On 22 March 2022, the FCA published a Portfolio Letter ‘Our custody and fund services supervision strategy’.

In the letter the FCA outlines its view of the key risks that custody and fund services’ firms need to manage in order to protect investors and the integrity of the markets in which they operate. The FCA expects firms within the portfolio to take the necessary action required to ensure that these risks are appropriately mitigated.

The FCA sets out four principal areas of potential harm to clients and end-consumers. These include disruption to consumers and market participants, or the loss, compromise, or lack of availability of data, due to insufficient operational resilience or weak cyber controls. In terms of these areas of harm the FCA reminds firms that they are responsible for ensuring that appropriate people within the firm understand the rules and ensure that the firm complies with them.

The FCA also sets out its supervisory priorities:

  • Operational resilience and cyber.
  • Protection of custody assets and money.
  • Depositary oversight.
  • Speculative and illiquid investments.
  • Market and regulatory changes.

In relation to market and regulatory changes the FCA states that it expects firms to keep abreast of, and adequately prepare for market developments and regulatory change. In particular, it refers to the Investment Firms Prudential Regime and reminds firms that it expects them to understand how the new standards apply to them. The FCA also mentions that firms in this sector typically have business models that rely heavily on technology and often have complex system infrastructures. The FCA wants firms in the sector to understand how future technology developments could impact the services that they offer, as well as understanding if there are risks to the business model that could be caused by disruption from new technology, and to plan appropriately.