UK: FCA And PRA Business Plans: Technological Innovation Remains A Priority

Technology and innovation ("FinTech") again featured prominently in this year's Financial Conduct Authority (FCA) business plan. Andrew Bailey, Chief Executive of the FCA, remarked that "technology is supporting competition, transforming markets and changing the way consumers engage with them. [...] creating a conveyor belt of risks and opportunity". Given this, and despite the need for the FCA to dedicate a significant proportion of its resources to the UK's withdrawal from the EU, FinTech was confirmed as a key priority for the FCA over the coming year. The two specific FinTech priorities highlighted in the business plan are: Innovation, big data, technology and competition and Data security, resilience and outsourcing.

The Prudential Regulation Authority (PRA)'s emphasis on technological innovation in its business plan is relatively less pronounced. Nevertheless, it too is exploring ways to innovate as a regulator, by continuously monitoring FinTech developments, and supporting the authorisation and supervision of new banks and insurers.

Innovation, big data, technology and competition

The FCA re-affirmed its commitment to sustain a regulatory environment which can encourage and support innovation and competition for the benefit of consumers, while reducing or mitigating the associated harms, including any impact on vulnerable customers.

Over the next year, the FCA will focus on a number of key activities:

Innovate programme and a global sandbox

The FCA will continue to support innovating firms through its Innovate programme by giving them the opportunity to test the commercial and regulatory viability of their products and services in the Regulatory Sandbox. The FCA also confirmed that over the next few months it will work with interested regulators on a blueprint for a global sandbox, which would build on existing international agreements with other non-UK authorities, and allow firms interested in expanding internationally to conduct tests across multiple jurisdiction at the same time.

As per the PRA business plan, the joint FCA/PRA New Bank Start-up Unit is expected to lead to, over the next three years, the supervision of around 20-30 new banks. The PRA also announced that it will review how it might improve the current authorisation process to facilitate the entry of new insurers as well.

2. RegTech

The FCA will also increase its testing and adoption of RegTech and advanced analytics for its own regulatory work. Specifically, in summer 2018 the FCA will publish a feedback statement which will bring together the results of its Call for Input on machine executable regulation, the proof of concept developed in its November 2017 TechSprint, and further industry discussions. Additionally the FCA is also conducting experiments with advanced analytics in three additional areas:

  • Automated detection of unauthorised business activities on the internet.
  • Testing advanced Natural Language Processing technologies to automate manual supervisory tasks.
  • Automated evaluation and detection of misleading advertising.

3. Firms' use of data

The FCA will review the use of data by financial services firms, including Machine Learning of big data pools, algo-trading, and wider Artificial Intelligence, to assess both potential opportunities and harm that may result from the use of these technologies, and where it may need to intervene.

As part of this work the FCA announced it will strengthen its relationship with the Information Commissioner's Office as the General Data Protection Regulation comes into force in 2018 – the FCA and Information Commissioner's Office will publish an updated Memorandum of Understanding setting out how the two regulators will work together in future.

4. Retail banking business models

The FCA is looking at the key differences between emerging and traditional retail banking business models, assessing how these are being driven by innovation and technological advances, and how they affect competition, consumers, and firms' conduct. The FCA plans to publish an update on this by June 2018, in which it will present preliminary findings and the proposed next steps.

Understanding the impact of FinTech on the business models of banks and other financial services providers is also on the agenda of the PRA. The PRA will continue to engage with firms and other industry participants (including other regulators) to monitor these developments and consider whether any reassessment of regulation is required.

5. Crowdfunding

As crowdfunding markets are evolving rapidly, the FCA has been working on additional rules to address areas of concerns, especially for loan-based crowdfunding. The FCA will publish the proposed new rules for consultation in 2018.

6. Cryptoassets

The FCA, together with the Bank of England (BoE) and HM Treasury, will participate in the Cryptoassets Task Force recently launched to support the UK Government's FinTech Sector Strategy. The FCA highlighted that the Task Force will have to "ask important questions about what is the right boundary for our regulatory perimeter and our regulatory activity" and will publish a Discussion Paper later in 2018 outlining its policy thinking on cryptoassets, including Initial Coin Offerings (ICOs), and what a coherent strategy for addressing the risks that they present may look like.

The EU Commission, as part of its FinTech Action Plan, is also assessing the applicability of current regulatory frameworks across the EU for cryptocurrencies and ICOs.

Data security, resilience and outsourcing

As part of its second FinTech cross-sector priority the FCA (and PRA) will focus on ensuring firms are resilient to both cyber-attacks and technology outages, including ensuring that new and replacement technologies are resilient. This will involve three key activities:


To protect both market integrity and consumers, and tackle the evolving nature of cyber-threats, the FCA will continue to scale-up its work with firms to enhance their cyber-resilience.

Over the next year, the FCA plans to strengthen its supervisory assessment of the highest impact firms to improve its understanding of their current and planned use of technology, staff expertise and training, and resilience to cyber-attacks. As part of this assessment, the FCA will review how firms' governance, strategy, system architecture, and culture contribute to their data security.

The FCA will also conduct thematic work with "lower impact" firms and continue to give smaller firms information on how to improve their resilience.

Finally, the FCA will work closely with the UK Government, other regulators, nationally and internationally, on cyber-resilience, including ways to minimise the impact of breaches and systems failures on consumers and the market. In particular the FCA will continue to work with the BoE to develop new regulatory tools to better assess firms and identify where harm could occur.

The PRA will continue its focus on firms' cyber and operational resilience and its work will be closely aligned to that of the FCA and BoE. The PRA will run another sector wide assessment to assess the sector's ability to respond to major disruption and it is also expected to clarify its supervisory expectations of firms' cyber resilience.

2. Outsourcing and the risks posed by third-party providers

As firms are increasingly relying on, often unregulated, third-party providers to deliver major and critical services, the FCA will increase its focus on outsourcing arrangements. In particular, the FCA will pay particular attention to service providers supporting multiple firms to identify the impact of service disruption on the market. Over 2018/19, through both thematic and firm-specific work, the FCA will seek to enhance its understanding of how firms use third parties, their concentration in the market and the potential risks.

3. Resilience

Finally, the FCA will also look at other risks to firms' resilience. These include ring-fencing where significant restructuring will continue into 2018, and the implementation of the revised Payment Services Directive (PSD2). The FCA acknowledges that while PSD2 is expected to increase competition in payments, it also has the potential to increase cyber-attacks and data breaches. The FCA will monitor the roll-out, from August 2018, of the Competition and Markets Authority recommendations to measure consumer understanding of resilience by requiring firms to publish service quality data on technology and resilience issues.

Regulatory perimeter

The FCA business plan highlights its powers to act outside the perimeter in certain circumstances, and states that it may exercise them where unregulated activity could potentially undermine confidence in the UK financial system or have an impact on a regulated activity – this may be relevant for example to some growing FinTech areas, such as cryptoassets and ICOs, or unregulated technology third-party providers.


Both the PRA and FCA acknowledge that preparing for the UK's departure from the EU will dominate their agenda for 2018/19. Despite this, the prominence of FinTech-related priorities in the business plans is again testament to the ever increasing role of technology in the financial services sector.

The PRA's external Fintech focus is largely on ensuring technological innovation does not compromise cyber and operational resilience of firms and financial markets. The work of the PRA and FCA will be complemented by the BoE's planned upgrade of its Real-Time Gross Settlement Systems (RTGS), which will support competition by making the BoE's RTGS directly accessible to non-bank payment service providers and compatible with new technologies, such as Distributed Ledger Technologies.

The number and type of activities the FCA plans to undertake over the next year gives a strong indication that, while innovative businesses will continue to enjoy its support, the level of understanding of technological innovation, specifically in relation to the inherent risks, and the scrutiny that the FCA will apply are increasing appreciably. Market participants need to be ready for this.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions