5 things the FCA will prioritise in 2024 and how it’ll impact Chief Risk Officers

Based on current trends and strategic planning, here are the top 5 regulatory developments the Financial Conduct Authority (FCA) will prioritise in 2024 and everything you need to know about their potential impact for Chief Risk Officers (CROs) in financial services:

1. Increased focus on Consumer Duty implementation and impact:

• The FCA are investing £5.3M to ensure Consumer Duty is embedded effectively. It has been vocal about its intentions to undertake sector-specific supervisory work and swift action against any companies falling short of their responsibilities. 
• The FCA will prioritise ensuring firms comply with the Consumer Duty, requiring robust evidence of its implementation and effectiveness. CROs will need to demonstrate how they identify and avoid potential consumer harm throughout the product life cycle.

In a speech by Nish Arora, Director of Cross-Cutting Policy & Strategy, FCA, she stated, “We want to see firms learning and improving continuously. If you’ve not looked in detail at your customers’ experience, and aren’t monitoring outcomes for customers, including different groups, an ongoing basis, we’ll be doubtful that you’ve got to grips with this.”

• Expect further guidance and clarification from the FCA on specific aspects of the Duty, requiring CROs to stay updated and adjust their risk management practices accordingly.

2. Continued scrutiny of AI and algorithmic bias:

• The FCA will likely continue to scrutinise the use of AI and algorithms in financial services, focusing on explainability, fairness, and potential bias. CROs will need to ensure their AI models are explainable, mitigate bias risks, and manage the related regulatory expectations.
• Following the EU’s AI Act, the UK government and the FCA will not be far behind. Regulations and guidance on responsible AI development and deployment will emerge, requiring CROs to adapt their AI governance and risk management strategies.

“Our outcomes and principles-based approach to the regulation, including the Senior Managers Regime and Consumer Duty, should mean firms have scope to innovate while protecting consumers and market integrity. We will only intervene with new rules or guidance where necessary.” – Nikhil Rathi, CEO, FCA

3. Regulatory focus on climate change and environmental risks:

• The FCA is likely to increase its focus on climate change and environmental risks, requiring firms to assess and manage these challenges within their framework. CROs will need to integrate climate-related issues into their analysis and develop strategies for mitigation and adaptation.
• Additional guidance on climate-related disclosures and stress testing will be issued after further consultation, which will result in CROs having to adapt their data collection and analysis practices.

4. Evolving cyber security regulations and expectations:

• The FCA will likely raise the bar for cyber security resilience, requiring firms to adopt robust security measures and incident response plans. CROs will need to invest in cyber security controls, conduct regular vulnerability assessments, and demonstrate preparedness for cyberattacks.
• Evolving regulations on operational resilience and data security may be introduced, requiring CROs to adapt their compliance and risk management frameworks.

“In particular, [firms] must ensure that they invest sufficient resources in minimising the risk of a cyber incident occurring including through written policies and processes, the implementation of cyber security software, appointing individuals to manage security risk, and by conducting wider employee training on cyber risks and good cyber hygiene.” – Clifford Chance, How are the FCA and PRA regulating cyber risk?

5. Continued emphasis on diversity, equity, and inclusion (DE&I):

• The FCA may further emphasise the importance of D&I (diversity and inclusion) in risk management, requiring firms to consider diverse perspectives and identify potential biases within their risk assessment models. CROs will need to integrate D&I considerations into their risk management processes and ensure fair and unbiased risk assessments.

The on-going evolution of some of the FCA’s priorities in 2024 are set to have a big impact on l CROs, they’ll need to have a clear plan to:

• Keep on top of changing regulations and adjust their risk management frameworks accordingly.
• Invest in new technologies and skills, like data analytics and AI know-how.
• Boost their ability to identify and assess risks, including emerging ones like climate change and AI bias.
• Demonstrate effective implementation of regulations such as the Consumer Duty.
• Foster stronger collaboration with other departments like compliance, technology, and business units.

The evolving regulatory landscape presents both challenges and opportunities for CROs. By staying informed and proactively adapting their risk management strategies, they can not only navigate these shifts but also capitalise on them. Technology plays a crucial role in achieving this. Advanced compliance solutions can automate processes, streamline data analysis, and provide real-time insights – all enabling CROs to make data-driven decisions, identify and mitigate risks faster, and ensure their organisations remain compliant in a dynamic environment. This empowers them to not just react to change but to actively shape the future of their organisation’s risk management and compliance approach.