Beware the “data-led regulator”: the FCA publishes its Business Plan 2023/24

Beware the “data-led regulator”: the FCA publishes its Business Plan 2023/24

On 5th April 2023 the UK Financial Conduct Authority (“FCA”) published its Business Plan outlining its priorities for 2023/24. In this article we provide a summary of the key takeaways with implications for practice that are relevant to firms operating in the investments and payments sectors. 

The FCA is looking for an early opportunity to flex its Consumer Duty muscles

With the cost of living crisis showing no signs of abatement, the FCA is keen to use the entry into force of the Consumer Duty on 31st July 2023 as an opportunity to reduce consumers’ exposure to harm. To this end, the FCA states that it is:

  • planning major upgrades to its digital analytics tools to enable it to rapidly identify and react to indicators of harm, for example: misleading (including as to a product’s Environment, Social and Governance (“ESG”) credentials) or unauthorised financial promotions, related websites and social media accounts. Furthermore, this increased use of data and technology will compliment its new financial promotions gateway and extension of the regulatory perimeter to capture the marketing of crypto assets; 
  • investing in a dedicated Investigations team within its Enforcement Division that is intended to act as a rapid reaction force where there is an immediate threat of detriment to consumers; 
  • developing its strategy to identify firms that have failed, or are failing, to implement the Consumer Duty through the use of data; and
  • going to continue deploying its supervisory and enforcement powers, including under consumer protection legislation, to tackle “problem firms”.

Expect to be contacted about your prudential risk management and wind down planning  

The geopolitical uncertainty and associated periods of market volatility that characterise our time present both opportunities and risks to firms and their customers. In view of the fallout from the recent collapse of Silicon Valley Bank, the regulator is keen to ensure that firms are adequately capitalised to meet the latest threats to which they are exposed. Accordingly, the FCA has made embedding the Investment Firms Prudential Regime (“IFPR”) and, more generally*, an emphasis on sound prudential risk management and wind-down planning one of its key priorities for 2023-24. It follows that the FCA is planning to use the data it obtains from firms and other sources to identify those which could be failing to meet the Threshold Conditions much faster than has hitherto been the case. Using this information, the FCA said that it plans to swiftly cancel errant firms’ permissions, thereby “removing them from the regulated market”. This alone could force firms into insolvency. However, even if it doesn’t, the FCA has committed to use its own “powers more assertively to start relevant insolvency processes to reduce harm from firms.”      

* Firms in the payment sector will recall the FCA’s recent “Dear CEO Letter” (16th March 2023) in which prudential risk management and wind-down planning were cited as being among the regulator’s key supervisory priorities. The FCA’s expectations of payment sector firms in this regard substantially mirror those set out in the prudential regime for investment firms. 

The adequacy of your efforts to ensure operational resilience may be subjected to closer scrutiny 

Closely allied to the FCA’s expectations concerning financial resilience are those pertaining to firms’ resilience to disruptions caused by operational incidents including, but not limited to, cyber attacks. In 2021 the FCA published its final rules that were designed to improve certain firms’ operational resilience. Among the types of firm subject to these rules are:

  • PRA-designated investment firms;
  • Recognised Investment Exchanges;
  • enhanced scope Senior Managers and Certification Regime (“SMCR”) firms; and
  • entities authorised and registered under the Payment Services Regulations 2017 of Electronic Money Regulations 2011. 

By 31st March 2022, firms falling within these categories had to:

  • identify their important business services; 
  • set impact tolerances for maximum tolerable disruption; and
  • perform mapping and testing to a level of sophistication necessary to do so. 

As soon as possible after 31st March 2022, and by no later than 31st March 2025, these firms must have performed more robust mapping and testing to determine if they can stay within the impact tolerances they have set for their important business services. In its Business Plan 2023/24, the FCA states that it plans to assess how firms are staying within the impact tolerances they have set before the 31st March 2025 deadline. In addition, the FCA says that it plans to enhance the reporting that it receives from firms on operational incidents (what, when, how) as part of its efforts to “scale up” its efforts to “deal with firms who can’t meet [its] new standards on operational resilience”.  

Anticipate more intense market abuse supervision, particularly in the fixed income and commodity markets

Keen to promote a strong anti-market abuse culture, the FCA also plans to bring its arsenal of data capture and analytical tools to bear to aggressively “detect and prosecute fixed income market manipulation”. These tools will be complemented by the:

  • establishment of a dedicated team to examine the outputs of these tools; and
  • allocation of more resources to conduct enforcement action against miscreants in the fixed income and commodity markets. 

Given that the number of suspicious transaction and order reports (“STORs”) submitted by investment firms active in the fixed income and commodity markets has consistently lagged behind equity related reporting, it is perhaps unsurprising that the FCA has chosen to make increased supervision of operators in these markets one of its key initiatives for the upcoming year. If your firm is active in either of these markets, get ready to explain your market abuse risk assessment, trade and electronic communication surveillance system calibrations, alert handling and level of STOR submissions.  

More generally, the FCA has promised a “coordinated approach across the FCA on very high-risk firms where multiple regulatory failures, including market abuse, undermine market confidence.” Accordingly, firms that are “fighting many regulatory fires”, for example, because they are submitting inaccurate regulatory returns as a result of flawed prudential risk management processes, combined with weak anti-financial crime systems and controls, can expect to be on the receiving end of assertive action from the regulator, including possible exclusion from the market. 

Be prepared to demonstrate compliance with the new appointed representative (“AR”) regime 

Finally, if your firm acts as a principal to ARs you should be aware that the FCA has stated that it is going to test the effectiveness of arrangements firms have made to comply with the new AR regime


In this article we have reviewed elements of the FCA’s latest Business Plan 2023/24 which state or infer that positive action is expected to be taken by a firm’s senior management. Consequently, we have not sought to consider broader strategic initiatives that the FCA has planned to undertake, for example in relation to improving the competitiveness of the UK’s financial services sector. Nevertheless, the points considered in this article provide plenty of food for thought for business leaders as we head into the Easter break. If, when you return, you would like to discuss the implications of any of the topics raised in this article then please contact us


  1. Business Plan 2023/24. Financial Conduct Authority, available at: (last accessed 6th April 2023). 




Alexander Culley

Alexander Culley

Alexander Culley

Receive our latest insights straight to your inbox