Search covid

On 19 November 2020, the FCA confirmed updated guidance to firms setting out enhanced support that should be available to consumer credit customers experiencing payment difficulties as a result of the COVID-19 pandemic. The guidance covers users of personal loans, credit cards, store cards, catalogue credit, rent to own, buy now pay later, pawn broking, motor finance and high-cost short-term credit.

In summary, the updated guidance provides that:

  • Those who have not yet had a payment deferral will be eligible to apply for payment deferrals of up to 6 months in total.
  • Those who currently have a payment deferral will be eligible to apply for a further deferral, as long as the total length of deferrals doesn’t exceed a maximum of 6 months in total.
  • Those who have previously had a payment deferral of less than 6 months will also be eligible to apply for a further payment deferral, as long as the deferrals don’t exceed 6 months in total.
  • A firm may assess that a payment deferral is obviously not in a customer’s interest. In such cases, the firm should instead provide tailored support appropriate to the customer’s circumstances.
  • Consumers who have already had 6 months of payment deferrals or who are in arrears or receiving tailored support, will not be eligible for a further payment deferral. Instead, firms will provide tailored support appropriate to their circumstances. This may include the option to defer further payments.
  • High-cost short-term credit consumers, such as those with payday loans, will be eligible for a payment deferral of 1 month.

Consumers will have until 31 March 2021 to apply for an initial or a further payment deferral. After that date, they will be able to extend existing deferrals to 31 July 2021, provided these extensions cover consecutive payments, and subject to the maximum 6 months allowed. If borrowers who have not yet taken a deferral think they need the full 6 months, they should apply in good time before their February 2021 payment (to cover a full six months of payments, from February to July inclusive).

On 17 November 2020, the FCA updated its guidance to firms setting out enhanced support that should be available to mortgage borrowers experiencing payment difficulties as a result of the COVID-19 pandemic. The updated guidance will be fully in force from 20 November 2020 but the FCA encourages firms that are able to start providing this enhanced support sooner to do so.

The FCA has published Finalised guidance: Mortgages and Coronavirus: Payment Deferral Guidance. This guidance is an updated version of the FCA’s guidance Mortgages and Coronavirus: Updated Guidance for Firms. This guidance applies in the exceptional circumstances arising out of the COVID-19 pandemic and its impact on the financial situation of customers of home finance providers. It is not intended to have any relevance in circumstances other than those related to the pandemic. The guidance updates the FCA’s expectations of firms to extend the availability of payment deferrals until 31 July 2021. The FCA expects firms to allow customers impacted by the COVID-19 pandemic to defer up to 6 monthly payments in total but firms should not provide deferrals under the guidance for payments extending beyond 31 July 2021. Firms should not give payment deferrals under the guidance to customers after 31 March 2021 unless they are already benefitting from one. This means both those customers seeking a first payment deferral, and those who have previously accessed payment deferrals that totalled less than 6 months under previous versions of the guidance, can seek a new payment deferral up to 31 March 2021. However, the FCA expects firms to allow customers to extend ongoing payment deferrals under the guidance after 31 March 2021, to cover payments up to and including July 2021, provided these deferrals cover consecutive payments. Subject to the overall maximum of 6 months, the FCA expects firms to offer payment deferrals to customers flexibly when they request them, in tranches up to three monthly payments in a single payment deferral period. This means that customers can choose whether or not to take them consecutively until 31 March 2021. This also means that customers who are newly impacted and applying for a first payment deferral need to apply in good time before their February 2021 payment is due if they want to benefit from the maximum 6 months deferral. Firms should not report a worsening status on the customer’s credit file during any payment deferral period agreed under the guidance.

The FCA has also published Finalised guidance: Mortgages and Coronavirus: Tailored Support Guidance. This guidance is an updated version of the FCA’s guidance Mortgages and Coronavirus: Additional Guidance for Firms and applies to firms dealing with customers facing payment difficulties due to circumstances related to the COVID-19 pandemic who are not receiving payment deferrals under the above guidance on payment deferrals, including where they are not or are no longer eligible for payment deferral. The guidance is designed to enable firms to continue to deliver short and long-term support to customers affected by the evolving COVID-19 pandemic and the Government’s response to it. It is intended to support firms to treat consumers affected by the pandemic fairly and to help consumers to bridge the pandemic to get back to a more stable financial position. The guidance also notes that firms should not absent exceptional circumstances (such as a customer requesting that the proceedings continue) enforce repossession and should not seek, or enforce, a warrant for possession or a warrant of restitution before 31 January 2021. But firms may commence or re-commence and continue repossession proceedings, up to and including obtaining a possession order, as long as they act in accordance with this guidance, MCOB 13, and applicable pre-action protocols.

For financial institutions across the globe, the COVID-19 pandemic has proved to be a real-world test of operational resilience. Those in risk, compliance and operational functions have had to rapidly adapt their business continuity and resilience frameworks in response to new risks or changes in existing risks that occurred in different parts of their organisation as a result of the pandemic. This, in step with widespread regulatory reforms and a heightened focus on strengthening operational resilience within the financial sector – which came into play even prior to the pandemic – is putting increased pressure on organisations.

In the UK, while there have been various communications from the FCA and PRA during the pandemic setting out their expectations, specific guidance on what operational resilience should look like has been lacking. Over the summer, we carried out a survey exploring how financial institutions have been managing their operational resilience leading up to and during the pandemic, the findings of which can be found here. An overwhelming majority of survey respondents noted that it was important to obtain further guidance from regulators on operational resilience before they undertake any, or further, adjustments to their operational business models and controls. Survey respondents noted that they would welcome further supervisory guidance, specifically on applying lessons learned, internal and external communications, and scenario testing. Based on this, we have identified some key considerations for financial institutions as they navigate how to build resilience and thrive in this new environment.

Applying lessons learned

Applying lessons learned, not only from a financial institution’s initial pandemic response, but also from past operational incidents as well as scenario testing, is important to drive continuous improvements to operational resilience and, in the case of past incidents, to build trust and confidence with regulators.

In terms of lessons learned from COVID-19, financial institutions should evaluate their pandemic plans which were developed at the start of the crisis and compare intended results with actual results. The evaluation will cover different factors, including: composition and effectiveness of the crisis management team, frequency of meetings and speed of decision making, whether the initial prioritisation and mapping of important business services was correct, and engagement and feedback from internal and external communications. Financial institutions should also conduct an analysis of what went well and what did not with respect to their technology, people, facilities and third party management. Off the back of this self-evaluation, financial institutions should make a list of action points and decide which processes to keep and what they will do differently next time. Deficiencies, whether identified through scenario testing or through practical experience, should be addressed as a matter of priority, particularly as the pandemic is entering into a second wave in many countries. Financial institutions should prioritise actions to address the risks posed by each deficiency.

To date, COVID-19 related operational incidents in the public domain for financial services have been limited, which indicates that most financial institutions have so far weathered the storm pretty well. However, it may take some time for issues to surface as the charge on operational resilience is only starting to gain momentum.

Internal and external communications

The ability to communicate effectively is paramount during operational disruptions. Having strong internal and external communication strategies in place allows organisations to act quickly and effectively to reduce potential harm.

Both internal and external communications strategies should begin by identifying groups of stakeholders on which to target communications and an analysis of the current state of the business. Using the PEST (political, economic, social, technological) and SWOT (strengths, weaknesses, opportunities, threats) analysis tools is an effective way to assess the situation. The PEST analysis would be a review of facts about the crisis or disruption against each of the PEST categories; while the SWOT analysis allows the financial institution to assess how it may respond, working out organisational objectives and deliverables.

Internal communications plans should follow a top-down and bottom-up approach. This includes the board taking an active role, having upward and timely reporting measures in place, effective management information to inform decision-making, listening to the concerns of staff across the business, and ensuring individuals know what, when and how to communicate to their teams, customers and third parties. It is important to have engagement across the business and communication across teams and locations to ensure the financial institution takes a services and/or consumer focussed approach.

For external communications plans, proactive, consistent and clear messaging is key. Keeping external stakeholders informed, even if the whole picture isn’t clear, will provide assurance that the situation is under management and the financial institution is in control of unfolding events. Financial institutions should provide updated action plans on new developments as early and as often as possible. An effective and well executed external communications strategy should leverage technology to deliver planned multi-channel messaging, whether through email, voice, video, SMS or social media. Moreover, it is not enough to just send one-way communications, there needs to be a system in place to track receipt, to allow the receiver to respond as needed and escalate when required. Engagement surveys and active feedback requests are often good methods to help execute this.

In terms of communications with regulators, financial institutions should document their crisis response planning and decision-making to be able to demonstrate to the relevant supervisory authority that they are meeting their responsibilities in respect of operational resilience if required.

Scenario testing

Scenario testing as part of business continuity and disaster recovery often focuses on short-term disruptions posed by technology failures or the unavailability of a single asset. In contrast, scenario testing for operational resilience builds and demonstrates a financial institution’s capacity to anticipate, prepare for, respond to, and adapt to both incremental changes and sudden shocks to its operating environment from an external event.

Understanding if the financial institution can withstand stressed conditions and be resilient requires a holistic approach. The first step is to identify and map important business services and the main systems and processes involved, as well as any underlying dependencies. That is, to identify what is critical to the continuing delivery of the service. The next step is to consider impact tolerances – the maximum tolerable level of disruption to an important business service that can be tolerated. Scenario testing should be expanded from considering single points of failure to considering a broad range of severe but plausible scenarios of varying duration to test whether the financial institution is able to remain within its impact tolerances. Different contingencies should be deployed together, such as extraordinary workarounds alongside more conventional business continuity and disaster recovery procedures, to meet impact tolerances. This approach forces financial institutions to accept that disruptions to business services are inevitable and need to be actively managed.

While almost no one anticipated a crisis of the scale of the disruption caused by COVID-19, financial institutions that regularly ran comprehensive and detailed pandemic scenarios were better prepared than those that had not. Financial institutions should be currently testing severe but plausible scenarios on additional waves of COVID-19. These scenarios should be run and tested on an ongoing basis and should include scenarios with even more impact than the pandemic seen this year.

The future of operational resilience

Operational resilience is rapidly moving up the supervisory agenda. Notably, the proposal for a regulation on digital operational resilience in the EU financial sector is making its first steps through the EU legislative process. This proposal, which would introduce a detailed legislative framework on operational resilience for financial institutions in the EU, has entered negotiation phase and Member States are currently discussing different aspects of the framework. New or enhanced rules are expected to come into force next year in many countries across the globe.

Navigating through these changes is a challenge for firms and something to which we are regularly asked to advise. Please see our website to explore how we can help firms navigate effectively through the choppy waters of operational resilience issues so that they stay ahead of evolving risks.

First published in Thomson Reuters Accelus Regulatory Intelligence on November 13, 2020.

On 9 November 2020, the PRA issued a statement on COVID-19 guidance for firms. The statement provides that the PRA recommends that the Chief Executive Officer senior management function (SMF1) is accountable for ensuring an adequate process for following and adhering to Government guidance. For firms that do not have an SMF1 Chief Executive Officer, this will be the most relevant member of the senior management team.

On 21 to 23 October 2020, the Financial Action Task Force (FATF) held its final quarterly plenary of 2020 as a virtual event. The discussions over three days mostly focussed on Strategic Initiatives reacting to the Covid-19 pandemic and progress made on country specific processes. The FATF also provided an update on their strategic focus on the prevention of financing of proliferation of weapons of mass destruction (WMD).

In terms of strategic initiatives, the FATF encourages countries and jurisdictions to continue to make efforts to implement the FATF Recommendations to a high standard, despite the current challenging climate. It notes that it is paramount for countries and jurisdictions to “fully and effectively implement the FATF Recommendations, using a risk-based approach” to implement preventative or mitigation measures which are commensurate to the nature of money laundering and terrorist financing risks faced in each location. In particular, the FATF urges countries and jurisdictions to pay close attention to types of criminal activity which have been exacerbated by the pandemic, such as the counterfeiting of medical goods, increase in investment fraud and prevalence of cyber-crime scams. It also indicates that countries and jurisdictions should horizon scan for potential new criminal activity coming down the track, such as the potential for exploitation in light of national unemployment statistics and an ongoing shift towards more remote transactions.

In its second quarter plenary held in April 2020, the FATF announced the postponement of assessments and follow-up deadlines in response to the COVID-19 pandemic. However, it is now acknowledged that the pandemic remains an ongoing challenge and there is a need to continue the FATF’s mutual evaluation activity in order to maintain and strengthen global anti-money laundering (AML) and counter terrorist financing (CTF) standards. Therefore, the FATF note that mutual evaluations will continue on a flexible basis by conducting certain aspects of the on-site visit virtually or (if necessary) at a later date where temporary travel restrictions are in place. A similar approach will be taken to identifying and responding to high-risk jurisdictions or jurisdictions with strategic weaknesses in their AML and CTF measures.

Finally, the FATF note that FATF Recommendation 1 (alongside the interpretative note) have now been updated to reflect to WMD proliferation financing. Countries and private sector entities are now required to “identify, assess, manage and mitigate the risks of potential breaches, non-implementation, or evasion of the targeted financial sanctions related to proliferation financing”. This aims to support entities to ensure that they don’t unintentionally support or participate in proliferation financing networks or schemes set up to contravene various regimes. The FATF also intends to publish new guidance in the near future to help countries and the private sector in assessing and mitigating the WMD proliferation financing risks.

Financial institutions have had to deal with two challenges in the face of the COVID-19 pandemic. The first challenge is financial – how to address and mitigate the sharp drop in the value of financial assets or loss of liquidity. The second challenge is operational – how to address the risk of failure of resources and have clear, robust and dynamic plans in place to deliver consistent services to customers and other stakeholders.

Over the summer we carried out a survey exploring how financial institutions have been managing their operational resilience leading up to and during the pandemic. Broadly speaking, operational resilience refers to the ability of an organisation to rapidly adapt, recover and learn from a sudden shock to its normal operating environment.

The findings of the survey have just been published in a report, covering the following areas:

  • Governance and oversight
  • Annual budgeting
  • People management
  • Important business services
  • Outsourcing and systems
  • Testing response and recovery capabilities
  • Regulatory change and guidance
  • Key challenges experienced during the crisis
  • Concerns over the next 12 months
  • Lessons learned

To access the report, please register here.

If you have any questions, or if you would like to discuss the findings of the report, please do not hesitate to get in touch.

On 24 September 2020, the FCA updated its web page on ‘Key workers in financial services’. The web page reminds financial services firms that it remains important for them to continue to identify and monitor key workers to ensure that firms respond effectively in the event of further local or national lockdowns. The FCA also reminds firms that they themselves are best placed to decide which staff are essential for the provision of financial services and to help with the identification process firms should identify the activities, services or operations which, if interrupted, are likely to lead to the disruption of essential services to the real economy or financial stability. Firms should then identify: (i) the individuals that are essential to support these functions; and (ii) any critical outsource partners who are essential to the continued provision of services, even where these are not financial services firms. The web page then lists the types of roles that may be considered as providing essential services and the FCA recommends that the chief executive officer senior management function is accountable for ensuring an adequate process so that only the roles meeting the definition are designated.

On the same day the PRA updated its web page concerning a statement on key financial workers who are critical to the COVID-19 response. The PRA notes that the UK Government and the Devolved Administrations have recently issued new guidance to address rising cases of COVID-19 in the UK. The use of face covering in close contact services will now be mandatory, and where office workers can work effectively from home, they should continue to do so over the winter, anyone else who cannot work from home should go to their place of work. The PRA states that previous guidance on identifying key financial workers and the responsibilities of senior managers still apply.

On 17 September 2020, the European Central Bank (ECB) announced that euro area banks under its direct supervision may exclude certain central bank exposures from the leverage ratio. The announcement comes after the Governing Council of the ECB confirmed that there are exceptional circumstances due to the COVID-19 pandemic.

Banks under ECB supervision can benefit from this exclusion when they communicate their leverage ratios. Based on end-March 2020 data, this exclusion would raise the aggregate leverage ratio of 5.36% by about 0.3 percentage points. The 3% leverage ratio requirement will become binding on 28 June 2021 but banks are already required to disclose their current leverage ratio.

Banks supervised by the ECB may benefit from this measure until 27 June 2021. ECB banking supervision would have to take a new decision should it wish to further extend the exclusion beyond June 2021, when the 3% leverage ratio requirement will become binding. This would require an upward recalibration of the 3% leverage ratio requirement.

On 2 September 2020, MONEYVAL (the Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism) published a report detailing the money laundering and terrorist financing trends emanating from the Covid-19 pandemic, identified through feedback from jurisdictions within MONEYVAL’s remit.

MONEYVAL notes that, so far during the pandemic, whilst the level of general criminal activity has remained constant, certain types of crime which generate criminal proceeds have increased (such as fraud and cybercrime). In addition, criminals have sought to capitalise on other aspects of the pandemic, such as a relaxation in controls to enable the delivery of personal protective equipment (PPE) and exploitation of relief measures introduced by tax authorities to support vulnerable members of the community. Based on feedback, MONEYVAL has identified 5 areas of potential money laundering threats directly stemming from the pandemic, which are: fraud; “medicrime” (crimes related to the provision of medical equipment/supplies); corruption; cybercrime; and late demand in moving illicit funds.

To support jurisdictions in responding to emerging and continuing risks, MONEYVAL provides a set of 7 recommendations which it urges that jurisdictions:

  1. Apply extra vigilance in complying with international standards set out by the Financial Action Task Force (FATF).
  2. Continue to support and communicate with the private sector, and not just credit institutions, to tackle risks identified.
  3. Make adjustments to the application of a risk-based approach to adapt to the current and changing risk exposures.
  4. Encourage use of innovation to support supervisory and ongoing monitoring activities.
  5. Continue efforts to foster cross-border information sharing and transparency.
  6. Enhance domestic information sharing between national financial intelligence units (FIUs) and law enforcement authorities (LEAs) to both enhance investigations and share insights on new typologies and emerging trends.
  7. Continue to monitor the impact of Covid-19 on national anti-money laundering and counter-terrorist financing mechanisms and take measures as appropriate to mitigate risk.

Finally, MONEYVAL identifies that there have been a number of positive process and practice evolutions brought about by the pandemic. In particular, in the absence of site visits, regulators have adapted to using screen-sharing and secure electronic file sharing to continue monitoring activity. In addition, international cooperation has not been negatively impacted by the pandemic.

On 2 September 2020, the Financial Conduct Authority (FCA) launched a new webpage updating market participants on the pilot of its “digital sandbox” and recent DataSprint.

The FCA notes that its latest DataSprint, held in July and August 2020, enabled 120 market participants from multiple sectors and disciplines to collaborate to develop data models and typologies, critically evaluate methodologies and produce reliable reference data to fuel future sandbox testing.

The focus of the digital sandbox at present is to enable firms to test and develop innovative solutions to challenges arising due to the Covid-19 pandemic, including fraud and scams; handling vulnerable customers; and enhancing access to financial services for small and medium-sized enterprises.

The FCA will be opening applications for participation in the digital sandbox in the coming few weeks.