Expert: Dr Anthony Kirby, EY and Andy Peterkin, Farrer & Co
Moderator: Ian Wilkins
Advisors need to identify best practices for advice suitability given the increased reporting requirements from the FCA and the impending Mifid II regulations. GDPR will significantly impact the landscape of the wealth management industry and have unforeseen consequences for many cross-border firms.
- Initial findings from the FCA’s thematic review show that regulators will pay ever increasing attention to the suitability of advice
- Firms will need to prepare to report suitability findings from Q1 2017 to comply with FCA regulations
- GDPR is a much bigger beast than wealth managers realise with far-reaching and unintended consequences
- Parts of European and UK regulation could come to contradict one another with the prospect of Brexit set to add to the confusion
- The sheer amount of new regulation may force global wealth managers to cut back on markets and become more specialised in their business models
Initial discussion centred on the avalanche of new regulation that is set to hit the wealth management industry over the next few years. Over 40 new directives from UK and European regulatory bodies are set to come into force within the next three years with far reaching consequences for all wealth managers.
One key topic of focus for delegates was suitability given the current FCA review into advice. The FCA suitability report was expected to be released on September although the regulator has now presented some interim findings from the 700 advice firms that it reviewed. A number of poor practices were uncovered at firms with the experts quoting examples of advisers selling 20-year locked-in products to octogenarians while other individuals directly reported that they found suitability reports to be a “waste of time”.
Given that suitability has been flagged as one of the FCA’s key objectives in its 2016/17 business plan, wealth managers need to have clear paper trails that cover suitability for every single client file. Moreover, delegates agreed that getting suitability right is fundamental to the future business models of all discretionary and advisory managers as firms prepare for the imminent introduction of Mifid II.
Further on the horizon, the General Data Protection Regulation (GDPR) was flagged to delegates as a potential game changer for the industry. The regulation marks a significant step up in wealth manager’s data protection requirements with many firms not yet appreciating the significant impact it will have on their operating models. Penalties for failure under GDPR are also significantly higher with fines of up to 4% of turnover for firms that suffer a security breach. One delegate put the potential scale of the penalties into context:
“Under GDPR, Tesco would have faced a fine of £1.9 billion for its security breach”
Delegates also noted that GDPR could have several unintended consequences for wealth managers. Wealth managers will have to record extensive data on their customers and have systems in place to enable the transfer of this data to other firms. Ultimately, onerous regulation could force global and European firms to focus on specific markets to avoid the complications of international data transfer. Brexit will also complicate matters as firms move to comply with European regulations such as GDPR and Mifid II which may later become irrelevant if the FCA supersedes these with different rules.
The “right to be forgotten” element of GDPR could also conflict with the reporting requirements of wealth managers. One delegate questioned how a client could request the erasure of personal data if a wealth manager had to keep this on file in the case of regulators requesting client files.
The session concluded with a list of short-term potential actions for delegates and their firms. Wealth managers will already need to report suitability findings from the end of Q1 2017 to comply with FCA regulations. Organisations must also assess the impact of GDPR and implement an action plan to develop an improved data protection program in advance of 2018.
Organisations have until May 2018 to understand the implications of GDPR and identify the gaps; assess its impact and design/implement an action plan; and ensure and demonstrate the effectiveness of your data protection improvement program.
Suitability of portfolio management services are increasingly coming under the FCA’s spotlight and will increase the regulatory burden of wealth managers. Firms must also begin to plan for GDPR or potentially face heavy fines in the advent of any data breaches. The exact specifications of upcoming regulations are still unknown but institutions should identify any potential gaps in their understanding far in advance.