance…generally fall below our expectations”[6] and have reiterated in a recent Market Watch newsletter that Senior Managers have an important part to play in embedding the right culture and governance within firms.  Senior managers should ensure their governance processes place sufficient emphasis on the implementation of SM&CR and should expect the FCA to take particular interest in any failings.

Senior managers should feel confident that:  

• They understand the regulatory environment of their business.

• They have the right compliance tools and management information to enable them to effectively carry out their roles,
• Policies and procedures are appropriately tailored to their business model and are comprehensive and robust enough to discharge responsibilities under the Market Abuse Regulation (MAR).

Cybersecurity

The damage from the recent Solar Winds hack in the US has been substantial and, in light of widely reported increases in cybercrime (along with the FCA’s focus in its Dear CEO letters to asset managers on managing technological and cyber risks), firms would be well advised to ensure that their cybersecurity systems and controls are sufficiently robust.

Client Assets

The FCA has recently taken action for failures in the adequate protection of client assets, even in circumstances where no actual client assets or money were lost. Client asset arrangements are a perennial focus for the FCA; in its 30 September 2020 ‘Dear CEO’ letter, the FCA set out that it is imperative to maintain adequate arrangements to safeguard client assets amid the uncertainty caused by Covid-19.[7]

Conflicts of interest

The FCA requires firms to manage conflicts of interest fairly, as conflicts may arise between the interests of the fund and investors, and also between affiliates such as AFMs and delegated investment managers.  The FCA is currently investigating 11 fund firms as part of its review into Authorised Corporate Directors (ACDs). This relates to potential conflicts of interest around external ACDs’ governance and oversight of retail investment funds. The FCA has also taken action when institutional clients have been treated differently to retail clients.

Firms and senior managers need to ensure that they have controls in place to identify conflicts at all levels and structures, both vertical and horizontal, to enable appropriate disclosures to be made when necessary.

Environmental, Social and Governance (ESG) for the regulated sector

Asset managers are subject to increasing regulatory disclosure requirements in relation to sustainability risk and ESG issues. One example is the EU Sustainable Finance Disclosure Regulation[8] which applies to asset managers established in the EU and those marketing to EU-based investors via National Private Placement Regimes. The UK has also produced a ‘regulatory roadmap’ that will ultimately require managers to disclose against the Task Force for Climate-related Financial Disclosures.

Where asset managers are required to disclose their approach to sustainability risk and ESG, regulators may be increasingly focused on the suitability and accuracy of those disclosures and it may also present risks of litigation from investors.

Regulatory permissions

The FCA has also taken action where firms have had incorrect permissions for the activities they are carrying on. On the other hand, the FCA recently announced in response to a high-profile independent investigation into a collapsed investment fund that it will “undertake a ‘use it or lose it’ exercise, with firms that have not used their regulatory permissions to earn any regulated income for the last 12 months at risk of having their Authorisation revoked, to reduce the risk of firms using a permission to carry out regulated activity purely to add credibility to their unregulated activities.”[9]

These recent events are reminders for firms to ensure they have the appropriate regulatory permissions and that they cancel any permissions that they no longer require.

What can firms do?

It is clear from FCA statements that the regulator is not substantially relaxing its expectations of firms because of the challenges of different working practices arising from the pandemic. Firms, and particularly asset managers, must assess the adequacy of their systems and controls in the areas highlighted here and in the FCA’s previous Dear CEO letters, and take risk mitigation steps to remedy weaknesses.