On 28 July 2025, the Financial Conduct Authority (FCA) published its findings following a review of benchmark administrators’ management of data risks. The FCA also set out some wider lessons and next steps for the sector.

Background

The FCA explained that it had recently outlined concerns with firms’ data quality controls and that this review aimed to understand how firms are meeting the relevant obligations under Principles 2 and 3 and the UK Benchmarks Regulation.

Findings

The FCA found that although firms had some good arrangements in place practices varied and did not consistently lead to there being robust controls.

The FCA also highlighted factors, across five themes, that might be useful for firms’ in managing these risks:

  1. Data supplier oversight

The FCA explained that having proactive governance and ongoing risk management arrangements in place in relation to data suppliers contributed to more effective benchmark data controls. This included having proper processes for onboarding, scheduling ongoing risk assessments, having well-designed management information (MI) and key risk indicators, and that being able to trace the link between data and the relevant benchmark was important in monitoring supplier performance.

  1. Data quality oversight

The FCA set out that risk management in relation to data quality was best supported when the oversight controls in place were proportionate to the risks posed by the data being ingested. The FCA noted further that data quality oversight was most effective when firms had detailed MI, but that it was not always clear to the FCA where decisions or follow up actions were taken in response to oversight controls, and that in some cases because of insufficient record keeping.

  1. Resilience and incident response

The FCA noted that contingency plans were less effective when they were not comprehensive or scalable, but that the best were clear, unambiguous and had been validated. The FCA also set out that a firm’s ability to respond to an incident was helped when there was a line of sight between data received and the relevant benchmark, as the impact of errors could be more quickly identified.

  1. Assurance / Governance

The FCA again highlighted the importance of MI and record keeping in enabling good governance and decision-making but also set out that clear escalation processes were important. The FCA identified more varied practices in relation to assurance arrangements, including finding that some firms’ technical controls appeared weak and difficult to measure, whereas firms that had more effective arrangements had risk-based data quality control frameworks in place.

  1. Emerging risk awareness

The FCA set out that it had not consistently seen that firms’ control frameworks were evolving to address new internal or external risks but that firms with good MI were best able to identify new internal risks and that a further good indicator of risk management was firms’ purposeful horizon scanning for external risks.

Expectations and next steps

Finally, the FCA highlighted that, while different data types and firm practices may complicate the design of controls, firms should ensure that their control frameworks remain proportionate and appropriate to the risks. The FCA also noted that senior managers may want to consider how these findings apply to their business.

The FCA plans to carry out further work in 2025 and in 2026 in relation to other risks, including benchmark controls and corporate governance.