In this publication and podcast series, we explore some of the core focus areas for UK-regulated financial services firms in the year ahead.

In 2024, we saw disruption to the regulatory reform agenda as the unexpected timing of the general election impacted work and publication schedules. Now that the reform agenda is back on track and aligned to the new government’s plans for growth, we are likely to see improved progress on existing reforms as well as fresh initiatives in the pursuit of growth during 2025.

There is doubtless a strong focus on retail markets under the new government, but the UK’s competitiveness as a place to do business remains vital as improvements to the UK’s wholesale markets continue. ESG and AI continue to dominate across the sector as rapidly evolving areas that profoundly impact the regulatory landscape.

The survey finds that most firms are using AI, but many only have a partial understanding of how the technology operates.

By Becky Critchley and Gary Whitehead

On 21 November 2024, the Bank of England (BoE) and FCA published a report setting out their findings from the AI and Machine Learning Survey 2024. In the context of the rapid adoption and integration of AI technologies across financial services, the regulators are keen to understand the opportunities and challenges that market

As regulatory thinking evolves, firms must ensure that any current or planned use of AI complies with regulatory expectations.

By Fiona M. Maclean, Becky Critchley, Gabriel Lakeman, Gary Whitehead, and Charlotte Collins

As financial services firms digest FS2/23, the joint Feedback Statement on Artificial Intelligence and Machine Learning issued by the FCA, Bank of England, and PRA (the regulators), and the UK government hosts the AI Safety Summit, we take stock of the government and the regulators’ thinking on AI to date, discuss what compliance considerations firms should be taking into account now, and look at what is coming next.

The FCA recently highlighted that we are reaching a tipping point whereby the UK government and sectoral regulators need to decide how to regulate and oversee the use of AI. Financial services firms will need to track developments closely to understand the impact they may have. However, the regulators have already set out how numerous areas of existing regulation are relevant to firms’ use of AI, so firms also need to ensure that any current use of AI is compliant with the existing regulatory framework.

A new publication from the UK’s financial regulator signals to firms that they should take steps to manage risks in the use of AI.

By Stuart Davis, Fiona M. Maclean, Gabriel Lakeman, and Imaan Nazir

The UK’s Financial Conduct Authority (FCA) has published its latest board minutes highlighting its increasing focus on artificial intelligence (AI), in which it “raised the question of how one could ‘foresee harm’ (under the new Consumer Duty), and also give customers appropriate disclosure, in the context of the operation of AI”. This publication indicates that AI continues to be a key area of attention within the FCA. It also demonstrates that the FCA believes its existing powers and rules already impose substantive requirements on regulated firms considering deploying AI in their services.

UK regulators are considering how they can strengthen the regime to enhance standards and reduce risk.

By Nicola Higgs and Charlotte Collins

On 3 December 2021, the FCA published a Consultation Paper (CP21/34) on changes to its rules regarding the Appointed Representatives (AR) regime. HM Treasury simultaneously published a Call for Evidence, seeking views on how market participants use the AR regime, how effectively the regime works in practice, potential challenges associated with the regime, and possible future legislative reforms.

The FCA’s proposed rule changes are wide-ranging and would significantly increase the compliance burden for firms that use ARs as part of their business model. Both papers will be of interest to businesses across all sectors that use, or may consider using, the AR framework.

An FCA report evaluates the chequered implementation of technology change and identifies risks and best practices to help firms better navigate this change.

By Andrew C. Moyle, Alain Traill, and Jagveen S. Tyndall

Of the nearly 1,000 “material incidents” reported to the UK’s Financial Conduct Authority (FCA) in 2019, 17% were caused by change-related activity. It was against this backdrop that, on 5 February 2021, the FCA set out the findings of its review entitled Implementing Technology Change regarding the execution of technology change within the financial services sector (the Report). While the Report focuses on the UK, its findings apply equally to financial services organisations implementing technology change across all geographies.

New resource developed following increased regulatory focus on outsourcing.

Latham & Watkins has partnered with the Association for Financial Markets in Europe (AFME) and law firms Matheson and BSP to develop: Outsourcing – Guidance on the Legal and Regulatory Framework, a pioneering resource examining the key European legislation, rules, and guidance for financial services firms to consider in relation to outsourcing.

In light of the plethora of legislative change and increasing regulatory focus on outsourcing in financial services, as well as the growing range of sources that need to be taken into account to ensure compliance in this area, the Paper is designed to provide compliance, legal, and risk teams within regulated firms with a single reference point of regulatory requirements. The resource also provides a number of practical tools to help firms effectively map out their processes and procedures for legal compliance.

Partners Nicola Higgs, Fiona Maclean, and Andrew Moyle and associates Anne Mainwaring, Jagveen Tyndall, Oscar Bjartell, Sean Wells, and Sidhartha Lal led a team of more than 25 lawyers from five Latham offices and local law firms Matheson (Ireland) and BSP (Luxembourg) to produce the Paper.

The new guidelines reflect the European Commission’s aim to provide additional certainty for regulated entities outsourcing to cloud services.

By Rob Moulton, Fiona M. Maclean, Becky Critchley and Anna Lewis-Martinez

On 3 June 2020, ESMA published a consultation paper on draft guidelines regarding outsourcing to cloud service providers.

The purpose of the proposed guidelines is to provide guidance on the outsourcing requirements applicable to firms where they outsource to cloud service providers. The draft guidelines are intended to help firms identify, address, and monitor the risks that may arise from their cloud outsourcing arrangements (from making the decision to outsource, selecting a cloud service provider, and monitoring outsourced activities, to providing for exit strategies).

ESMA, BaFin, and FCA have provided guidelines on firms’ obligation to record client telephone calls.

By Rob Moulton and Axel Schiemann

Remote working raises uncertainties in various regulated areas as it dramatically changes institutions’ day-to-day business. In particular, institutions are confronted with practical and technical difficulties regarding client-related requirements such as the obligation to tape telephone conversations with clients — which employees working remotely may not be able to do because they lack access to the necessary technical equipment. In order to address these practical difficulties, the European Securities and Markets Authority (ESMA), Germany’s Federal Financial Supervisory Authority (BaFin), and the UK’s Financial Conduct Authority (FCA) have published their regulatory approach with regard to the current situation.

UK Treasury Committee report warns that the current level and frequency of disruption and consumer harm is unacceptable.

By Carl Simon FernandesNicola Higgs, Fiona M. MacleanChristian F. McDermottRob Moulton, Andrew C. Moyle, Stuart Davis, and Charlotte Collins

On 28 October 2019, the Treasury Committee published a report on IT failures in the financial services sector. The report sets out the findings from the Treasury Committee’s inquiry, which was launched following a number of high-profile and significant IT incidents. (See Senior MP Calls for Regulatory Crackdown on Banks’ IT Systems: 3 Things You Can do to Prepare.) Rather than looking into specific failures, the inquiry looked more holistically at why such incidents are becoming more frequent, how firms should be guarding against and responding to these incidents, and the role of the regulators in preventing and mitigating the impact of these incidents through their rules.