Banking Regulation 2024 Comparisons

Last Updated December 12, 2023

Contributed By Allen & Overy

Law and Practice

Authors



Allen & Overy has an international financial services regulatory team that is a strategic partner to the world’s leading financial institutions, guiding them through an increasingly complex regulatory landscape where national and international regulations may interact or conflict. With more than 80 financial services regulatory experts across its international network of offices, the firm has the breadth and scale a global business needs, as well as an understanding of the local environment. It helps clients plan for and navigate complex developments and challenges, protecting them from regulatory risk and advising them on how to take advantage of emerging opportunities. The group includes several leaders in their field, and amalgamates specialist expertise from the firm’s banking, payments, capital markets, investigations and regulatory enforcement practices, along with A&O Consulting and Markets Innovation Group (MIG) colleagues, supported by the advanced delivery and project management teams. This cross-practice, multi-product, international offering gives clients greater access to market-leading expertise and innovative products and solutions tailored to their specific, complex needs.

The Financial Services and Markets Act 2000 (FSMA)

FSMA is the primary UK statute governing the financial services sector in the UK, defining the role and purpose of the regulatory authorities. FSMA has subsequently been significantly amended following the financial crisis of 2008–09 to introduce changes (such as the UK Senior Managers Regime and bank ring-fencing requirements) to enhance the resilience of the UK financial services sector. FSMA is also undergoing significant amendments following the UK’s exit from the EU (Brexit) (please see ‘EU Directives and Regulations’ below).

FSMA makes it a criminal offence to undertake regulated activities by way of business – or (in broad terms) to promote financial services or products – in the UK unless duly authorised or exempt. The list of regulated activities that a bank may undertake is set out in the FSMA (Regulated Activities) Order 2001. Exclusions exist, which (in broad terms and subject to conditions) permit wholesale activities to be undertaken in the UK by foreign banks without obtaining authorisation.

Separate UK legislation governs the provision of payment services (the Payment Services Regulations 2017) and the issuance of electronic money (the Electronic Money Regulations 2011).

EU Directives and Regulations

A significant proportion of UK banking regulation is derived from EU directives and regulations, reflecting the UK’s historic position as a member of the European Union until January 2020.

The UK left the EU on 31 January 2020, and the post-Brexit implementation period ended on 31 December 2020 (IP Completion Date – IPCD). Prior to the IPCD, FSMA and the secondary legislation and regulators’ rulebooks made under it implemented a number of European law directives into UK law. The other key source of UK legal requirements for UK banks was European regulations that were directly applicable, including:

  • the Capital Requirements Regulation (Regulation (EU) 575/2013 (CRR), which implements the revised Basel Accord);
  • the Market Abuse Regulation (Regulation (EU) 596/2014); and
  • the Markets in Financial Instruments Regulation (Regulation (EU) 600/2014 (MiFIR)).

Post-IPCD, EU law ceased to apply in the UK: the EU regulations referred to above and other EU-derived legislation were incorporated into UK law as they applied on the IPCD and amended to render them fit for purpose in their new context under the EU Withdrawal Act 2018. This is colloquially referred to as “onshoring”.

The UK government passed legislation in 2023 (the Financial Services and Markets Act 2023 (FSMA 2023)) to repeal and replace retained EU-derived regulation and legislation, as part of a wider programme of reforms known as the Edinburgh Reforms. One goal of the Edinburgh Reforms is to return to the historic approach, or the so-called comprehensive FSMA model of regulation, under which the UK Parliament and HM Treasury have responsibility for the overall objectives and scope of financial services regulation in the UK, and the regulators have the primary responsibility for drafting the rules that deliver those outcomes. A key part of this process was the enactment of FSMA 2023, which empowers the repeal of retained EU-derived regulation and legislation and, where necessary, its replacement by domestic law and regulation over a multi-year implementation period.

Regulators

The UK operates a “twin peaks” system of financial regulators, with two principal regulators that each have their own rulebook: the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). In addition, the Bank of England (BoE) acts as the resolution authority, and has the primary regulatory responsibility for dealing with failed banks.

The PRA is the prudential regulator for banks, and the FCA regulates banks’ conduct. The PRA has a statutory objective to promote the safety and soundness of the institutions it regulates, with a view to ensuring the stability of the UK financial system. The FCA’s strategic objective is to ensure that the UK’s financial markets function well. The FCA is responsible for regulating a wide variety of regulated firms and activities, including investment services, payment services, retail lending and insurance distribution.

The BoE also operates a Financial Policy Committee, which is the UK’s macroprudential regulator responsible for the regulation of the broader UK financial system from a macroeconomic perspective. The Financial Policy Committee has power to make recommendations to the FCA and PRA in certain cases.

Regulated Activities

Section 19 of FSMA prohibits persons from carrying on regulated activities by way of business in the UK, unless duly authorised or exempt.

Regulated activities include deposit-taking. This is triggered if money received by way of deposit is lent to others, or if the conducting of any other activity of the person accepting the deposit is financed out of the capital of, or interest on, money received by way of deposit.

Lending is generally not regulated in the UK, with the exception of various activities relating to home finance and consumer credit activity. A number of activities relating to securities, derivatives and fund units are also regulated, including dealing, advising, portfolio management and custody, as is insurance distribution.

The UK operates a universal banking regime, meaning that (with limited exceptions for ring-fenced banks) banks can obtain authorisation to conduct any financial services except for writing insurance and the management of funds (each of which is reserved to specific classes of regulated entity). A firm authorised for deposit-taking is also permitted to provide payment services and issue e-money.

EU Providers

Pre-IPCD, EU providers benefited from so-called “passporting” rights under various EU directives, enabling them to provide services or establish branches in the UK. Post-IPCD, passporting rights ceased to apply and EU firms now require a UK licence in order to continue undertaking regulated business in the UK, or they will need to operate outside the territorial scope of the UK regulatory regime.

Application Process

A bank looking to establish itself in the UK must obtain authorisation by applying for a so-called Part 4A Permission under FSMA, which will permit it to take deposits and conduct any other regulated activities within the Permission. The application is made to the PRA and FCA (the PRA acts as lead regulator), and requires the submission of extensive and detailed information about the institution, including the completion of a permissions table that sets out in detail the permissions applied for (per type of activity and client type). It is advisable for the applicant to liaise with the PRA in the pre-application phase.

In addition to the application forms, an applicant firm must also provide the following:

  • a regulatory business plan complete with a business rationale;
  • information about the ownership structure of the bank;
  • evidence of sufficient financial and non-financial resources;
  • information regarding the management structure; and
  • information about the institution’s financial standing as well as its capacity to comply with its regulatory requirements via internal monitoring.

The application will be reviewed by, and subject to the approval of, both the PRA and the FCA.

In reviewing an application for authorisation, the FCA and the PRA will assess the applicant against the threshold conditions for authorisation, which include the following requirements:

  • that the applicant has its headquarters or a branch in the UK;
  • that the applicant conducts its business in a prudent manner and possesses sufficient non-financial and financial resources;
  • that it be fit and proper to conduct regulated activities in the UK; and
  • that it be capable of being regulated and supervised by the FCA and the PRA.

The PRA and FCA must make a decision on the suitability of the applicant within a six-month period beginning on the date on which they receive a complete application form. The regulators also have the power to request further information, which resets the start of the six-month period, meaning that the licensing period, in practice, can extend to up to a year.

The application fee is non-refundable regardless of the outcome; if successful, the bank must then pay an annual fee to either the FCA or the PRA, the cost of which varies based on what type of bank the applicant is looking to set up and the revenue the bank generates. Retail consumer banks also need to pay fees levied by the Financial Ombudsman Service (FOS) and the Financial Services Compensation Scheme (FSCS). Licences granted to banking institutions are theoretically indefinite, albeit with the caveat that the PRA has the power to suspend the licence at any point, and to impose fines if the bank fails to comply with the regulatory framework.

Under Section 178 of FSMA, any person intending to acquire or increase their level of control of a UK-headquartered bank must provide written notice of such to the PRA (no requirement applies to foreign banks with a UK branch). Prior to the acquisition taking place, the PRA requires a 60-working-day window to elapse, or approval to be given before the 60 working days is up, before the transaction can be completed. In this context, the meaning of “control” is defined as shareholding and/or voting rights.

This requirement is triggered by the acquisition of a holding that equates to 10% or more of the total shareholding or voting rights in a UK-authorised person, or a parent of that authorised person, or a share or voting power that would enable the exercise of significant influence over the authorised person. A person’s “control” includes indirectly held voting power and is aggregated with the control of another with whom they are acting in concert.

An increase in control is deemed to have occurred whenever the percentage shareholding or voting rights crosses the 20%, 30% or 50% threshold, or if the authorised person becomes a subsidiary as a result of the acquisition. Likewise, a reduction in shareholding or voting rights at those same thresholds triggers a reporting requirement to provide the PRA with written notice. Failure to comply with either of these obligations is a criminal offence.

In assessing an application, the PRA will consider a number of factors, including:

  • the applicant’s reputation and the reputation of anyone who will exert significant control over the bank’s direction;
  • the applicant’s financial position;
  • the ability of the bank to comply with the prudential requirements; and
  • the risk that the acquisition has any connection to financing terrorism or facilitating money laundering.

There are no restrictions on the foreign ownership of banks in the UK, subject to applicable financial sanction requirements at a UK, EU or United Nations level.

The Companies Act 2006 provides the general basis for the general duties of directors of UK companies. Regulated firms are subject to additional requirements, reflecting the need for high-quality governance in the banking sector.

PRA Fundamental Rules and FCA Principles

These establish high-level standards with which banks must comply, designed to protect the interests of customers and the wider economy as a whole. In particular, the PRA Fundamental Rules include requirements that a firm must have effective risk strategies and risk management systems (Fundamental Rule 5), and that a firm must organise and control its affairs responsibly and effectively (Fundamental Rule 6).

PRA Rulebook

These high-level requirements are supplemented by the General Organisational Requirements part of the PRA Rulebook, which implements a number of more detailed organisational requirements under the European regulatory framework set out in the revised Capital Requirements Directive (CRD IV) and the recast Markets in Financial Instruments Directive (MiFID II), each as onshored in the UK. These include requirements for:

  • a robust governance framework, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
  • effective processes to identify, manage, monitor and report risks;
  • internal control mechanisms; and
  • the management body to define, oversee and be accountable for the implementation of governance arrangements that ensure effective and prudent management.

The FCA and PRA rules are also supplemented by the UK onshored version of EU Delegated Regulation 2017/565 as regards organisational requirements and operating conditions for investment firms, which imposes more detailed requirements around the compliance, risk and internal audit functions, outsourcing and the management of conflicts of interest.

Senior management and personnel are required to be not only sufficiently experienced in their field, but also of sufficiently good repute, in order to ensure the prudent and sound management of the bank. The bank must ensure that it has two employees who qualify as such, and that at least two of these individuals are independent in their formulation of ideas and the bank’s policies.

Diversity must also be taken into account when selecting management members. Regulators must be notified of the composition of the management team, and changes made to it. Management must have adequate access to information about the bank’s operations, and the effectiveness of the bank’s operations must be monitored and periodically assessed, with steps taken to remediate problems.

The UK framework includes added requirements for significant firms, such as obligations to have a separate chair and CEO, and to have separate board risk, nomination and remuneration committees.

Further requirements apply to UK banks that are UK listed or subject to the UK ring-fencing rules under the UK Corporate Governance Code’s principles of good governance, as overseen and maintained by the Financial Reporting Council.

Senior Managers and Certification Regime (SMCR)

This regime was implemented in March 2016 in the wake of the financial crisis, as a response to a perceived lack of personal accountability among individuals working in the financial sector. The SMCR aims to encourage responsibility among employees at all levels, and to improve conduct and encourage clear demarcation of responsibility. It is broken up into three separate regimes.

Senior Managers Regime (SMR)

This focuses on individuals performing defined senior management functions (including executives, the chief risk officer, the head of the finance function, the heads of key business areas and the head of compliance). They must obtain approval from the regulator to perform senior management functions at their firm, regardless of whether they are physically based in the UK or overseas. Firms must assess whether senior managers are fit and proper to perform their roles both at the outset (including by taking references) and thereafter.

Senior managers are also subject to the “duty of responsibility”, which requires them to take reasonable steps to prevent breaches of regulatory requirements in their area(s) of responsibility from occurring or continuing. Each regulator sets out a list of prescribed responsibilities that must be allocated among the senior managers, with the intent that senior managers are accountable to the regulators for those responsibilities. UK banks are also required to maintain a management responsibility map describing the firm’s management and governance arrangements, including reporting lines and the responsibilities of senior staff.

Certification Regime

This focuses on individuals who are deemed by the regulator to pose a threat to the firm or its customers, by the nature of their role (certified persons). Examples of roles that are denoted as such include individuals who give investment advice or bear responsibility for benchmarks. Certified persons are not “pre-approved” by the regulator, but instead their employers must seek certification that they are fit and proper both at the start of their employment (including by taking references) and annually on a rolling basis.

Conduct Rules

High-level expectations of all staff involved in the running of the bank are set by the Conduct Rules, which apply to senior managers, certified persons and almost all other employees of the firm, with the exception of those who perform ancillary functions.

UK remuneration requirements have been set in accordance with the EU provisions set out under CRD IV and V, subject to limited additional restrictions implemented following the financial crisis of 2008. The requirements are set out in the Remuneration Codes of the PRA and FCA, and apply differently depending on the nature of the firm and its activities. UK banks are subject to both the PRA and FCA Remuneration Codes.

Remuneration Codes

Groups in the UK must apply the Remuneration Codes to all their regulated and unregulated entities, regardless of their geographic location. Subsidiaries of UK banks in third countries must also apply the Remuneration Codes to all subgroup entities, including those based outside the UK. The Remuneration Codes also apply to UK branches of third-country firms.

Code Staff

Some requirements of the Remuneration Codes apply universally to all employees, such as those limiting variable pay or termination payments, whereas others only apply to staff classified as “Code staff”. Code staff are employees who are either senior managers or “material risk takers”, individuals engaged in control functions, and any individual whose total remuneration places them in the same remuneration bracket as senior managers. If an individual is classified as Code staff but satisfies the requirements for the “de minimis” concession, certain requirements of the Remuneration Codes can be relaxed. The de minimis concession is satisfied by an individual who has variable remuneration that does not exceed GBP44,000 in a performance year, and where variable pay does not make up more than one-third of the individual’s total annual remuneration.

Principles Applicable to Pay

Under the Remuneration Codes, various principles are applicable to an employee’s pay (“remuneration”, covering all forms of salary and benefit payments, including in-kind benefits). A bank must set an appropriate ratio between fixed and variable pay. At least 50% of variable pay should be in equity, equity-linked or equivalent instruments, and at least 40% of variable pay (or 60% where variable pay is particularly high) must be deferred and vested over a period of four to seven years. Banks are also required to adjust non-vested deferred amounts to reflect performance outcomes.

Limits are also placed on guaranteed bonuses, which should be exceptional and limited to new staff, and on contract termination payments, to ensure these do not reward failure.

Finally, banks must also implement policies and procedures to ensure that Code staff do not engage in personal investment strategies that undermine the principles of the Remuneration Codes, such as insurance or hedging against the risk of performance adjustment.

Proportionality Rule

The requirements in the Remuneration Codes are subject to a proportionality rule, which provides that, when establishing and applying the total remuneration policies for its Code staff, a firm must comply with the requirements in a way and to an extent appropriate to its size and internal organisation, and the nature, scope and complexity of its activities. The expectations of the PRA and FCA regarding firms’ application of the proportionality rule is based on their “relevant total assets”, divided into three levels.

  • Level 1 is for firms with total assets exceeding GBP50 billion, averaged over a four-year period.
  • Level 2 firms are those with total assets exceeding GBP13 billion but less than or equal to GBP50 billion, averaged over a four-year period. A firm with total assets of less than GBP13 billion, averaged over a four-year period, will nonetheless be considered a Level 2 firm if it is a large institution (as defined in the onshored version of the CRR (UK CRR)), or if the firm’s assets as calculated on an individual basis exceed GBP4 billion over a four-year period.
  • Level 3 firms are those with less than GBP13 billion in total assets on average over a four-year period, provided that they are not large institutions (as defined in the UK CRR), and provided that their assets as calculated on an individual basis are less than or equal to GBP4 billion, averaged over a four-year period. Any firm with total assets of less than or equal to GBP4 billion, averaged over a four-year period, will also be considered a Level 3 firm.

The UK is a member of the Financial Action Task Force (FATF), which is an international, intergovernmental task force (not a formal international body) set up and funded by the G7 and other members to combat money laundering and terrorist financing.

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLR)

This is the primary legislation governing AML requirements in the UK, and is supported by extensive non-statutory guidance given by the Joint Money Laundering Steering Group, which sets out what is expected of banks and staff in relation to the prevention of money laundering and terrorist financing. The principal elements of the MLR are requirements to conduct risk assessments associated with money laundering and terrorist financing, and to apply risk-based customer due diligence policies, controls and procedures, calibrated to the type of customer, business relationship, product or transaction, and taking into account situations and products which by their nature can present a higher risk of money laundering or terrorist financing; these specifically include correspondent banking relationships, and business relationships and occasional transactions with politically exposed persons.

The FCA requires firms to give overall responsibility for their AML operations to a director or senior manager, who is responsible for being aware of the money laundering risks and taking steps to effectively mitigate them. A Money Laundering Reporting Officer must also be appointed, as the keystone of the firm’s AML procedures.

In January 2020, the UK government enacted the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which was the legislative instrument designed to implement the EU’s Fifth Anti-Money Laundering Directive (5MLD). The UK, in fact, has opted to exceed the requirements set out under the EU legislation, as part of its push to maintain its role as a world-leading financial centre.

The updated regulations extended the scope of the persons subject to the MLR, extended the customer due diligence requirements, created bank account portals that can be accessed by financial intelligence units and national regulators, and created a system of registration for crypto-asset businesses. The EU introduced a sixth AML directive ((EU) 2018/1673), which was to be implemented by EU member states by 3 December 2020. The UK chose not to transpose this directive into national law, on the basis that the vast majority of its requirements were already part of existing UK legislation.

In July 2022, the Money Laundering and Terrorist Financing (Amendment) (No 2) Regulation was enacted, with a view to updating and strengthening the existing UK AML legislation. Among other things, the Regulation allows the FCA to object to an acquisition or change in control of crypto-asset firms, and to publish notices relating to such objections; it also allows the FCA and HMRC (the UK’s tax authority) to publish notices of refusals to register applicants for MLR registration.

The FSCS

The FSCS is the UK compensation fund available to customers of a majority of UK financial services firms. Its purpose is to provide a backstop in case of the failure of a regulated financial institution, paying compensation up to certain limits when the institution in question is unable to pay claims against it, or is likely to become unable to do so. It is the UK’s depositor compensation scheme, but also covers other classes of regulated business, including insurance and investment business.

The failure of a bank, the insolvency of an insurer or the provision of negligent advice causing loss to a consumer by a financial adviser are all examples of potential justified causes for making a claim for compensation. The extent to which a claimant will be compensated in the event of a successful claim varies depending on the nature of the claim.

The regulatory rules applicable to the FSCS’s depositor protection arrangements are largely set out in the Depositor Protection module of the PRA Rulebook. This provides that the FSCS must pay compensation in respect of an eligible deposit with a defaulted UK bank or foreign bank with respect to its UK branch deposits. Additionally, the FSCS must pay compensation to FSCS eligible customers of e-money institutions, authorised payment institutions, small payment institutions, and credit unions (in respect of e-money) where a bank holding such firms’ safeguarded funds has failed. For protected deposits, including retail deposit accounts, compensation is capped at GBP85,000, subject to a higher cap of GBP1 million for certain temporary high balances (such as a balance associated with home sales and purchases). Certain classes of depositor are ineligible for compensation, including banks, investment firms, insurance undertakings, financial institutions and certain funds.

To support the need for the FSCS to be able to make rapid payouts in respect of banks in default, the depositor protection rules are supplemented by extensive requirements to ensure that banks can provide the FSCS with the requisite information to make compensation payments. These are centred around the so-called Single Customer View, which is a dataset made available to the FSCS to enable it to identify clients and their claims in order to be able to identify and fund compensation payments.

The FSCS primarily operates under Part 15 of FSMA, which sets out the governance of the scheme, as well as the capacity of the FCA and PRA to make rules in relation to the FSCS. The scheme is officially managed by Financial Services Compensation Scheme Ltd, operating as a guarantee-limited company.

The scheme is principally funded via fees and levies charged to participating firms. These costs include the management expenses levy (broken up into yearly base cost running fees, and specific costs for particular funding classes) and the compensation costs levy, which is primarily a result of the costs incurred by the FSCS in paying out compensation.

Firms participating in the scheme are typically allocated into one or more funding classes, determined on the basis of the regulated activities they perform. The amount each firm is obliged to pay is based on which of these funding classes they have been placed in, up to a maximum amount per funding class each year. If a firm were to fail, and there was insufficient funding available from the other institutions in that funding class, the costs would be pooled across all the funding classes through a mechanism known as the FCA retail pool.

Duty of Confidentiality

The UK does not have a specific statutory regime regulating banking secrecy, but instead relies on the common law duty of confidentiality between the customer and bank, born from their contractual relationship. Common law provides that the bank has a duty of confidentiality to the customer, as an implicit term of the contract.

The duty of confidentiality from a bank to its customer broadly covers all information about the customer that is held by the bank. The case of Tournier v National Provincial and Union Bank (1924) established that the duty expressly covers the credit or debit balance of the customer’s account, all transactions made through the account, and the securities given in respect of the account.

This duty of confidentiality also extends beyond the lifetime of the account, continuing to apply after it is no longer active or even after it is closed. It further extends to information that is held by the bank about the customer that is from a source other than the customer’s own account, if the acquisition of this information was an indirect result of the customer holding that account.

Exceptions

The bank’s duty to the customer is not absolute; there are a number of exceptions to the duty established in Tournier that allow a bank to divulge information in certain circumstances. Information may be disclosed by the bank if the customer has provided their express or implied consent to the disclosure, if the bank is legally compelled, if there is a public duty, or if the disclosure would protect the bank’s own interests.

If a customer has agreed, however, to express terms in their contractual relationship with the bank to permit disclosure in particular situations, then this agreement would take precedence over Tournier. Regulators also have some additional specific powers in relation to compelling bank disclosure; the FCA has statutory powers to require certain disclosures, as does HMRC in respect of tax. Likewise, if there are reasonable grounds for suspicions of money laundering or terrorist financing, banks may be compelled to co-operate in providing information under AML and CTF legislation.

When the FCA or PRA requires a disclosure to be made by a bank to its investigators as part of an ongoing investigation, it is subject to a statutory obligation of confidentiality with respect to the information, subject to limited “gateways” permitting disclosure in certain circumstances.

Breaches

As the duty of confidentiality is a common law regime, rather than a statutory one, a breach of contract or a breach of common law is the potential result of a bank failing to observe the customer’s rights. The customer may seek an injunction, even pre-emptively, in order to prevent a breach, or to restrain or avoid a repetition of something previously disclosed. The customer may then also seek damages potentially for a breach of contract, presuming that there are express confidentiality provisions, or for a common law breach of the duty of confidentiality.

The Basel Accord

As a member of the G20, the UK has implemented the Basel Accord. The principal legislation implementing the Basel Accord is CRD IV (as implemented in the UK) and the UK CRR, which apply the Basel Accord to all banks. In 2022, the PRA implemented many of the remaining reforms under the Basel III package, including the Net Stable Funding Ratio, which came into force on 1 January 2022. As part of these reforms, the PRA migrated a number of requirements in the CRR into the PRA Handbook. In November 2022, the PRA published a consultation paper on the final Basel III standards (which the PRA refers to as Basel 3.1), which are expected to apply in the UK from 1 July 2025 and focus on credit, market and operational risk. The PRA is expected to issue two near-final policy statements on the Basel 3.1 standards by the end of 2023 and by mid-2024, respectively.

All authorised banks are subject to PRA Fundamental Rule 4, requiring institutions to hold and maintain adequate financial resources. UK banks are additionally subject to detailed risk management, capital and liquidity requirements that do not apply to non-UK banks, with the exception of some risk management requirements, which apply at branch level.

Risk Management

A bank must be able to identify, manage, monitor and report actual or potential risks through adequate risk management policies and procedures and risk assessments. Specific risks that a bank must plan for include credit risk, market risk and liquidity risk, but also less apparent sources of risk such as operational risk, residual risk, group risk and reputational risk.

A bank must establish and maintain an independent risk management function implementing its policies and procedures and reporting to or advising senior personnel accordingly. The risk control arrangements should (where appropriate considering the bank’s size, nature and complexity) include a chief risk officer (CRO) and a board-level risk committee.

Among other things, the CRO should be accountable to the board, be fully independent of business units, have sufficient stature and authority to execute the responsibilities, and have unfettered access to any part of the bank’s business that impacts its risk profile. The CRO is expected to report to the chief executive, chief finance officer or other executive directors.

A risk committee should be headed by a non-executive director and be composed mainly of non-executive directors. The risk committee oversees and challenges the bank’s risk monitoring and management, and advises the board on risk strategy and oversight. A bank’s internal control mechanisms and procedures must permit verification of its compliance with rules adopted under CRD IV and the UK CRR at all times.

Capital Requirements

The UK CRR imposes capital requirements on UK banks in the form of risk-weighted asset and leverage requirements.

Risk-weighted asset capital requirements oblige a bank to maintain regulatory capital ratios by reference to a bank’s “total risk exposure amount”, which weights the accounting value of a bank’s assets and credit exposures according to their potential to suffer loss.

Regulatory capital comprises Tier 1 capital (comprising Common Equity Tier 1 (equity) and Additional Tier 1 (equity-like hybrid capital instruments)) and Tier 2 capital (deeply subordinated debt). Common Equity Tier 1 capital is the highest-quality capital, generally comprising ordinary share capital and reserves. Additional Tier 1 capital is the next level of quality of capital, comprising perpetual subordinated debt instruments or preference shares that must automatically be written down or converted into CET1 if the bank’s CET1 ratio falls below a specified level. In practice, the PRA generally expects that this level is at least 7%. Tier 2 capital is capital that is of an insufficient quality for CET1 or AT1, and comprises subordinated debt or capital instruments with an original maturity of at least five years, meeting specific criteria.

The Pillar 1 minimum capital requirements that currently apply to UK banks under the UK CRR require the following:

  • a base regulatory capital of at least 8% of the total risk exposure amount;
  • Tier 1 capital (comprising CET1 capital and AT1 capital) of at least 6% of the total risk exposure amount; and
  • CET1 capital of at least 4.5% of the total risk exposure amount.

These are supplemented by buffer requirements. Pillar 2A captures those risks against which banks must hold capital and that are not eligible under the Pillar 1 regime. This includes the combined buffer, formed of a capital conservation buffer of 2.5% of the total risk exposure amount, a countercyclical buffer (currently set at 2%), a buffer for global and other systemically important institutions, and a systemic risk buffer for banks that are subject to UK ring-fencing requirements. Pillar 2B, or the PRA buffer, takes into account a bank’s ability to withstand severe stress, alongside perceived deficiencies in its risk management and governance framework, as well as any other information deemed relevant by the PRA.

In determining risk-weighted assets, the bank’s assets and liabilities are divided into the trading book and non-trading book. In determining capital requirements in the non-trading book, banks may follow the standardised or (with PRA approval) internal ratings-based approach. Capital requirements in the trading book comprise counterparty credit risk and market risk, position risk, equity risk, commodities risk, foreign exchange risk, and risk associated with options and collective investment schemes. As with the non-trading book, the rules contemplate a variety of methods of calculating risk-weighted asset requirements. The risk-weighted asset requirement also includes a metric for operational risk.

Leverage Ratio

Unlike the risk-weighted assets ratio, the leverage ratio is non-risk sensitive. The leverage ratio requires that a bank’s Tier 1 capital exceeds 3.25% of its total assets and off-balance-sheet exposures. The PRA has also issued firm-specific countercyclical buffer requirements and additional leverage ratio buffer requirements for certain banks.

MREL

The BoE also regulates the minimum requirement for own funds and eligible liabilities (MREL), broadly following the revised EU Directive 2014/59 on bank recovery and resolution (EU BRRD); it has also implemented the Financial Stability Board’s standards on total loss-absorbing capacity (TLAC) through the MREL framework. The BoE has issued a policy statement establishing its approach to MREL. The quantum of the MREL requirement depends on the resolution strategy of any given bank, which in turn depends on its size and the nature of its activities. The largest UK banking groups are expected to issue MREL that broadly equate to either twice their risk-weighted asset or twice their leverage capital requirements, whichever is higher. In December 2021, the BoE published a revised MREL Statement of Policy, which sets out its MREL framework and has applied since 1 January 2022.

Liquidity Requirements

All UK banks are subject to liquidity requirements implementing the Basel III liquidity coverage ratio, which came into force in January 2015. They are designed to ensure that banks hold a buffer of unencumbered, high-quality, liquid assets in order to meet modelled outflows in a 30-day stress test scenario. The presumption in this scenario is that the institution’s management will be able to take suitable actions to correct the course in that period.

High Quality Liquid Assets (HQLA) are cash or assets that can be converted into cash quickly with limited or no loss in value. An asset can be deemed an HQLA for the purposes of the liquidity requirements if it is unencumbered and meets the minimum liquidity criteria, and if the firm is able to demonstrate that it can be quickly converted into cash if required. HQLA are divided into Level 1 and Level 2 assets, based on their likely liquidity. Level 1 assets include only the most liquid – including cash – central bank reserves, and certain securities that have the backing of a sovereign government or a central bank.

There is no limit on the quantity of Level 1 assets a bank can hold, as these are preferable from a regulatory perspective. Level 2 assets include particular government securities, covered bonds, corporate debt securities and residential mortgage-backed securities. A firm must hold no more than 40% of its total liquid asset pool in Level 2 assets. Under the UK CRR, except for periods deemed to be crises, a UK bank must maintain a liquidity buffer equal to at least 100% of its anticipated net liquidity outflows over a 30-calendar-day stress period, where the total net outflows must not exceed the total HQLA pool over the period of the stress testing upon the bank.

The requirements also compel UK banks to regularly report their liquidity data to the PRA, with retail funding reports and systems and control questionnaires being reported quarterly, marketable assets and funding concentration reports being reported monthly, mismatch reports and pricing data being reported weekly, and the underlying liquidity of the bank being reported daily. Liquidity requirements apply on a solo and consolidated basis. The PRA can waive the application of the requirements on a solo basis, but is unlikely to do so other than in relation to subgroups of institutions authorised in the UK. UK banks are, therefore, generally not able to rely on liquidity from non-UK subsidiaries to satisfy UK liquidity requirements.

The UK has implemented the Financial Stability Board Key Attributes of Effective Resolution Regimes. A bank incorporated in the UK may be wound up under the general insolvency law applicable to UK companies, or wound up or resolved under the special resolution regime (SRR) under the Banking Act 2009. The UK regulatory framework also provides for recovery and resolution planning to enhance the resilience and resolvability of UK banks and banking groups: the MREL requirement described in 8.1 Capital, Liquidity and Related Risk Control Requirements also supports resolution by ensuring that firms have sufficient capital or liabilities available for recapitalisation in resolution, where appropriate.

Insolvency

Banks have special protections from insolvency proceedings, with only the BoE, PRA or the Chancellor of the Exchequer being able to apply for the court order required under Section 94 of the Banking Act. The application to the court would be made on the basis that the bank is either unable to pay its debts or is likely to become unable to do so, and that the winding-up of the institution would be just and equitable. In order for the application to be made to the court in the first place, the PRA must be satisfied that the trigger conditions of failure or likely failure have been met, and the BoE must be satisfied that it is not reasonably likely that the situation will be reversed. Separately, the Chancellor of the Exchequer can apply on the grounds that the winding-up of the bank would be in the public interest.

Recovery and Resolution Planning

Consistent with the requirements of the EU BRRD (as implemented in the UK), UK banks are required by the PRA to produce and maintain recovery plans, along with resolution packs, in order to reduce the risk that the failure of a UK bank could threaten the broader market or require government intervention in the form of taxpayer money being used for a bailout.

The PRA and BoE introduced a resolvability assessment framework for major banks in 2019, which supplements the recovery and resolution framework by requiring banks to undertake an assessment of their resolvability, submit it to the PRA and publish a summary of the assessment thereafter. Banks submitted their resolvability disclosures to the PRA by October 2020 and made them public by June 2021. In June 2022, the BoE published the results of the first assessment of resolvability, with the next assessment due to take place in 2024.

Resolution

The SRR gives the UK authorities powers to resolve a failing bank (or banking group company). It consists of five stabilisation options:

  • transfer to a private sector purchaser;
  • transfer to a bridge entity;
  • an asset management vehicle tool;
  • a bail-in tool; and
  • transfer to temporary public sector ownership.

It also includes a modified bank insolvency procedure that facilitates the FSCS in providing a prompt payout to depositors or a transfer of their accounts to another institution, and a bank administration procedure, for use where there has been a partial transfer of business from a failing bank.

The SRR tools may only be deployed in the following circumstances:

  • where a bank is failing or likely to fail;
  • where it is not reasonably likely that action will be taken that would result in the bank recovering; and
  • where the exercise of resolution powers is in the public interest.

In exercising the stabilisation powers, the resolution authority (generally the BoE, although temporary public ownership is reserved to HM Treasury) is required to have regard to a number of resolution objectives, including ensuring the continuity of banking services, depositor and client asset protection, financial stability and the need to avoid interfering with property rights.

On entry into resolution, the SRR requires the BoE to write down equity and write down or convert other capital instruments into common equity. The BoE has discretion to select the appropriate resolution tool to apply to resolve the bank. The main resolution tools are:

  • bail-in – the write-down of the claims of the bank’s unsecured creditors (including holders of capital instruments) and conversion of those claims into equity as necessary to restore solvency to the bank, which is intended to be applied to large banks;
  • transfer to a private sector purchaser or bridge bank – the transfer of all or part of a bank’s business to another bank or to a temporary bank controlled by the BoE, which is intended to be applied to smaller banks; and
  • finally, the modified insolvency regimes for the smallest banks.

Nationalisation is also provided for within the SRR framework as a last resort.

The regime carries with it a number of ancillary powers to enable the transfer of property, to stay default and other rights, and to take other action supporting resolution. Because these potentially affect property and other rights, the framework includes a number of safeguards, including a “no creditor worse off” provision designed to ensure that creditors and other stakeholders in the process are no worse off as a result of the resolution than they would have been had the bank been put into liquidation at the point of the resolution.

Insolvency Preference

Consistent with the requirements of the EU BRRD (as implemented in the UK), the UK insolvency framework includes depositor preferences. These prefer covered deposits (deposits protected by the FSCS). Eligible deposits (deposits by persons eligible for FSCS coverage over the FSCS limit) and deposits made by natural persons and micro, small and medium-sized enterprises that would be eligible deposits if they were taken in the UK are subordinate to covered deposits but rank ahead of other senior claims.

The Financial Services and Markets Act 2023

Following a consultation on the optimal structure for UK financial services post-Brexit, FSMA 2023 is intended, over its staggered implementation period, to create the legislative and institutional architecture to support a move away from onshored EU legislation towards the historic approach taken under FSMA, whereby primary responsibility for regulation is delegated to the UK regulatory authorities, subject to the oversight of Parliament.

FSMA 2023 establishes a framework to revoke retained EU law relating to financial services, and will enable HM Treasury and the UK financial services regulators to replace it with legislation and, more commonly, regulatory rule sets designed specifically for the UK, to deliver the comprehensive FSMA model of regulation. Outside the post-Brexit agenda, FSMA 2023 also will make a number of other changes that reflect ongoing international developments (eg, critical outsourcing), and deals with some gaps in the existing UK regulatory framework (eg, around approval of financial promotions).

Depositor Protection

In April 2023, the BoE published a statement setting out areas it has identified as requiring improvement to ensure positive outcomes for depositors whose bank is subject to a bank insolvency procedure. The areas include implementation of electronic transfers of covered balances to depositors following a bank insolvency, improved infrastructure to support the redirection of a depositor’s payments when the depositor moves banks, and ensuring sufficient operational support and capacity at alternative banks for displaced depositors. The BoE has stated it is working with other UK authorities on these areas and updates will be published in due course.

Strong and Simple Initiative

The PRA is seeking to mitigate the “complexity problem” that arises when the same prudential requirements are applied to all firms, and aims to achieve this through its “strong and simple” initiative that seeks to simplify the prudential framework for non-systemic domestic banks. The PRA’s consultation on the scope of this simpler regime, and the liquidity and disclosure requirements under it, closed on May 2023, with consultations on other aspects of the regime expected in the first half of 2024.

Remuneration

In February 2023, the PRA consulted on simplifying the remuneration rules that apply to material risk takers at small firms, which were introduced under CRD V. The PRA has proposed that the rules relating to performance adjustment (malus and clawback) as well as buyouts should not apply to smaller firms. A policy statement is expected to be published in early 2024. The PRA has also confirmed it will be removing the cap on variable remuneration from its Remuneration Code, effective from 31 October 2023.

AML and CTF

HM Treasury is consulting on reforms to the AML and CTF supervisory system. This consultation builds on HM Treasury’s 2022 review of the UK’s AML and CTF regulatory regime, which set out alternative models of AML and CTF supervision.

The Economic Crime Levy was introduced by the Finance Act 2022. Entities supervised under the MLR will be required to pay the levy if their UK revenue exceeds GBP10.2 million a year. First payments are expected to be made in the financial year from 1 April 2023 to 31 March 2024.

Diversity and Inclusion

The PRA is consulting on proposed further diversity and inclusion requirements to apply to banks, and in some cases to third-country branches. The proposals include requirements to develop a diversity and inclusion strategy setting out how the bank will meet its objectives and goals, collect, report and disclose data against certain characteristics, and set targets to address under-representation. There is also a proposal to require some UK banks and third-country branches to set targets for under-represented demographic groups in board and senior leadership positions, such as under-represented ethnicities.

Consumer Credit

In December 2022, the UK government consulted on reform to the UK consumer credit regime, which applies to banks and other providers of consumer loans, with a view to its modernisation, restructuring to follow the FSMA model of regulation and alignment with the FCA Consumer Duty regime, which came into force in 2023. The government is undertaking policy development to produce more detailed proposals, with a view to publishing a second stage consultation in 2024.

Supervision of Climate-related Risk

In addition to their international engagement and initiatives, the BoE and the PRA have in recent years started considering climate-related risks and their potential impact on UK financial stability. In particular, the BoE is committed to ensuring that the UK financial system is resilient to the risks from climate change and has made a ten-part pledge to advance the climate agenda across its strategic priorities.

In June 2022, the Basel Committee issued its principles for the effective management and supervision of climate-related financial risks. The PRA has included climate change in its core supervisory approach from 2022 and aims to supervise firms in line with its expectations. In October 2022, the PRA published a “Dear CEO” letter regarding, among other things, a thematic review on the PRA’s supervision of climate-related financial risk. The PRA expects firms to continue improving their compliance and risk frameworks by incorporating climate considerations in their governance and risk management processes.

Furthermore, in October 2021, the BoE published a Climate Change Adaptation Report, which considered climate risks and regulatory capital regimes.

In March 2023, the BoE and PRA published a report which identified a number of gaps in how the existing UK regulatory capital framework deals with climate-related risk. In the report, the BoE confirmed it will be considering whether any changes are required to the macroprudential framework to mitigate climate-related risks.

Climate-related Disclosures

The UK government announced in 2020 that UK financial institutions (including banks) will be required to make mandatory climate-related disclosures compliant with the Task Force on Climate-related Financial Disclosures (TCFD) recommendations by 2025. Some of these disclosure requirements are expected to come into force sooner than that, and firms should be prepared to update their client-facing documentation in line with the new requirements in due course.

In November 2023, the FCA published a Policy Statement outlining the new sustainability disclosure requirements (SDR) and investment label regime. The new SDR requirements aim to protect UK consumers and ensure that trust is not eroded in sustainable investment products as a result of greenwashing. The FCA’s anti-greenwashing rule and guidance will come into force on 31 May 2024, with in-scope firms expected to comply with the naming and marketing rules by 2 December 2024. While many of the proposed SDR requirements are not yet applicable to banks, the general “anti-greenwashing” rule will apply to all UK-regulated entities and “reiterates existing rules to clarify that sustainability-related claims must be fair, clear and not misleading”. The regime is expected to be expanded in the future, and the prudent approach would be for UK banks to monitor developments in this space.

In June 2023, the International Sustainability Standards Board (ISSB) published its first two new standards in IFRS S1: General Requirements for Disclosure of Sustainability-related Financial Information, and IFRS S2 on Climate-related Disclosures. The UK government has since planned to establish a framework to assess the suitability of these standards for application within the UK and aims to make endorsement decisions on the first two standards by July 2024. The FCA has also announced its intention to update its climate-related disclosure rules to reference the ISSB standards.

Allen & Overy LLP

One Bishops Square
London E1 6AD
UK

+44 020 3088 0000

www.allenovery.com
Author Business Card

Law and Practice in UK

Authors



Allen & Overy has an international financial services regulatory team that is a strategic partner to the world’s leading financial institutions, guiding them through an increasingly complex regulatory landscape where national and international regulations may interact or conflict. With more than 80 financial services regulatory experts across its international network of offices, the firm has the breadth and scale a global business needs, as well as an understanding of the local environment. It helps clients plan for and navigate complex developments and challenges, protecting them from regulatory risk and advising them on how to take advantage of emerging opportunities. The group includes several leaders in their field, and amalgamates specialist expertise from the firm’s banking, payments, capital markets, investigations and regulatory enforcement practices, along with A&O Consulting and Markets Innovation Group (MIG) colleagues, supported by the advanced delivery and project management teams. This cross-practice, multi-product, international offering gives clients greater access to market-leading expertise and innovative products and solutions tailored to their specific, complex needs.