top of page
Search

Risk & Compliance Report For the week ending: 8 August 2025

Introduction


This week saw significant regulatory activity from UK and EU authorities, with a strong focus on consumer redress, wholesale banking conduct, and the continued rollout of technical standards for prudential and reporting frameworks. Key themes for firms include the crystallisation of risk around motor finance commissions, heightened supervisory expectations for governance and communications, and the critical need to resource complex implementation projects for CRR III and UK EMIR.

ree

1. Scrutiny of Wholesale Banking Conduct and Governance


Developments:


The FCA published findings from two multi-firm reviews focused on wholesale banks. The first review targeted transaction governance, highlighting weaknesses in how firms oversee and manage deal pipelines. The second, and more significant, review focused on firms' management of off-channel communications (e.g., the use of WhatsApp). The findings revealed failures in policies, training, and technology to monitor and record business communications conducted outside of approved channels.


Risk and Compliance Considerations:


  • Operational & Conduct Risk: The use of unmonitored communication channels presents a significant risk of market abuse, information leakage, and circumvention of internal controls. It fundamentally undermines a firm's ability to meet its regulatory record-keeping obligations.

  • Enforcement Risk: These reviews signal a clear supervisory priority. The FCA has already taken significant enforcement action in this area, and firms with inadequate controls should expect this to be a key focus during supervisory visits.

  • Compliance Actions:

    • Benchmark your firm’s policies, procedures, and controls for both transaction governance and communications against the FCA's findings.

    • Conduct a gap analysis of your firm's ability to monitor and record communications across all platforms used by employees.

    • Reinforce training and cultural messaging on the acceptable use of communication channels.

    • Review investment in technology to ensure compliance with record-keeping requirements.


2. Evolution of EU Prudential and Resolution Frameworks


Developments:


The European Banking Authority (EBA) and the Single Resolution Board (SRB) were highly active, publishing a raft of final and draft technical standards and guidelines. Key publications include:

  • Final draft ITS for the 2026 benchmarking exercise under CRD IV.

  • Final reports on draft RTS relating to the operational risk loss framework, crypto exposure values, and unfinished property under CRR III.

  • A statement on the postponed application of the market risk framework (FRTB).

  • Consultations on revisions to guidelines on internal governance and RTS on resolution plans under BRRD.

  • Finalised operational guidelines on resolvability self-assessment from the SRB.


Risk and Compliance Considerations:


  • Implementation Risk: The volume and technical complexity of these updates create a significant implementation challenge for firms, requiring expert resources, budget, and project management.

  • Model Risk: The benchmarking exercise and new RTS will require firms to review and potentially adapt their internal models for calculating capital requirements.

  • Compliance Risk: Failure to correctly implement the new standards for operational risk, crypto exposures, and market risk will lead to inaccurate regulatory reporting and potential capital shortfalls.

  • Compliance Actions:

    • Relevant teams (Regulatory Change, Risk, Treasury, Compliance) must conduct detailed impact assessments of the final and draft standards.

    • Prioritise and resource implementation projects, paying close attention to the published timelines.

    • Review and update internal governance frameworks in line with the EBA's consultation.

    • For banks, ensure the resolvability self-assessment process aligns with the new SRB guidance.


3. Enhanced Reporting and Disclosure Requirements


Developments:


Regulators continue to push for greater transparency. The Bank of England (BoE) and FCA are moving forward with amendments and clarifications to trade repository reporting under UK EMIR. In the ESG space, the FCA published a review of climate reporting by asset managers and insurers, noting that while basic disclosures are being made, there is a need for greater clarity and detail. This was complemented by an EBA opinion on Pillar 3 ESG risk disclosures, which serves as a "no action letter" to provide temporary guidance.


Risk and Compliance Considerations:


  • Data & Systems Risk: Changes to UK EMIR will require adjustments to reporting systems and processes to ensure data accuracy and completeness.

  • Reputational & Climate Risk: The FCA's review highlights that superficial climate disclosures are insufficient. Firms that fail to provide meaningful information risk reputational damage and scrutiny from investors and regulators.

  • Compliance Actions:

    • Engage with the BoE/FCA consultation on UK EMIR to understand upcoming changes to derivative reporting.

    • Asset managers, life insurers, and pension providers must review their climate reporting against the FCA's findings and enhance disclosures where they are generic or lack supporting evidence.

    • Review Pillar 3 ESG disclosure processes to ensure they align with the EBA's latest guidance.


4. Governance, Enforcement, and Consumer Issues


Developments:


This week brought a sharp focus on individual and firm accountability. The FCA issued decision notices to Neil Woodford and Woodford Investment Management (WIM), which are now being contested. The FCA also updated its Enforcement Information Guide. On the consumer side, the Financial Ombudsman Service (FOS) released its Q1 complaints data, providing insight into current trends. Finally, the FCA published a policy statement on changes to the safeguarding regime for payments and e-money firms, aiming to strengthen protections for customer funds.


Risk and Compliance Considerations:


  • Accountability Risk: The Woodford case is a stark reminder of the personal and corporate consequences of governance failures, particularly regarding liquidity management and conflicts of interest.

  • Regulatory Risk: The updated Enforcement Guide provides insight into the FCA's processes and priorities. For payments firms, non-compliance with the enhanced safeguarding rules presents a severe risk of regulatory intervention and harm to consumers.

  • Compliance Actions:

    • Use the Woodford decision notices as a case study for internal training on fund governance, risk management, and senior manager accountability.

    • Review the updated FCA Enforcement Guide to ensure internal investigation and remediation processes are aligned with regulatory expectations.

    • Payments and e-money firms must immediately implement the changes from PS25/12 to the safeguarding regime.

    • Analyse FOS complaints data to identify trends and potential systemic issues within your product lines.



 
 
 

Comments

bottom of page