This week in regulation


The Speed Read:

  • Improving cyber resilience
  • TR18/1: The fair treatment of existing interest-only mortgage customers
  • Corporate Adviser sentenced to prison for role in investment scheme
  • FCA Executive Director of International appointed

Improving cyber resilience

A recent speech delivered by Robin Jones, Head of Technology, Resilience and Cyber at the FCA, focussed on what the regulator expects firms to achieve in terms of cyber resilience and identifies what it is doing to help firms increase security.

In a changing technological world, cyber security and resilience have never been more important. Resilience is about being able to respond and recover quickly when attacks happen. To do this effectively firms need to have good cyber hygiene, a culture of cyber security and appropriate governance. What this means to your business is dependent on its size, business model and customers.

What should you be doing?

  • Understand what your critical assets are so you can protect them in the event of an attack;
  • Address basic vulnerabilities in old systems;
  • Upskill your employees to detect breaches and ensure basic cyber security is adhered to – a culture of security is important;
  • Manage access to your systems from suppliers;
  • Ensure you can stop attacks spreading by putting in place contingency plans;
  • Have a communications plan in place to effectively manage customers, suppliers, the regulator and media, and have a business continuity plan in place to manage the process;
  • Put in place strong governance with visible leadership – understanding and responsibility in the boardroom is essential.

The FCA works with those firms it believes pose the greatest risk to consumers and markets i.e. the largest firms. However, smaller firms are unlikely to get the same support. The FCA will be publishing various communications over the next year focussing on helping smaller firms improve their cyber hygiene and security. This infographic is just the first of these communications. Firms should also look at the resources produced by the National Cyber Security Centre (NCSC) and use the FCA’s Financial Sector Incident Response Guide which provides help on responding to a cyber incident, reporting responsibilities and outlines where to seek help (find it on CiSP).


TR18/1: The fair treatment of existing interest-only mortgage customers

In the next 10-14 years the numbers of interest-only mortgages reaching maturity will increase. As a result, the FCA has carried out a thematic review to inspect whether lenders are treating customers fairly by helping them avoid potential non-repayment at maturity.

The FCA found that although there has been clear progression in ensuring customers are treated fairly through strategies for customer contact, repayment plan analysis and the provision of suitable solutions, these processes are often time consuming.

Key findings:

  • All lenders understand the value, volume and maturity profile of their interest-only mortgage customers;
  • All lenders send regular letters during the mortgage term;
  • Most lenders provide a wide range of options and adopt a flexible approach if repayment at maturity would not be reached;
  • Most lenders had knowledgeable and experienced teams to talk to customers about their options;
  • Where firms used less experienced staff for ‘triaging’ the cases, confusion about the adequacy of repayment plans may have occurred;
  • The earlier customers engage with lenders the more affordable the repayment options are;
  • Many lenders reported low customer engagement.

The FCA has commissioned research to understand why engagement is low and will continue to monitor the sector as part of its ongoing activity. It has also released a communication to the public urging all interest-only mortgage customers to contact their lender, in order to promote the importance of taking action early.

Interest-only lenders should read the thematic review for examples of good and poor practice and to understand the findings in more detail.


Corporate Adviser sentenced to prison for role in investment scheme

A Corporate Adviser has been sentenced to serve three and a half years in prison for playing a key role in exploiting hundreds of vulnerable investors.

The Adviser demonstrated no regret for his ‘entirely self-centred and devious’ actions which saw him deliberately targeting and mis-selling shares in a healthcare solutions company to elderly and vulnerable investors. The firm pressured investors to purchase shares through spurious activities such as cold-calling, pressure sales and exaggerated promotional materials, despite the shares being worthless. The scheme resulted in 300 investors losing around £1.4 million in the scheme.

Three other men, acting as brokers, have also been imprisoned. Confiscation proceedings, which will recover the benefits each individual gained from the scheme, are also underway.


FCA Executive Director of International appointed

Nausicaa Delfas, currently acting Chief Operating Officer and a member of the FCA’s Executive Committee, has been appointed to a newly created role: Executive Director of International. The role will see Delfas nurturing relationships with regulators and governments abroad and she will be responsible for shaping the FCA’s strategy for international engagement and policy. She will also play a key role during Brexit, helping to ensure a smooth transition.

Delfas has a long and varied career at the FSA/FCA, holding positions in supervision, risk and policy and leading the FCA’s approach on IT and cyber resilience, financial crime and prudential regulation, to name just a few.

Latest Insights

Regulation in 2019: Our outlook

SM&CR is one of the biggest changes on the horizon for 2019 and could potentially cause a compliance headache for the advisory sector. We share our outlook on this regime and others for the year ahead.


The latest insights and regulatory analysis straight into your inbox

Find out more

How can we help?

Speak to a culture and conduct risk expert today

Contact us

Find out more about our unique RegTech solution at