Adapting to change or falling behind? The FCA under fire from the National Audit Office

On 8 December 2023 the National Audit Office (NAO) published its report ‘Financial services regulation: Adapting to change’. 

This report examines the ability of the Financial Conduct Authority (FCA) to respond to change in the financial services sector and its new responsibilities and remit. It concluded that whilst the FCA has made changes in attempts to align with the ambitions of the Government for the financial services sector, these changes were both too slow and too disruptive. 

The FCA

The FCA regulates financial markets and around 50,000 firms in the UK, in an industry worth more than £170 billion to the UK economy. 

In 2020-21 the FCA began a transformation programme, spending over £300m to make structural and cultural changes, as well as hire and create new roles. This transformation however, is yet to be completed.

Post Brexit, the Financial Services and Markets Act 2023 was introduced to give additional responsibility to the FCA, allowing it to develop regulation and assist in the government’s ambitions to grow the UK economy. This means that the FCA has been tasked with further change to adapt to its increased regulatory powers and remit. Alongside this, significant advancements in technology are resulting in further changes in the financial services sector such as the fast-paced development of crypto-assets and AI. The associated risks are something the FCA must consider going forward. 

Key findings and recommendations in the NAO report

In light of these changes, the NAO conducted their review into how the FCA was managing its new responsibilities. Some of the key findings are considered below:

1. Delays

The NAO report of “significant delay” in some instances for the FCA to take regulatory action after identifying an issue.

The report cited crypto as being a key area where this is evidenced, explaining that whilst new anti-money laundering regulations came into effect in January 2020, the FCA did not begin enforcement action until over three years later, in 2023.

2. Powers

The NAO did acknowledge that in some areas such as the Buy Now Pay Later credit provider market, the Government still needs to pass additional legislation in order for the FCA to have the power it needs to act. 

3. Staff shortages

One of the issues the NAO noted as a contributor to delays, is the staff turnover.

The report notes that whilst turnover has recently fallen, staff shortages mean risks remain. The FCA itself has acknowledged that it faces staffing issues, specifically in relation to the retention of skills for specialist areas such as crypto and financial crime.  

The NAO recommended further development to the FCA’s strategic workforce planning, to “develop and maintain a long-term plan for workforce needs” by September 2024.

4. Reporting

The NAO criticised the FCA for its insufficient reporting. 

As a regulator, the FCA must report on its performance in the interests of transparency. The NAO report that the FCA’s public performance reporting fails to provide adequate information to the government and that information that is reported is “complex and makes it difficult for stakeholders, including HMT, to judge its performance”. 

The NAO’s report recommends further implementations for 2024, with an autumn deadline for developments to data reporting on its performance and improvements to its operational processes. It recommends improvements to planning and to operational processes, as well as to work directly with both stakeholders and HM Treasury to ensure that new mechanisms for independent accountability that the FCA hope to introduce this year, are effective.  

5. Data

As part of its transformation programme in 2020, the FCA created a five year strategy with the aim to become an efficient data-led regulator. 

In the two years following, concerns were raised over the FCA’s data architecture and management. At the end of 2022, internal risk management systems recorded around 70 data risks. 

In July 2023 all four of the FCA’s risk categories (utilisation, acquisition, quality and storage) were rated as red and requiring intervention. The FCA recognised discrepancies across the business with its approach to identifying, assessing and mitigating data risks. 

The NAO does acknowledge that the FCA “is still working on collating identified data risks across the organisation to be able to manage them consistently”. The FCA have advised the NAO that by 2025 it hopes to have completed upgrades to its ‘data lake’ (which stores data and enables sharing across the organisation), created a ‘single view’ platform which links data from multiple sources for staff to access information more quickly and efficiently and created data analytics tools to introduce automation where appropriate.

The NAO note these plans but state that “the FCA still has much to do”, particularly regarding staff training funding and guidance on how they should work alongside automation tools.