Skip to content

Ten FCA and PRA enforcement predictions for 2023 – Part 2

This pair of posts focuses on ten less-obvious enforcement predictions that we think will shape the UK financial services investigations and enforcement landscape during 2023 and beyond.

Our first post considered: the imminent change of leadership in the Financial Conduct Authority’s (FCA) enforcement division, increased use of supervisory intervention powers, issues relating to hybrid working, the regulators’ focus on data and, of course, sustainability disclosures. 

Here are our final five predictions. 

6.  Vulnerable customers and the cost of living crisis: a clear warning to the industry

Since assuming the role of CEO of the FCA in October 2020, Nikhil Rathi has made it plain that one of his key areas of focus will be firms’ treatment of vulnerable customers. The UK was at the time in the throes of the impacts of Covid-19, which increased the FCA's focus on the risks to vulnerable customers. The impacts of Russia's invasion of Ukraine and the subsequent cost of living crisis has only heightened its concerns.

In June 2022, the FCA published a Dear CEO letter setting out its expectations of lenders in relation to vulnerable customers and sharing its findings from review work that it had conducted, which identified a number of failings. The letter also stressed the importance of firms implementing the FCA’s vulnerable customer guidance (FG21/1) which was published in 2021 and provides firms with guidance on complying with the FCA’s Principles in their treatment of vulnerable customers.

Given the FCA’s focus on vulnerable customers in the current difficult economic circumstances, we expect that, if the FCA identifies breaches that result in significant detriment, it will consider enforcement action. The FCA will also expect firms to pay particular attention to vulnerable customers as they move to implement the new consumer duty by the end of July this year. It is clear that there will be significant FCA supervision focus on firms’ implementation of the consumer duty and the FCA has already expressed concern that some firms may be lagging behind in their thinking and planning. Enforcement action may be taken against firms that either breach the consumer duty’s requirements in relation to vulnerable customers or fail to implement the new rules in a timely and effective way, having particular regard to vulnerable customers’ needs.

7.  Non-financial misconduct: continued scrutiny with the promise of further guidance

The FCA’s focus on non-financial misconduct will continue. To date, the FCA’s enforcement focus has been on the regulatory impact of serious sexual or violent criminal offences that individuals have committed outside the workplace. It has not yet used its enforcement tools to tackle the most common types of non-financial misconduct that firms must grapple with, including bullying and discrimination, but we expect these kinds of cases to come. Instead of seeing enforcement cases that solely focus on these types of non-financial misconduct, we think that the FCA will at least start by introducing observations about non-financial misconduct into cases involving other issues. For example, the FCA could query whether a senior leader’s oppressive management style created an environment where employees felt unable to speak up about a material issue or controls failure. Alternatively, it could examine whether a firm’s governance arrangements were impaired due to the excessively dominant management style of a small number of managers.

It will be interesting to see if the FCA repeats or builds on its recent focus on “character” in the context fitness and propriety decisions arising from non-financial misconduct, including through further guidance in this area that the FCA has hinted may be forthcoming.

8.  Use of personal devices and encrypted messaging apps: UK enforcement action on the horizon

With hybrid working arrangements now the norm for many firms, the risk of misconduct has been heightened by the increased use of personal devices and encrypted communication applications to exchange business-related information.

Towards the end of last year, US authorities reached settlements with a number of firms following a probe which was prompted by employees’ widespread use of unauthorised (and unmonitored) messaging applications.

The FCA was not far behind on this front. Just over a week after these US settlements were published, the FCA took enforcement action against a UK broker in relation to market abuse reporting failures. Although these points did not form part of its formal findings against the broker, the FCA observed that the broker had in place no policies or training which covered restrictions around the use of personal devices and encrypted messaging applications for business purposes. It also noted that a number of the broker’s employees had been using encrypted chat applications on their personal mobile devices to communicate with, and take orders from, clients when they were not authorised to do so.

We expect the FCA to focus on this topic over the coming months and years. Unlike the US authorities, we do not anticipate that the FCA will necessarily make use of personal devices and encrypted messaging apps the sole focus of enforcement cases. Rather, the FCA is more likely to make findings about this topic in the context of broader breaches. For example, we understand that the FCA has alighted upon the use of personal devices and encrypted messaging apps in several of its ongoing market abuse and market misconduct cases.

9. Standalone PRA enforcement investigations: more expected

The Prudential Regulation Authority (PRA) typically takes only a small number of enforcement actions against firms each year, significantly fewer than the FCA, largely because its powers are focused on fewer firms and fewer issues. In the past, the PRA has often conducted joint investigations with the FCA in cases that raised both prudential and conduct-related issues, sometimes resulting in both regulators bringing enforcement action on the same underlying facts.

This practice of both regulators taking action in relation to materially the same misconduct was criticised by the Upper Tribunal in its 2021 Forsyth decision. That criticism may result in fewer joint investigations and outcomes, although the regulators will maintain their right to conduct joint investigations in appropriate cases. In a recent striking case, albeit one that started before the Forsyth decision, the PRA and FCA imposed fines based on the same facts and for fundamentally the same breaches. The case appeared to involve a joint PRA and FCA investigation and identical press statements were issued by both regulators, saying that they had collectively fined the firm GBP48.6 million.

Notwithstanding this recent case, the PRA appears to be moving away from focusing on joint investigations with the FCA and has a growing appetite for conducting its own standalone investigations, such as some of its recent enforcement actions relating to liquidity and capital requirements reporting. We also see instances of the two regulators addressing the same misconduct from very different perspectives. In a recent case against a listed bank, the PRA focused on the bank’s regulatory reporting failings, while the FCA sanctioned the bank for related Listing Rule breaches. It will be interesting to observe, over the next couple of years, the extent to which we see further divergence between the two regulators in respect of the way in which they investigate the same or similar issues.

10.  A busy Upper Tribunal for 2023

The Upper Tribunal has never been quiet, issuing a steady stream of detailed judgments over the years covering a broad range of topics. However, it is about to get a lot busier. Since the start of 2022, firms and individuals have referred 66 disputed FCA enforcement cases to the Upper Tribunal (double the number that were referred in 2021). These cases cover a number of key topics, including conflicts of interest, crypto assets and listing requirements. Several cases will also require the Upper Tribunal to consider the legal test for an individual being “knowingly concerned” in a breach by their firm.

A number of these referrals are awaiting hearing dates. As a result, it is not clear how quickly judgments will be available, but we can expect a healthy pipeline of judgments over the next couple of years at least.

This article first appeared on Practical Law ( and is reproduced with the permission of the publishers.

Related blog topics