The financial services authority

The Financial Services Authority As An Embodiment Of Iosco


No portion of the work referred in this research paper has been submitted in support of an application for another degree or qualification of this or any other university or other institution of learning.


Copyright in the text of this thesis rests with the author. Copies (by any process) either in full, or of extracts, may be only in accordance with instructions given by the author and lodged in John Rylands University Library of Manchester. Details may be obtained from the librarian. This page must form part of any such copies made. Further copies (by any process) of copies made in accordance with such instructions may not be made without permission (in writing) of the author.

The ownership of any intellectual property rights, which may be described in this thesis, is vested in the University of Manchester, subject to any prior agreement to the contrary and may not be made available for use by the third parties without the written permission of the university, which will prescribe the terms and conditions of any such agreement.


Financial Services Authority (FSA) as an embodiment of IOSCO

This research will fundamentally discuss the FSA regulatory regime in line with the IOSCO objectives and principle. I will also briefly discuss the IOSCO's nature and status as an international policy maker basis of the existence of the organisation and derivation of its influence on domestic regulatory regimes.

The Financial Services Authority is the domestic regulator in the United Kingdom and this research will also discuss the operational role of the Authority elaborately discussing both its principle and risk based regulation as its form of enforcing compliance among the participants in the UK jurisdiction in order to protect the investors as well as ensure confidence in the investment security industry.


Financial services are highly internationalised; perhaps more than most industries while today's financial markets are globally interconnected, for the most part they are regulated and supervised at a national level. The international financial system “is wholly different from that which the Bretton Woods institutions were designed to support. In good times, this is not a great concern for most participants. However, in times of financial stress, these weaknesses come to reflection. Sound and effective regulation and, in turn, the confidence it brings is important for the integrity, growth and development of the securities markets.

The International Organization Of Securities Commissions (IOSCO)

IOSCO is the key “international standard setter for securities markets” and its members together regulate more than 90 per cent of the world's securities markets. Its primary standard, “Objectives and Principles of Securities Regulation”, covers responsibilities of regulators (including effective enforcement and cooperation) and minimum standards for issuers, collective investment schemes, market intermediaries and secondary markets.

Objectives Of IOSCO Securities Regulation

Objectives of Securities Regulation

The three core objectives of securities regulation are:

  • The protection of investors;
  • Ensuring that markets are fair, efficient and transparent;

  • The reduction of systemic risk

IOSCO provides a system of assessment of Member State adoption of these principles (the “Principles Assessment Methodology”) and has also adopted a multilateral memorandum of understanding to facilitate cross-border enforcement and exchange of information amongst regulators. Further, IOSCO provides comprehensive technical assistance to its members, in particular in emerging markets.

Emergence Of The Financial Regulation In The United Kingdom

The banking sector was regulated under the Banking Act 1987 and subject to the supervision of the Bank of England. Friendly societies, building societies and insurance companies were subject to prudential regulation created by specific legislation, and the investment industry was regulated under a regime created by the Financial Services Act 1986.

The 1986 Act had established a system of two tiered statute-backed self regulation. In essence, the system created a requirement for persons conducting investment business in the United Kingdom to be authorised. Authorisation was granted in a number of ways, although mainly granted by either the Government's designated agency the Securities and Investment Board (SIB) or by self regulating organisations (SRO) which in turn were recognised by SIB. Authorised firms were then required to comply with rules created by the SIB or their relevant SRO.

The regulatory system, created by the Banking Act 1987 and Financial Services Act 1986, became subject to much criticism leading to a momentum for change and a considerable amount of the criticism arose from what was seen as a lack of appropriate proactive regulatory involvement in a series of financial failures in the 1990s, including the pensions transfer scandal, the collapse of Barings Bank, and criticism in the Bank of England's supervision of Bank of Credit and Commerce International (BCCI).

The Financial Services Act 1986

The Financial Services Act has fundamental weakness, particularly in the role and often the functions of the SIB were hindered by certain restrictions in the 1986 Act leading to wide ranging concerns which were expressed by the Government, practitioners and consumer groups. The regulatory regime created by the Financial Services Act 1986 lacked any clear objectives stating that the remit was “to protect investors”. Regulators often applied a full audit approach when supervising firms and they were often criticised for encouraging what has been referred to as a tick box approach to regulation and compliance.

The protection of consumer has substantial part to play in the FSA regulatory criteria and investors are to be protected not only through the emphasis of both the adequate planning and financial resources and competent and honest management but also through the requirement directed to ensuring that the applicant is amenable to effective regulation by the FSA. Further comments may be found in Auth 3.8 of the handbook.

The Financial Services And Markets Acts 2000 (FSMA 2000)

In 1997 the Labour Manifesto promised that if Labour were returned to power it would bring self-regulation in the investment business sector to an end and would make the SIB the direct regulator in that field. In May 1997, the new Government announced that it proposed to go a great deal further and to introduce “one stop regulation”. The existing arrangements were understandably described as not only confusing, but also costly and inefficient. The FSMA 2000 Act is in 30 parts, it replaced all the forms of regulations in FSA 1996 Act and extended statutory regulations in some other areas. The SIB itself was renamed the Financial Services Authority (FSA).

Regulation Under The New Legislation: One Stop Regulation

The description “One Stop Regulation” is a helpful pointer to a principal feature of FSMA 2000. It builds on a lot of the work establishing the regulatory systems but seeks to draw them together in a more coherent, efficient and effective form, therefore even though the system of regulation itself is new, many of the underlying features have strong similarities to one or more of the previous systems which accounts for the fact that although the Act is a lengthy and complicated measure but its long title reads simply:

“An Act to make provision about the regulation of financial services and markets; to provide for the transfer of certain statutory functions relating to building societies, friendly societies, industrial and provident societies and certain mutual societies, and for connected purpose”.

On May 20, 1997, Gordon Brown (then Chancellor of the Exchequer) in a statement to the House of Commons on the Bank of England, stated inter alia:

“… there is a strong case in principle for bringing the regulation of banking, securities and insurance together under one roof... This would improve the competitiveness of the sector and create a regulatory regime to meet the challenges of the twenty-first century.”

The intention, indicated by the Government, was to establish a single financial regulator combining the regulatory functions of nine existing bodies. These were:

(1) The Building Societies Commission;

(2) Friendly Societies Commission;

(3) Insurance Directorate of the Department of Trade and Industry;

(4) Investment Management Regulatory Organisation;

(5) Personal Investment Authority;

(6) Registry of Friendly Societies;

(7) Securities and Futures Authority;

(8) Securities and Investments Board; and

(9) Supervision and Surveillance Division of the Bank of England.

The Government also took the decision to make two fundamental changes to the role of the Bank of England. The first was to withdraw the Government's involvement in establishing monetary policy. The second was to use legislation Bank of England Bill to transfer to SIB (renamed as the FSA), the banking supervisory powers of the Bank of England

The Chancellor of the Exchequer instructed the then SIB Chairman Sir Andrew Large to lead a working party that included representatives of the nine regulatory bodies whose functions were to be brought together to prepare the report for the emergence of the new regime (FSA) and was prepared in seven weeks and presented on July 29, 1997 outlining the planning for the new regulatory. The FSA was created on October 1997 as a result of a re-launch of the SIB and in June 1998, the supervisory powers of the Bank of England was transferred to the FSA, followed in January 1999 by the transfer of responsibility for insurance business supervision and the transfer of regulatory activities on behalf of the existing SROs.

Following publication of a draft consultation Bill in July 1998, The Financial Services and Markets Bill was introduced into the House of Commons on June 1999. By January 1999, the Treasury had created from a practical point of view and without the Financial Services and Markets Act 2000 being in force, a single regulator for the major parts of the United Kingdom's financial markets.

The early stage attracted questions and criticism about the future role of the FSA and in a clear response to the criticism aimed at the FSA's role in the new regulatory system, Howard Davies, Chairman and Chief Executive of the FSA stated,

“The second crucial advantage of the new regime is that it incorporates clear lines of accountability… There is a clear separation of duties between the Treasury and the FSA, with Ministers responsible for the statutory framework while the Authority is responsible for acting effectively within that framework.”

The Financial Services and Markets Act 2000 (FSMA 2000 which we shall now refer to as the Act) received Royal assent in June 2000 and the new regulatory system was brought into effect at midnight on November 30, 2001. As a result, a series of safeguards were established in the legislation, each designed to create accountability of the FSA and act as a check and balance over the FSA's powers. These include within the Act:

  • Under s.7 and Sch.1, the FSA is subject to strict corporate governance requirements.
  • Section 2(2) sets out that the FSA's operation must meet four specified statutory objectives.

  • Under s.2 (3), the FSA must operate within a framework of principles of good regulation, including a requirement to ensure that all new regulation is subject to a cost benefit analysis.
  • Under para.10 to Sch.1, the FSA is obliged to make an annual report to the Treasury, a copy of which must be presented to Parliament by the Treasury and be presented in a public meeting within three months of its publication.

  • The FSA has a duty to consult in relation to its rule making and guidance function. Under s.8 it must consult with the Consumer and Practitioner Panels and under s.65 (in relation to a new approved persons code), s.155 (in relation to new rules) and s.121 (in relation to a new code of market conduct) it must consult with the public.
  • Section 10 creates a consumer panel with the role of being consulted about new rules and making representations to the FSA.

  • Section 9 creates a practitioner panel with the role of being consulted about new rules and making representations to the FSA.
  • Under para.7, Sch.1, the establishment of an independent complaints commissioner whose role is to adjudicate on any complaints about the discharge of the FSA's powers and make, where necessary, recommendations for change to the FSA.

  • To directly deal with the concern of the FSA becoming legislator, judge and police force, the FSA established an internal Regulatory Decisions Committee (RDC) which would act as a protective barrier between the FSA's supervisory and enforcement functions. The committees is chaired by a person independent of the FSA and have the role of determining whether enforcement action should or should not be taken against authorised firms or approved persons.
  • Under s.132 and Sch.13, the Financial Services and Markets Tribunal acts as an adjudicator of those decisions of the FSA specified under the Act which are referred to it by an aggrieved person.

  • The FSA has established a number of other panels with whom it consults in connection with the discharge of its functions. This includes a Small Business Practitioner Panel, a Training Advisory Panel and Collective Investment Scheme Forum.

Statutory Objectives Of The Financial Services Authority (FSA)

Section 2(1) of the Act requires that, in discharging its general functions, the FSA must (in so far as is reasonably possible) act in a way that is compatible with the four statutory objectives set out in s.2(2) and particularised in ss.3-6. A criticism of the SIB's role in the regulatory regime under the Financial Services Act 1986 was that SIB lacked any clear and meaningful objective. During the preparation for the new regulatory regime, the then Chancellor of the Exchequer said:

These four statutory objectives are applied directly to the FSA's operations, including its rule-making and policy-making functions. The statutory objectives are:

(1) Market Confidence: Maintaining confidence in the financial system.

The Financial System is described as including (a) financial markets and exchanges,

(b) regulated activities, and

(c) other activities connected with financial markets and exchanges.

(2) Public Awareness: Promoting public understanding of the financial system.

In relation to this objective, the financial system has the same definition as that in s.3 and the objective is further defined by specifying that it includes promoting awareness of the benefits and risks associated with different kinds of investments or other financial dealing; and the provision of appropriate information and advice.

(3) Protection of consumers: Securing the appropriate degree of protection for consumers. Consumers are specifically defined and it is important to note that the definition is not limited to private or retail customers. Section 5 specifies that in considering what degree of protection may be appropriate, the FSA must have regard to the following matters:

(a) the differing degrees or risk involved in different kinds of investment or other transactions;

(b) the differing degrees of experience and expertise that different consumers may have in relation to different kinds of regulated activity;

(c) the need consumers may have for advice and accurate information; and

(d) the general principle that consumers should take responsibility for their decisions.

(4) Reduction of financial crime. Reducing the extent to which it is possible for business carried on by a regulated person or in contravention of the general prohibition to be used for a purpose connected with financial crime.

It should be noted that the objective relates to both regulated business and activities carried on by non-authorised persons conducting business in contravention of the general prohibition. Financial crime is defined as including fraud and dishonesty, money laundering, insider dealing and financial market misconduct and it is made clear that in the context of the objective relates to criminal activities of employees as well as activities commissioned by a regulated person's criminal customers. Section 6(2) states that the FSA must have regard to the desirability of:

(a) regulated persons being aware of the risk of their businesses being used in connection with financial crime;

(b) regulated persons taking appropriate measures to prevent financial crime, facilitate its detection and monitor its incidence; and

(c) regulated persons devoting adequate resources to financial crime prevention, detection and monitoring.

To help achieve its statutory objectives, the FSA structures its work around three strategic aims:

(1) to promote efficient, orderly and fair markets, both retail and wholesale;

(2) to help retail consumers to achieve a fair deal; and

(3) to improve business capability and effectiveness.

Package Of Business Planning And Public Reporting

Schedule 1 to the Act sets out a requirement and structure for reporting to HM Treasury and Parliament on how the FSA has met its regulatory objectives during the previous year and then offering the public and regulated persons in a general meeting the opportunity to provide feedback to the FSA on its functions.

On December 13, 2001, by way of letter Howard Davies, the FSA Chairman and Chief Executive and the then Chancellor of Exchequer Rt Hon Gordon Brown set out how the FSA would be accountable to the Government, Parliament and the public, but additionally set out the extent to which the Government would use its powers as part of the new regulatory regime.

  • under s. 12 of the Act, the Government would undertake periodic reviews to establish whether the FSA provides value for money;
  • periodically reviewing the Act's secondary legislation; and
  • under s.14 of the Act, the Government has power to undertake a statutory inquiry into possible serious regulatory failure.

Schedule 1, para.10 to the Act sets out the FSA's obligation to report at least once each year to the HM Treasury. In turn the Treasury is obliged, under para.10 (3), Sch.1 of the Act, to present a copy of the FSA's annual report to Parliament. The content of the FSA's annual report is described in para.10 (1) to the Act which provides that the FSA must report on:

(a) the discharge of its functions;

(b) the extent to which, in the FSA's opinion, the regulatory objectives have been met;

(c) the FSA's consideration of the principles of good regulation set out in s.2(3) of the Act.

(d) such other matters that the Treasury may direct.

Reporting To Parliament

Once the FSA's annual report has been presented to HM Treasury, the Treasury must in turn, pursuant to Sch.1, para.10(3) of the Act, lay a copy of the report before Parliament which has also established a House of Commons Select Committee to examine the expenditure, administration and policy of HM Treasury and a number of public bodies including, the Bank of England and the FSA. Within its terms of reference, the Committee chooses its own subjects of inquiry which can lead to a report to the House of Commons. The Committee has the power to insist upon the attendance of witnesses and the production of papers and other material. The committee routinely examines representatives from the FSA, example, on November 8, 2005, evidence was taken from Sir Cullum McCarthy and John Tiner concerning various aspect of the FSA, including questions about the cost to the financial services industry of implementing the EU Markets in Financial Instruments Directive.

Annual Public Meeting

Within three months of the publication of its annual report, Sch.1, para.11(1) to the Act requires that the FSA must hold a public meeting to facilitate general discussion of the content of its report and to allow questions relating the FSA's discharge of its functions to be put forward. One month following the annual meeting, the FSA is obliged to publish a report of the annual meeting. Copies of the transcript of the FSA annual meetings are published on the FSA's website.

The Function Of The Financial Services And Markets Tribunal

The Financial Services and Markets Tribunal was created by the Act as part of the FSA's accountability framework. The Tribunals jurisdiction relates to both FSA enforcement work and certain aspects of the FSA's decision-making. The Tribunal's establishment is in accordance with Sch.17 of the Act and operates in accordance with rules of procedure. The Tribunal's independence is also safeguarded by it being a part of the Department for Constitutional Affairs and, for administrative purposes, is part of the UK Finance and Tax Tribunals. The impact of the Tribunal decisions can be significant, for example following its decisions in the matter of Legal and General Assurance Society Ltd v the Financial Services Authority in which it criticised the FSA's enforcement process, the FSA undertook a root and branch review and made changes to its internal enforcement process and the functions of the Regulatory Decisions Committee (RDC).

Nonetheless, the Tribunal operates within a statutory structure where it can only determine matters that have been specifically referred to it by a person subject to an FSA enforcement or administrative decision. Although such a system facilitates an early and economic settlement of FSA decisions, it has resulted in relatively few FSA decisions being subjected to the external scrutiny of the Tribunal.

Having considered in outline the accountability framework within the Financial Services and Markets Act, it is important putting the operation of the Financial Services Authority's regulatory regime in the context of principles based regulation and risk-based regulation which is in compliance with the IOSCO objectives and principles.

Principles-Based Regulation

The financial industry has expressed concern regarding the FSA's approach to its regulatory functions and that, on occasion; it operates in a heavy handed manner. As reported by the Centre for Policy Studies in an open letter to John Tiner in March 2005 which was also confirmed by another criticism from the Rt Hon Tony Blair speech at the Institute of Public Policy Research, “common sense culture, not compensation culture” on May 26,

The FSA's move to a more principles-based system of rules, however, in part responds to such concerns by allowing firms to determine responses to regulatory obligations appropriate to meet the individual risks and circumstances of the business they conduct.

The FSA's approach of using its rulebook as a set of principles-based rules, where overarching principles set standards of behaviour within the context of the purpose behind the principle, allows the FSA as rule maker and the regulated sector to concentrate on the spirit of the regulation rather than focusing on the detail of a prescriptive rule.

Criticism of detailed rules suggests that they allow for the structuring of a firm's business arrangements so as to meet the literal requirements of the rules, ignoring the intent or spirit of the standards being sought. A principles-based system of regulation does, however, present a series of challenges for both those wishing to interpret regulatory requirements and those wishing to determine whether a firm's behaviour has been compliant with the regulatory requirement.

The FSA provides some guidance in DEPP 6.2.15 on how it determines discipline for breaches of high level principles. That guidance acknowledges that the FSA carries the burden to show that a firm has been at fault in some way and it makes clear that to reach such decision it will look at he standard of conduct required by the Principle in question at the time. The generality of the wording of principles-based rules often provides scope for the standards of behaviour to gradually increase over time, but equally it can create a situation where issues of the past are reviewed with today's regulatory standards as in the matter of Legal and General v Financial Services Authority.

In the case, the Tribunal had to determine standards of behaviour derived from broad requirements of “ best endeavours” , “ due skill care and diligence” and the obligation to establish procedures directed at all the “ Rules and Principles” required for the selling of endowment policies at the relevant time. The Tribunal was concerned with the situation where standards changed over the course of the relevant and concluded that there was not a problem when a firm is being judged against an objectively measured standard or where there is explicit guidance indicating in reasonable detail what should or should not be done.

More principles-based rules also provide regulated firms with the positive opportunity of shaping their response to the obligation contained in the rule in a manner that better suits their business model. This might result in a more complex approach to maintaining compliance than another firm dealing with the same rule requirement or, in appropriate circumstances, a less complex approach., for example the Systems and Controls Sourcebook's main provision at SYSC 3.1.1R allows firms the latitude to develop a system and controls response that is appropriate for their business. It states: “A firm must take reasonable care to establish and maintain such systems and controls as are appropriate to its business.”

Conversely and by way of example, the FSA's client money rules in CASS 4.3.3R contain very specific obligations on the segregation of client money from firms own money. For example it provides: “A firm must, except to the extent permitted by the client money rules hold client money separate from the firm's money.”

In its annual report for 2005/06, the FSA outlined an objective to simplify its rule book, the business plan set out three criteria for identifying where changes to the handbook should be made. First, where requirements in the rules are more restrictive than is needed for the FSA to achieve its statutory objectives, second, where the provisions do not deliver benefits to justify their costs; or third, where the provisions are not consistent with the FSA's focus on senior management responsibility.

In December 2005, the FSA released a document entitled “Better regulation Action Plan aimed to change the balance of its approach significantly towards a more principles-based approach and was believed to be a better outcomes for both consumers and the financial services industry by encouraging a focus on how best to act in a particular situation, rather than simply following a mechanistic process. The better regulation action plan document of 2005 set out a variety of ways for the FSA to improve its risk-based approach to regulation, making the FSA easier to do business with and for the FSA to become more principled based. The plan set out the FSA commitment to simplify and consolidate its rulebook by adopting principled based rules wherever possible. In its business plan for 2006/07, the FSA sets out its continuing plan for rulebook simplification. Its first published simplified rules were contained in Policy Statement 06/01 relating to anti money laundering where the FSA has, with effect from March 31, 2006, removed the money laundering sourcebook, replacing it with high level anti-money laundering systems and controls requiring firms to manage money laundering risk.

In November 2006, the FSA published Discussion Paper 06/05, “FSA Confirmation of Industry Guidance”, setting out its plans to encourage the greater use of industry guidance. The paper makes clear that industry guidance will supplement FSA rules rather than replace them and sets out a process and standard for industry guidance to be recognised by the FSA. The move to a principles-based rulebook raises issues of considerable importance centered on rulebook certainty for authorised firms. This issue is of particular importance in the context of the FSA enforcement work. A developing trend in FSA enforcement cases reveals that the FSA will consider enforcement by reference to breaches of high level principles and failures in systems and controls as a more realistic approach. As part of its work in developing principles-based regulation, the FSA identifies the positives that principles-based rules can have for securing compliance within firms. It is less than clear, however, whether and to what extent the FSA's principles-based initiative will have on non-regulated persons.

In part, the FSA initiative is to make it easier for firms to respond to rules by focusing on outcomes rather than the letter of the law, but one wonders whether enforcement under a principles-based system will enable the FSA to be more successful in concluding enforcement cases. Dan Watters, FSA Director of Retail Policy stated:

The FSA has previously experienced success in dealing with market issues by way of system and controls failures and statement of principles. Example is its enforcement action against Citigroup Global Markets Limited (CGML), where it was reported that certain staff at CGML had developed and executed on August 2, 2004, a trading strategy on European government bond markets involving the building up and rapid sale of long positions in government bonds in one hour. The FSA's action against CGML focused on breaches of High Level Principles 2 due skill, care and diligence; and Principle 3 organisation and control. The FSA's Hector Sants, when commenting on the case, stated:

“… the lack of adequate systems and controls meant that the strategy was never fully considered, as would be expected, at an appropriate senior level within CGML…”

The FSA's work in the area of market abuse and misconduct make it clear that it considers that the use of its powers of enforcement is a critical in this area. The evidential requirements necessary to prove the FSA's case in complex regulatory enforcement cases is acknowledged by the FSA and the Citigroup action, together with other recent enforcement actions against authorised firms, suggests that the FSA might be developing a preference for framing regulatory enforcement cases against authorised persons around breaches of high level principles rather than breaches of detailed provisions of its rulebook. Whilst it would be inaccurate to suggest that the FSA would not use allegations of breaches of detailed rules in any future cases, reference to high level principles in regulatory enforcement appears to have advantages for the FSA in securing appropriate outcomes.

A clear reference to the FSA of framing enforcement proceedings around high level principles, Margaret Cole has recently said :

“One of the objectives of principles based enforcement is to enable the FSA to respond flexibly to the circumstances of a particular case in a manner that reflects the prevailing regulatory and market conditions.”

Challenges to the reliance on principles-based enforcement exist also when the FSA has to present cases before the Financial Services and Markets Tribunal. On April 10, 2008, the FSA announced that it was seeking permission to appeal against the Financial Services and Markets Tribunal decisions of September 24, 2007 and March 6, 2008 in the matter of Fox Hayes LLP, a firm of solicitors. The FSA stated that it had decided to seek permission to appeal because it believed that in determining the reference by Fox Hayes, the Tribunal had made errors of law, particularly in interpreting the relevant regulatory rules and that the penalty imposed in the matter did not properly reflect the misconduct. It is submitted that the decision to appeal the Tribunal's decision can be viewed as an increased resolve by the FSA to pursue complex cases and to create jurisprudence to support its desired application of principles-based regulation.

The Tribunal's decision in Fox Hayes can be viewed as a set-back in the FSA's attempt to obtain compliance with principles-based rules. Of course, the FSA has previously lost some complex and high profile Tribunal references, resulting in criticism of the FSA's enforcement activity. Nonetheless, following on from such failures it has provided a resilient response, often making it clear that it would continue to pursue difficult cases and was prepared to accept that it was inevitable that it would lose some cases. In July 2007, in response to failed market abuse cases, Margaret Cole, the FSA's Director of Enforcement said:

“We won't stop pursuing difficult cases. We prepare our cases rigorously, but inevitably if you pursue the most difficult ones you may not win them all.”

It remains to be seen whether the Court of Appeal will support the FSA's drive for principles-based regulation or whether the approach by the Tribunal will be upheld.

Risk-Based Regulation

The notion of risk-based regulation concept was highlighted in the report to the Chancellor of the Exchequer on the reform of the financial regulatory system in July 1997, which stated at para.2, “Style and process of regulation: Risk-based approach”,

“A New Regulator for a New Millennium”, set out its proposed approach to the supervision of firms conducting investment business in the United Kingdom which was referred to as a risk-based approach to regulation and had been developed around the notion that maintaining market confidence does not aim to prevent all collapses or lapses in conduct in the financial system”.

Issues surrounding the desirability for risk-based regulation and the balance between regulatory intervention and a regime that allowed some risk was addressed by Kari Hale, the FSA's Director of Finance, in a speech entitled risk-based based compliance for financial services

“After all, most markets have some element of market failure. Often those who favour intervention argue that any market failure justifies intervention. But, the real test goes beyond that: there must be both market failure and the prospect that intervention will provide a net benefit. This involves recognising that regulatory intervention has a cost; and that regulatory intervention, like reliance on market operations, has a non-zero probability of failure….”

This approach further developed the requirements of the Principles of Good Regulation in the Financial Services and Markets Act 2000, s.2(3)

The FSA's approach to risk-based regulation has continued to be developed since November 30, 2001 and continues to be an approach the FSA strives to develop and improve. A risk-based approach allows the FSA to focus its resources on the areas of greatest risk to its objectives, as well as allowing it to develop a bias towards proactively identifying and then reducing those risks before any can cause major damage or failure in the markets. There is, however, no definition of risk provided in the Financial Services and Markets Act or the FSA Handbook and the FSA look at the potential for risk in the context of each of its four statutory objectives.

The key risks would include matters such as: systemic risk; financial risk; market risk; credit risk; currency risk; legal risk; regulatory risk; counterparty risk; operational risk; bad faith risk. As highlighted earlier, the FSA's risk-based approach to its regulatory activities emanates from the principles of good regulation and an acceptance that because of its limited resources it must establish a process allowing it to focus its attention towards those matters that are more likely to impact upon its statutory objectives.

The FSA focuses its risk-assessment towards consumers and the market place in relation to the firms it regulates and has developed a risk-mapping framework as an operational approach to identifying risk which acts as a bridge between the FSA's regulatory functions and its statutory objectives. The process of risk identification, mitigation and performance evaluation is a central part of how the FSA determines its regulatory activities. The process is both thoroughly mapped out and comprehensibly managed.

Elements Of The FSA's Risk-Mapping Processes:

Environmental Assessment And Risk Identification

The FSA conducts a forward looking exercise to identify risks to its statutory objectives from the external environment such as economic and legal matters, both domestic and international, as well as demographical issues. It draws on information from external sources asking whether external issues might affect firms, consumers, products, markets or industries in a manner that will impact on the statutory objectives.

Strategic Aims

Having identified the risks, the FSA is then able to put these in the context of its strategic aims. The FSA sets for a three-year period, strategic aims which represent the areas on which the FSA will focus its regulatory plan. These are designed to help the FSA achieve their statutory objectives by dealing with the most significant risk, together with any new demands placed upon it and its regulatory responsibilities. Each year, the FSA sets out its strategic aims for the forthcoming year in its annual plan and budget.

Prioritisation Of Risk And Resource Allocation

In terms of risk operating framework, the FSA has to determine whether or not to respond to a particular risk given its significance to its ability to meet its statutory objectives. To help determine the timing of the FSA's response to identified risk and the resource to be allocated to dealing with them, at the risk-assessment and prioritisation stage, the FSA assesses and prioritises the identified risks against probability and impact factors. A probability factor considers the likelihood of the risk manifesting itself as an event, and the impact factor indicates the significance of the event if it were to take place. The FSA then uses a combination of the probability factor and impact factor to measure the overall risk posed to its statutory objectives and prioritises the risks, enabling it to provide an appropriate regulatory response.

Decision On Regulatory Response And Use Of Regulatory Tools

Having assessed and prioritised risks, the FSA can then go on to determine an appropriate response to the risk, both in terms of the resources it has available, the most appropriate regulatory tools to deal with the matter and having regard to the principles of good regulation.

The FSA has a wide ranging of tools available to enable it to deal with specific identified risks, as well as enabling it to operate an effective response to risks across the sectors it regulates and refers to this as its Operating Framework Response. The response will be split between the work it conducts with consumers and the financial industry at large and the work it undertakes with individual firms as well as approved persons.

The FSA uses, in particular, the following regulatory tools:

a) Raising standards through the requirement for the industry to comply with training and competence regime requirements.

b) Making rules to set regulatory standards.

c) Sector-wide projects to address risks arising across particular sectors, discharged through thematic reviews.

d) Monitoring market activities, such as transaction date or complaints statistics.

e) Communications and letters. These may highlight specific issues of concern and require responses.

Equally, it will use its regulatory tools, directing them towards individual firms and approved persons including the following :

(a) Supervision of firms to monitor, identify and deal with firm-specific risk. This can be achieved through desk-based reviews, on-site visits or a combination of these. The FSA also rely significantly on thematic reviews to deal with risk across categories of firms.

(b) Investigations enabling the FSA to develop a more in-depth appreciation of the risks identified within particular firms, but where further information about the extent of the risk may be required.

(d) Intervention, allowing the FSA to deal with a firm that will not voluntarily undertake appropriate remedial action.

(e) Discipline and enforcement which provides a signal to the regulated industry about the seriousness which the FSA attaches to a particular problem. It also enables the FSA to respond to a particular risk in a targeted manner, by censoring and imposing a financial penalty on a firm. In very serious cases, the FSA can use disciplinary action to enable it to act as a gatekeeper of the quality of those entering and participating in the financial market by withdrawing or suspending a firm's authorisation. Any such withdrawal of authorisation has the galvanising effect of removing certain types of firm risk.

It also directs its regulatory tools towards consumers in general, including the following :

(a) Consumer education and public awareness.

(b) Public statements about threats or scams.

(c) Disclosure requirements, allowing the FSA to prescribe that firm provide clearer information on product sales to ensure consumers are in a better position to understand the nature of risks associated with their investment decisions.

The use of regulatory themes has increasingly become a major regulatory tool, allowing the FSA to allocate its resource towards assessing the probability and impact of identified risk amongst a sample of regulated businesses. Each year, the FSA publishes, in its plan and budget, the themes for the forthcoming year. The firm specific risk-assessment framework starts from the point that the FSA assesses new applications for authorisation and continues through their ongoing supervision of firms' activities.

The FSA's relationship with firms is risk-based and, as part of this approach, the FSA aims to give firms a greater incentive to conduct business in a way that reduces their regulatory attention. The FSA's publication “Building the New Regulator Progress Report 2” , stated the following: In developing its approach to risk-assessment at firm level, the FSA focuses on three critical areas:

(a) Improving industry performance by creating incentives for firms to maintain their own standards.

(b) Flexible and proactive regulation by focusing their resources on the areas of greatest risk to their statutory objectives, as well as having a preference towards identifying and reducing risk before they cause significant damage. To identify the most important risk, the FSA will draw upon research and analysis.

(c) Maximising effectiveness by focusing their work on targeted and specific issues as opposed to open ended information collection and routine on-site inspections.

To assess the risk that each authorised firm poses to its statutory objectives, the FSA has developed a risk-assessment programme, Advanced Risk Response Operating Framework (ARROW). One of the outcomes of the firm specific programme is to place firms into one of four relationship categories: A high, B medium high, C medium low, and D low. A firm's individual categorisation is determined during risk-assessment work by way of the impact (the potential affect the risk will have on the statutory objectives) and probability factors (the likelihood of a particular risk event crystallising, these have been explained in further detail in an earlier section). The allocation of a firm to a particular category may change over time if the risk-assessment of the firm alters.

One key aspect of the FSA approach to risk mitigation has been the bringing together of prudential and conduct of business supervision for all firms. An additional improved approach relates to groups with multiple authorised entities and those that are part of an overseas group. Furthermore, firms that are either subsidiaries of overseas entities or UK authorised firms with overseas operations will experience FSA working with the relevant overseas regulator to better understand the nature and implications of group risks and where issues do arise, the FSA will work in close liaison with the overseas regulator agency.

Base-Line Monitoring And Visits

There have been a number of evolutions of the FSA Risk Mitigation Programme (RMP), the latest of which began in the summer of 2005 following an announcement by John Tiner in the FSA's Business plan for 2005/06. and in August 2006 it introduced changes to the programme which were described as ARROW II. The natures of the changes were designed to provide greater proportionality and consistency in response to risks, together with a more flexible resourcing model. In addition, the FSA intends to enhance the use of thematic work and improve its ability to undertake sector intelligence and analysis work.

Overall, the changes should lead to firms being better informed of emerging risks and other industry trends that are likely to impact the operation of their business

The notable changes highlighted by the FSA to its Risk Mitigation Programme that began to feature in the FSA's supervision work in 2006 were:

  1. Risk assessment letters being revised, to add more value to the process including:

  • more focus on the main issues and what the FSA expect firms to do about them;
  • more helpful explanation of the FSA's views of the risks; and
  • an indication of how the FSA views individual firms in the context of their peer group.

(b) More communication of the FSA's findings in “close-out” discussions following the assessment visits.

(c) Risk Mitigation Programme letters will be provided in draft form to enable firms to comment on factual inaccuracies and misunderstandings and to reduce any “ surprises” in the final letter.

(d) Better communication to relevant sectors of good and bad practice found on focused thematic visits.

(e) There will be abridged one day visits for medium-low risk firms.

In most cases, the FSA finds that a firm's business structures are simple enough for its risk-assessment framework to be applied to the entire firm and some firms, however, are more complex. They may be within a large group where there is a layered legal, management and business structure. Where this type of complexity arises, the FSA will most likely identify and risk assesses the firm's material business units together with its group-wide control and support functions (such as internal audit and IT).

An early indication that the FSA is conducting a risk-assessment of an individual firm will be a request for specific information. This might include a request for information concerning:

(a) up-to-date business unit, legal and management structure charts;

(b) samples of board minutes;

(c) recent strategy documents;

(d) management accounts;

(e) risk reports;

(f) compliance reports;

(g) money laundering reports to senior management;

(h) internal audit plan and methodology; and

(i) external audit management letter.

Site visits are normally conducted in response to risks identified from the FSA's base-line monitoring work, although sample visits to monitor compliance in a sector and visits as part of sector-wide reviews are regularly carried out. The visits to individual firms conducted as part of the risk-assessment framework are often referred to as ARROW visits and are used to gather further information to enable the FSA to complete its risk mapping for a firm and monitor compliance.

The period between formal risk-assessments and thus the length of a firm's risk mitigation programme is typically between one and three years, depending on the identified risk of the firm. If the period of risk-assessment is longer than 12 months, the FSA will then undertake a periodic review. Potential firm specific risks are broken down between risk elements categorised as either business risk or control risk. All identified risk is then assessed by the FSA against the statutory objectives they may affect. The FSA can then apply, to any identified firm, seven specific risk to its objectives

(1) financial failure of the firm;

(2) misconduct or mismanagement;

(3) lack of consumer understanding;

(4) market abuse;

(5) market quality;

(6) incidence of fraud or dishonesty within the firm; and

(7) incidence of money laundering conducted through the firm.

Communicating Individual Risk Mitigation Programmes

The FSA will usually conclude a firm's risk-assessment once it has completed its on-site visit at the firm. Once that visit is completed, the firm's management may receive preliminary feedback as a way of enabling the FSA to share any significant findings from the risk-assessment with senior management at the firm. To stress the importance the FSA places on senior managements' responsibility for compliance arrangements within a firm, the FSA will then send out a letter to the individual firm's governing body, setting out its Risk Management Principles (RMP) for the firm.

FSA Communication Of Identified Risk

Financial Risk Outlook

Each year in January, as part of its environmental assessment and risk identification, the FSA publishes a paper entitled “Financial Risk Outlook”. The financial risk outlook report is essential reading for all senior management and every compliance officer which is to increase awareness of the risks identified and the actions it aims to take in relation to each of them. The factors set out typically includes:

(a) economic conditions;

(b) performance of financial markets;

(c) social change; and

(d) political development.

Example, in its 2006 Financial Risk Outlook, the FSA identified weaknesses in firms' development of stress testing

FSA's Business Plan And Budget

Each year the FSA publishes a business plan, setting out its priorities for the coming year, the timing of major projects and the resources the FSA needs to enable it to meet its commitments for the year. The work plan in the report is shaped by a number of factors, including the FSA's annual Financial Risk Outlook. Once more, the business plan is used to communicate any identified risks posed to the FSA by either firms, sectors of the industry or external factors. Example is the FSA's 2004/05 plan and budget, John Tiner highlighted the unprecedented volume of international regulatory change as an area of risk for firms which the domestic regulator must comply and impose within its jurisdiction.

FSA Communications And CEO Letters

The FSA uses letters to the industry as an effective way of raising the profile of particular risk issues that require urgent attention. Often the FSA will require that specific work is undertaken in response to the letters and alert firms to increased supervisory attention in the relevant area. Firms that overlook such letters are running the risk of not keeping pace with matters that are of concern to the FSA. Example, the FSA wrote to all chief executive officers of investment banks in September 2004 raising concerns about the management of conflicts of interest within their organisations. The letter asked that each bank satisfy itself that it had effective arrangements in place.

Regulated Business And Internal Risk-Based Compliance

Firms need to appreciate the major risks faced by their business. Failure to do so will leave an individual firm exposed to the likelihood of it not being able to deal fully or in a coordinated way with such risks if they manifest themselves. Successful risk management allows a firm to identify and then mitigate significant risk that might otherwise prevent a firm from achieving its business objectives. A thorough risk-assessment can be used to focus compliance resource towards those areas of the firm's business which is more likely than other areas to face regulatory risk and leave the lower risk facing business to a lower level of compliance scrutiny.

A firm's internal compliance arrangements are driven to a large extent by the FSA's rules and, in relation to risk identification, FSA rules SYSC 3.2.6 R. Further guidance to this rule in relation to risk-assessment is provided at SYSC 3.2.10 G, which encourages firms of a certain size and complexity to have a dedicated risk-assessment function. Further guidance is provided at SYSC 3.2.11G

Further development to risk-based compliance was introduced by the FSA on January 27, 2006 as part of its programme of rulebook simplification. With effect from March 1, 2006, the FSA's money laundering sourcebook has been replaced with specific anti-money laundering risk-assessment requirements. These will oblige firms to conduct an assessment of the risk of money laundering to enable them to develop and maintain effective systems and controls to identify, assess, monitor and manage money laundering risk. The FSA require that the systems and controls developed are proportionate to the nature, scale and complexity of the firm's activities. At SYSC 3.2.6C R, the FSA has introduced an additional requirement for firms to carry out regular assessments of the adequacy of their money laundering systems and controls.

This risk-based approach to anti-money laundering should not be viewed by firms as a reduction in the FSA's attention to financial crime because firms must remember that many areas of money laundering compliance are required by statute and there is little scope for them to move away from the statutory requirements. A risk-based approach to compliance will serve to balance the cost of otherwise burdensome internal procedures. However, a risk-based approach, inherently carries with it its own risk as it will divert resource from lower risk matter towards issues of high risk and, thus on occasion, compliance breaches and failures may very well occur in those lower risk areas. Management must be prepared to accept this.


Compliance principles and risk based regulation has developed significantly in recent years, with a number of tools becoming commonplace. Methodologies for identifying risks and their mitigating controls are now used by compliance managers. Frameworks for managing compliance risk and the use of action plans to improve the framework elements are increasingly employed. The compliance responses to these have ranged from increasing compliance awareness through training to simple changes to existing processes, which in some cases can be manually intensive and lack the appropriate systems support.

The FSA risk based regulations which is favoured towards outcomes as a result of the series of implementations put in place in compliance to International securities regulators objectives and principles which is used as a set standards for domestic regulators is key significant to achieving future improvements in the protection of market participants. The departure from prescriptive anti-money laundering rules allows firms more scope to design systems that suit the nature and complexity of their businesses while also creating awareness of need for further improvements.

Above all, the global harmonization of security regulations is the way forward and the present cooperation of global regulators through the Memoranda of Understanding in order to regulate and enforce compliance of domestic regulated businesses and activities needs to go further if we are to prevent future reoccurrence of systemic failures of the 21st Century.



  • Avgouleas, E., ‘The Mechanics and Regulation of Market Abuse. A legal and Economic Analysis'. Oxford University Press. 2005
  • Gowland, D., ‘The Regulation of Financial Markets in the 1990s'. Aldershot. 1990.

  • D. Sabalot and R. Everett (eds), “ Financial Services and Markets Act 2000” (Butterworth New Law Guides, July 2000).
  • Ogus A.I., ‘Regulation: Legal Form & Economic Theory'. Oxford University Press. 1994

  • Jonathan Fisher QC, Jane Bewsey; Malcolm Waters QC; Elizabeth Ovey; ‘The Law of Investor protection' 2nd Edition Thomson Sweet and Maxwell 2003

Journals, Articles And Publications

  • Journal of International Financial Markets 2000; Enhanced co-operation among regulators and the role of national regulators in a global market; David Green
  • Journal of International Banking Law; 1997; Editorial; Reform of the United Kingdom financial services regulation: twin peaks or Britannia's trident spear?

Harvey Cohen

  • Journal of International Banking Law; 1998;The reform of financial regulation in the U.K; William
  • Journal of International Banking Law and Regulation; 2008; The international financial system and future global regulation; Rhys Bollen

  • Journal of International Banking Law and Regulation; 2008; The Financial Services Authority, risk-based regulation, principles based rules and accountability; Stuart Bazley

Internet Source

  • The Rationale for a Single National Financial Services Regulator Clive Briault FSA Occasional Paper May 1999;
  • Economist, January 28, 1999. Ross Buckley; ;

  • Report to the Chancellor of the Exchequer on the Reform of the Financial Regulatory System, July 1997

  • House of Commons research paper 99/68: Financial Services and Markets Bill. Christopher Blair June 24, 1999;
  • Public Document No. 95, Measures to Disseminate Stock Property, IOSCO Emerging Markets Committee,May1999.;

  • Paying for Banking Supervision; October 1997

  • FSA Building the New Regulator. Progress report 2 February 2002;