Financial Services firms are expected by FCA to have carried out risk assessments and to have risk mitigation plans in place
The FCA Senior Management Systems and Controls rules (“SYSC”) require firms to have robust plans to identify and mitigate risks, including Disaster Recovery Plans (“DRP”) and Business Continuity Plans (“BCP”). One of the key risks a firm should have risk assessed and planned for is a Pandemic. The last time a Pandemic affected the UK was in 2009-2010 when the H1N1 “Swine Flu” Pandemic hit. At that time whilst there was a lot of planning and concern, the impact upon the UK was very slight. However, in the face of the threat from COVID-19 firms are expected to be prepared to largely permit Business As Usual (“BAU”) – even if people are working remotely.
Firms must also take into account the impact of issues such as a Pandemic when carrying out their capital adequacy assessment (“ICAAP”) and assess the impact on cash flow. Firms must monitor capital and cash flow at least monthly (and more frequently where required or where prudent to do so). Firms must understand that as regulators expect these issues to have been planned for and provided for, there is no appetite from regulators to excuse non-compliance. If your firm is in any danger of not remaining compliant (even that appears remote at this stage), please contact us immediately so that we can assist you with corrective or remedial action or in managing the situation with your regulator(s).
In the event that your risk assessment, risk mitigation, BCP, ICAAP or liquidity/cash flow needs to be updated or re-modelled to reflect the new facts of your situation, please contact us as soon as possible so we can help you.