The banking sector in the United Kingdom is dual regulated by the Prudential Regulation Authority (PRA), which is part of the Bank of England (BoE), the UK’s central bank, for prudential purposes and the Financial Conduct Authority (FCA), for conduct purposes. The Financial Policy Committee (FPC), which operates from within the BoE, acts as the macro-prudential regulator for the UK’s financial system.

The Financial Services and Markets Act 2000 (FSMA 2000), as amended, sets out the PRA’s and  FCA’s statutory objectives. The PRA has two primary objectives as the UK’s prudential regulator for deposit-takers, insurance companies and designated investment firms. It’s “general objective”, relevant to deposit-takers, is to promote the safety and soundness of the firms it regulates.

The PRA has two secondary objectives. The first is to act in a way that facilitates effective competition in the markets for services provided by the firms they regulate when they carry on regulated activities. The second (introduced by the Financial Services and Markets Act 2023 (FSMA 2023)) requires the PRA to facilitate, subject to aligning with the relevant international standards: (i) the international competitiveness of the UK economy (including the financial services sector through the contribution of PRA authorised persons); and (ii) its growth in the medium to long-term. This second objective also applies to the FCA. Competitiveness here in the new objective differs from the existing competition objective. Competitiveness is about the UK financial sector being competitive vis a vis the financial sectors of foreign countries/regulatory regimes (e.g. the EU). Whereas competition is about enabling consumers to have access to a range of financial services providers.

To advance its objectives, the PRA’s supervisory approach follows three key principles: it is (i) judgement-based; (ii) forward-looking; and (iii) focused on key risks.

FSMA 2023 has significantly expanded the PRA’s rule-making role, to replace functions which were largely carried out for the UK by European Union institutions prior to Brexit.

The FCA’s strategic objective is to ensure that the relevant markets function well. The FCA’s operational objectives are to:

• protect consumers from bad conduct (the ’consumer protection’ objective)
• protect the integrity of the UK financial system (the ’integrity’ objective); and
• promote effective competition in the interests of consumers (the ’competition’ objective).

The FPC’s primary responsibility is to protect and enhance the resilience of the UK’s financial system. This involves identifying, monitoring, and taking action to reduce systemic risks. Its secondary objective is to support the economic policy of the UK Government. In contrast to the PRA, which looks at the safety and soundness of individual institutions, the FPC works to ensure the UK financial system, as a whole, is safe and sound.

In June 2022, the House of Commons Treasury Committee announced the creation of the Sub-Committee on Financial Services Regulation, which now acts to scrutinise newly proposed draft financial services regulations put forward by the FCA, PRA, the BoE and the Payment Systems Regulator.

Under FSMA 2000 (as amended), it is a criminal offence for a person to carry on a ‘regulated activity’ in the United Kingdom, unless authorised to do so, or exempt from the authorisation requirement (known as the “general prohibition”). Regulated activities are defined in secondary legislation, including the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO).

Accepting deposits is a regulated activity under the RAO, and firms cannot call themselves a ‘bank’ until they are authorised with permission to carry out this activity.

Yes. As set out above, a bank must be authorised to accept deposits as a credit institution. However, banks may also wish to carry out a range of other regulated activities, each of which will require additional permissions. For example, firms authorised for deposit-taking will require further permission to offer: (i) mortgages; (ii) consumer credit; (iii) insurance mediation and (iv) investment services.

A firm which is already authorised by the FCA and/or PRA for certain activities must apply for variation of permission if it wishes to change the activities it carries out.

As a general rule, an authorised entity requires permission for each regulated activity it carries on. How-ever, banks with a Part 4A permission to accept deposits can provide payment services without the need for further authorisation.

Payment service providers (including credit institutions) must comply with the conduct of business requirements of the Payment Services Regulations 2017, to the extent they provide payment services.

Yes. The FCA has established a Regulatory Sandbox (Sandbox) to test innovative propositions in the UK financial services market with consumers. The Sandbox is open year-round for applications from authorised firms, unauthorised firms that require authorisation, and technology businesses seeking to deliver innovation in the UK financial services market to UK consumers or firms. The Sandbox gives firms: (i) the ability to test products and services in a controlled environment; (ii) the opportunity to find out whether a business model is attractive to consumers, or how a particular technology works in the market; (iii) a reduced time to market at a potentially lower cost; and (iv) support in identifying consumer protection safeguards that can be built into new products and services. Tests are expected to have a clear objective and a clear positive impact on consumers.

In January 2024, the UK passed new regulations under FSMA 2023 creating a Digital Services Sandbox (DSS). The DSS is the first financial market infrastructure sandbox to be established under powers granted by FSMA 2023 and will enable firms and regulators to test the use of developing technologies, such as distributed ledger technology (DLT).

In October 2023, HM Treasury published its final proposals on the UK’s future financial services regulatory regime for cryptoassets. This was closely followed by the publication of FCA and BoE discussion papers on their proposed rules to implement Phase 1 of the regime (applicable to fiat-backed stablecoins). Implementation of Phase 1 has now begun through the introduction of measures in FSMA 2023. Phase 2 will cover a wider range of cryptoassets.

HM Treasury has confirmed that it plans to create a regulated activity under the RAO for the issuance and custody of fiat-backed stablecoins in or from the UK, which will apply to all issuers of fiat-backed stablecoins located within the UK. FCA rules will specify the requirements for: (i) backing assets for fiat-backed stablecoins issued under this activity; and (ii) redemption rights and capital requirements (amongst other things). It is not proposed that issuance of other cryptoassets would be a regulated activity. However the admittance of cryptoassets to a cryptoasset trading venue would be regulated, and public offers of cryptoassets that are not security tokens would also be a designated activity. HM Treasury also intends to pass legislation defining a new regulated activity for custody of cryptoassets covering: (i) safeguarding; (ii) safeguarding and administration; or (iii) the arranging of safeguarding and administration of cryptoassets. The regime will be based on existing frameworks for traditional finance custodians, but with certain modifications to accommodate unique cryptoasset features, and will put in place new provisions where appropriate.

HM Treasury plans to bring forward secondary legislation in 2024 in relation to the above, and much of the detail will be contained in rules implemented by the UK regulators. Follow on consultation papers from the FCA and BoE on the stablecoins regime are expected around H2 2024.

Since January 2020, businesses that use cryptoassets have been subject to increasingly stringent anti-money laundering obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (Money Laundering Regulations). Cryptoasset businesses within the scope of the Money Laundering Regulations must register with the FCA. If the FCA determines that an applicant lacks the necessary systems and controls to comply with the Money Laundering Regulations, it will refuse registration. Carrying on business without the necessary registration is a breach of the Money Laundering Regulations and a criminal offence.

HM Treasury has reiterated that there will be no automatic authorisation under FSMA 2000 for cryptoasset service providers currently registered with the FCA under the Money Laundering Regulations once the new cryptoassets regulatory regime comes into force. However, it is unclear as to whether there will be a transitional authorisation regime for existing providers.

The UK has also expanded its financial promotions regime to include restrictions covering “qualifying cryptoassets”. This came into effect on 8 October 2023 and means that financial promotion relating to  qualifying cryptoassets can only be communicated: (i) by an FCA firm; (ii) by an unauthorised firm where the communication is approved by an authorised firm; or (iii) where an exemption applies. This applies to firms’ communications relating to dealing, arranging, managing, or advising in relation to qualifying cryptoassets, which are made in the course of business to UK consumers, even if the firm is based overseas, and regardless of what technology is used to make the promotion.

Most recently, on 6 March 2024, HM Treasury announced a consultation into the UK’s implementation of the Organisation for Economic Co-operation and Development’s Cryptoasset Reporting Framework and Amendments to the Common Reporting Standard package, announced by the government in an International Joint Statement on 10 November 2023.

How gains or losses on cryptocurrencies made by UK tax resident individuals are taxed will depend on the precise facts. In many cases, capital gains tax will apply, but this is not always the case, especially if the individual is determined to be trading in them.

Most cryptoassets do not qualify as deposits, but concepts, terms, potential forms and use cases for tokenisation are still evolving. The PRA wrote to the CEOs of banks in November 2023 and noted that it was aware of market participants exploring the possibility of tokenised deposit arrangements, in which the token representing the deposit claim is a transferable liability of the issuing deposit-taker and where, in payment transactions that involve a transfer of the token between individuals, the recipient becomes a customer of the issuing deposit-taker. The PRA stated that, where a deposit-taker intends to innovate in the way that it takes deposits from retail customers (e.g., by taking tokenised deposits), it expects this to be done in a way that meets the PRA’s rules for eligibility for depositor protection under the Financial Services Compensation Scheme (FSCS).

On 16 December 2022, the Basel Committee on Banking Supervision (Basel Committee) published the final version of its ‘Prudential treatment of cryptoassets exposures’, to be implemented by 1 January 2025 (Standard). This Standard is set out in a new chapter of the consolidated Basel framework, SCO60.

The Standard: (i) outlines the risk exposures relating to digital securities, stablecoins and cryptocurrencies; (ii) sets out the capital requirements that will apply to banks’ holdings of cryptoassets, including stablecoins; and (iii) provides that unbacked cryptoassets with ineffective stabilisation mechanisms will be subject to conservative prudential treatment.

The Standard requires banks to classify cryptoassets on a continuous basis into two groups:

• group 1 cryptoassets, which meet a set of classification conditions in full; and
• group 2 cryptoassets, which are those assets that fail to meet any one of the classification conditions for Group 1 cryptoassets.

Group 1 cryptoassets include tokenised traditional assets (Group 1a) and cryptoassets with effective stabilisation mechanisms (Group 1b). These cryptoassets are subject to capital requirements based on the risk weights of underlying exposures, as set out in the existing Basel Framework. Group 2 cryptoassets are deemed to pose additional and higher risks than Group 1 cryptoassets and are subject to a newly prescribed capital treatment. Group 2 cryptoassets include tokenised traditional assets and stablecoins that do not meet the classification conditions, and all unbacked cryptoassets. A set of hedging recognition criteria is used to identify those Group 2 cryptoassets where a limited degree of hedging is permitted (Group 2a) and those where hedging is not recognised (Group 2b).

Key elements of the Standard include the following:

• A 1250% risk weighting for Group 2b unhedged cryptocurrency exposures applied to the greater of the absolute value of the aggregate long positions and the absolute value of the aggregate short positions in the cryptoasset.
• An add-on to risk-weighted assets to cover infrastructure risk for all Group 1 cryptoassets that can be activated based on any observed weaknesses.
• A limit on banks’ total exposure to Group 2 cryptoassets, which must not exceed 2% of a bank’s Tier 1 capital and should generally be lower than 1%. Banks breaching the 1% limit will be required to apply the more conservative Group 2b capital treatment to the amount by which the limit is exceeded. Breaching the 2% limit will result in the whole of Group 2 exposures being subject to Group 2b capital treatment.

In October 2023, the Basel Committee published a consultation document on the disclosure of cryptoasset exposures which is based on the disclosure requirements contained in the Standard published in December 2022. The document proposes a standardised disclosure table and set of templates for banks’ cryptoassets exposures, with a proposed implementation date of 1 January 2025. The Basel Committee expects that the use of common disclosure templates for banks’ cryptoasset exposures will support the exercise of market discipline and contribute to reducing information asymmetry amongst banks and market participants.

On 14 December 2023, the Basel Committee issued a further consultative document setting out proposed amendments to the Standard relating to banks’ exposures to stablecoins. Amongst other things, the proposed amendments change the requirements that determine whether banks can include the stablecoins to which they are exposed in the Group 1b category. The deadline for comments on the consultative document is 28 March 2024.

Whilst the Standard is yet to be formally implemented in the UK, both the PRA and banks operating in the UK market are already alive to its impact.

Part 4A of FSMA 2000 sets out the main requirements.

Applications, by way of detailed forms, must be made to the PRA, for permission to accept deposits (a ‘banking licence’). Although the PRA manages a single administrative process, the FCA will also assess the applicant firm from a conduct perspective. Authorisation is granted only when both regulators are satisfied that the Threshold Conditions (i.e., the minimum standards that all firms need to meet at authorisation and on an ongoing basis) have been met, together with ongoing capital and liquidity requirements.

In addition to the basic new bank application forms, an applicant must provide certain supporting documents, in particular, a Regulatory Business Plan (RBP). The RBP is the key document describing a firm’s business proposition, including how their business model will achieve viability and sustainability, as well as the following information (this is not an exhaustive list, and the content will vary by firm):

• ownership of the bank;
• business strategy;
• financial resources;
• non-financial resources;
• management structure;
• responsibilities;
• controls, risk management and governance arrangements; and
• significant additional detail about the bank’s: policies; capital; liquidity; financial projections; IT systems and processes; compliance; internal audit; operational resilience; outsourcing arrangements; senior managers; customer journey and owners and influencers.

Any prospective bank planning to apply for a deposit-taking permission should engage with the PRA prior to submitting their application. Whilst this pre-application engagement with the PRA and FCA is optional, it is strongly encouraged. The pre-application stage comprises several meetings (initial, feedback and technical challenge) where firms can engage with the regulators to develop their proposition and prepare their formal application. The pace at which a firm progresses through the pre-application stage will vary depending on the nature of the proposition. However firms should be aware that applying to become a bank is extremely complex and therefore, will require significant time investment prior to submitting an application.

Once an application has been submitted, firms should start developing their operational capabilities.

Firms other than deposit-taking institutions (which in practice includes some investment banks) usually apply only to the FCA, as the PRA’s jurisdiction is limited to deposit-taking banks and certain designated investment firms, classified by the PRA as being of systemic importance.

The PRA and FCA must make their decision within a statutory six months of receipt of a completed application. Where an application is deemed incomplete, this deadline is extended to twelve months. The PRA and FCA are expected to be in communication with the applicant throughout the application process.

If the regulators grant permission, each can impose such requirements or limitations on that permission as it considers appropriate. Once an application is approved, the new bank’s details will be shown on the Financial Services Register from the date of authorisation.

An applicant for a banking licence must pay a non-refundable application fee, which varies according to the type of banking business to be carried on. Once authorised, UK banks must pay an annual licensing fee to the PRA or FCA, based on several factors, including annual income and types of banking business.

Once a bank is authorised, it can choose to enter an optional mobilisation stage, during which time it will operate with deposit restrictions whilst completing its set up, before starting to trade fully. The PRA have indicated that mobilisation should take no longer than 12 months.

Firms interested in, or currently applying for, authorisation as a bank, can seek support from the New Bank Start-up Unit, a joint initiative between the FCA and PRA.

International banks headquartered outside of the UK may operate in the UK through a branch, a subsidiary or both, but must be authorised by the PRA to do so (with the consent of the FCA) and will be dual-regulated by the PRA and FCA. A branch of an international bank forms part of a legal entity incorporated and authorised outside of the UK, whereas a subsidiary is a separate legal entity and will therefore be subject to the same supervisory framework for firms which are based in the UK. This includes the PRA Threshold Conditions for banks, one of which states that a UK incorporated body must maintain its head offices and, if one exists, its registered office in the UK. For subsidiaries, the FCA’s Threshold Conditions and conduct of business rules also apply, in addition to PRA Threshold Conditions and rules, including in areas such as anti-money laundering.

It is possible that in some situations a bank or other financial institution based outside of the UK and having no presence in the UK may be able to offer certain services to UK persons without authorisation from the FCA and/or PRA. However, this will depend on the activities it seeks to undertake and the types of clients it seeks to engage.

Prior to the UK’s exit from the EU, if an entity was already authorised as a bank elsewhere in the European Economic Area (EEA) it could ‘passport’ into the UK directly, without applying for authorisation from UK regulators. Post Brexit transitional arrangements are now in place. From January 2021, EU law ceased to apply in the UK and the ‘passporting’ of financial services between the UK and the EU is no longer applicable. Consequently, the Temporary Permissions Regime (TPR) was introduced, to allow financial firms to operate in the UK without FCA authorisation, whilst they applied for full FCA approval. The TPR has now ended, but there are arrangements that remain in place to enable some EEA firms to wind down their UK business in an orderly manner within the financial services contracts regime (FSCR). The FSCR enables EEA firms that previously passported into the UK and that did not enter the TPR, or left the TPR without being authorised or registered in the UK, to wind down their UK business in an orderly fashion.

The PRA requires a deposit- taker to be either a body corporate or a partnership. UK-headquartered banks are generally UK public limited companies or private limited companies.

The PRA Rulebook and FCA Handbook contain provisions regarding organisational requirements which have been inherited from the UK’s implementation of the Capital Requirements Objective IV (CRD IV) and MiFID II. Of particular note, is the General Organisational Requirements for CRR firms in the PRA Rulebook.

The organisation of a bank should be established by the board, which also has ultimate responsibility for organisational structure. Organisational systems should be proportionate to the nature, scale and complexity of a bank’s business. A bank must have:

• Decision-making procedures and an organisational structure that clearly specifies and documents reporting lines and allocates functions and responsibilities.
• Adequate internal control mechanisms to secure compliance with decisions and procedures at all levels of the bank.
• Effective internal reporting and communication of information at all levels.
• Appropriate and effective whistleblowing arrangements.

Banks should segregate the duties of individuals and departments to reduce opportunities for financial crime, unauthorised sharing of information and contravention of regulatory requirements and standards. For example, front-office, middle-office and back-office duties should be segregated to prevent a single individual initiating, processing and controlling transactions. Responsibility should also be segregated in a manner that supports the bank’s compliance obligations on confidentiality, conflicts of interest, remuneration structures and prevention of market abuse.

Corporate governance determines the allocation of authority and responsibilities by which the business and affairs of a bank are carried out by its board and senior management, including how they:

• set the bank’s strategy and objectives;
• select and oversee personnel;
• operate the bank’s business on a day-to-day basis;
• protect the interests of depositors, meet shareholder obligations, and take into account the interests of other recognised stakeholders;
• align corporate culture, corporate activities and behaviour with the expectation that the bank will operate in a safe and sound manner, with integrity and in compliance with applicable laws and regulations; and
• establish control functions.

Yes. The PRA has issued Supervisory Statement 2/17 setting out the expectations for firms in relation to the following:

• proportionality;
• material risk takers (MRTs)
• application of clawback to variable remuneration;
• governing body/remuneration committees;
• risk management and control functions;
• remuneration and capital;
• risk adjustment (including long-term incentive plans);
• personal investment strategies;
• remuneration structures (including guaranteed variable remuneration, buy-outs and retention awards);
• deferral of variable remuneration;
• payment of variable remuneration in shares or other non-cash instruments; and
• breaches of the remuneration rules.

The Supervisory Statement should be read together with the rules contained in the Remuneration Part of the PRA Rulebook. This ensures banks adopt remuneration policies that are consistent with and promote sound risk management, eliminating incentives towards excessive risk-taking, and aligning employee incentives with the longer-term interests of the business.

In a joint Policy Statement issued in October 2023, the PRA and FCA implemented changes to their rules which removed the cap on bonuses that can be paid to material risk takers at banks (as well as other financial institutions).  This followed their joint consultation published in December 2022 (PRA CP15/22 and FCA CP22/28). The changes took effect from 31 October 2023 and apply to a firm’s performance year ongoing at that date and to future performance years. Banks must still, however, continue to set an appropriate ratio between the fixed and variable components of total remuneration and ensure that the fixed and variable components remain appropriately balanced.

Many of the Basel III standards have been implemented in the UK through EU legislation that was onshored as part of the UK’s exit from the EU on 31 December 2020, and subsequent work by the PRA, including through new rules and policy material relating to the ‘Implementation of Basel standards: Final rules’ in Policy Statement 22/21 and ‘The UK leverage ratio framework’ in Policy Statement 21/21.

The elements of Basel III that have already been implemented primarily focus on increasing the quantity and quality of capital maintained by firms and requirements for leverage and liquidity. The remaining elements of the Basel III standards are sometimes referred to as Basel 3.1, and mainly cover the last elements of the prudential reforms – the measurement of risk-weighted assets. The Financial Services Act 2021 received Royal Assent on 29 April 2021 and, among other things, introduced reforms to update the UK’s prudential regime, in line with the outstanding elements of Basel III and Basel 3.1. In September 2023, the PRA announced that it was delaying the implementation date of Basel 3.1 to 1 July 2025. However, it also announced that it was reducing the transitional period to four and a half years, to ensure full implementation by 1 January 2030.

In terms of deviations, in PRA Consultation Paper 16/22 ‘Implementation of the Basel 3.1 standards’ (CP16/22) the PRA stated that whilst it was proposing limited adjustments, it considered that, overall, its proposals adhered to international standards. It also noted that the European Commission’s proposals on Basel 3.1 included a number of deviations, and if adopted would likely make the EU an international outlier, particularly in its approach to the implementation of the output floor.

On 12 December 2023, the PRA published the first of two near-final policy statements covering the implementation of the Basel 3.1 standards for market risk, credit valuation adjustment risk, counterparty credit risk and operational risk. A further Policy Statement is expected in Q2 2024.

The PRA is also developing a simpler prudential regime for small banks and building societies which it has called the ‘strong and simple prudential framework’. Firms meeting the proposed simpler-regime criteria may opt to meet the proposed Basel 3.1 requirements or choose to enter a transitional capital regime which will be based on the onshored Capital Requirements Regulation. The transitional capital regime will run for an interim period between the proposed implementation date for the Basel 3.1 standards and the future implementation date for a permanent risk-based capital regime for simpler-regime firms.

PRA Supervisory Statement 45/15 provides guidance on the UK leverage ratio capital requirements and buffers for firms in scope of the leverage ratio capital requirement. It also sets out the PRA’s expectation as to how other firms will manage their risk of excessive leverage. The Supervisory Statement should be read alongside the Leverage Ratio – Capital Requirements and Buffers, Leverage Ratio (CRR), Disclosure (CRR), Reporting (CRR) and Internal Capital Adequacy Assessment parts of the PRA Rulebook.

Effective as of 1 January 2022, the PRA implemented most of the changes to the calculation of the leverage exposure measure (LEM) that were made to international standards in the process of finalising Basel 3.1. However, some of the changes to the international standards were not implemented at the time. In CP16/22 whilst not proposing new policy with respect to the leverage framework the PRA proposed certain changes to the treatment of off-balance sheet items and the standardised approach to counterparty credit risk. The PRA will finalise these in its Policy Statement to be published in Q2 2024.

The minimum leverage ratio capital requirement, which must be met at all times, is 3.25% of the LEM. The LEM excludes assets constituting claims on central banks, where they are matched by liabilities, denominated in the same currency and of identical or longer maturity. Mirroring the risk-weighted capital framework, three quarters of this requirement must be met with Common Equity Tier 1 (CET1) capital instruments. The requirement must otherwise be met with Tier 1 capital, but additional Tier 1 capital must have a conversion trigger in relation to a firm’s risk-weighted CET1 ratio of at least 7% in order to count towards the leverage ratio minimum.

Firms in scope of the leverage ratio minimum capital requirement are subject to buffers in addition to this minimum.

Firms that are not in scope of the leverage ratio requirement are nevertheless expected to manage their leverage risk so that their leverage ratio – to be calculated based on the same rules as the in-scope firms does not ordinarily fall below 3.25%.

The UK has implemented the Liquidity Coverage Ratio (LCR) regime and is aligned with the CRR requirement that banks should have enough high-quality liquid assets (HQLAs) in their liquidity buffer to cover the difference between the expected cash outflows and the expected capped cash inflows over a 30-day stressed period. While in normal times the ratio requirement that banks have to meet is 100%, banks may draw down their HQLAs even if it may mean that their LCR declines below 100% in stress.

The PRA has implemented the Net Stable Funding Ratio (NSFR) standard into the PRA rules. The NSFR requires banks to limit reliance on short-term funding by requiring them to have sufficient stable funding to cover assets and off balancesheet activities that require funding over the next twelve months. The PRA further transferred the LCR standard into the PRA rules. The Basel 3.1 standards do not make amendments to either liquidity standard. For small banks and building societies that will come under the new ‘strong and simple prudential framework’ the PRA has set out new requirements concerning liquidity and the NSFR in Policy Statement 15/23. This includes the introduction of a new Retail Deposit Ratio which would be used to measure firms’ usage of retail funding.

Yes. The PRA rules require that banks disclose their annual report and accounts and, among the key indicators, their return on assets, calculated as their net profit divided by their total balance sheet. An “annual report and annual accounts” has the meaning as defined in section 471 of the Companies Act 2006 (Companies Act) together with an auditor’s report prepared in relation to those accounts under sections 495 to 497A of the Companies Act. The need for interim reporting will apply to public companies that are subject to the disclosure rules of a stock exchange and typically on the London market will require semi-annual reporting if there is no US market aspect.

Yes. Consolidated supervision in the UK is generally derived from onshored CRR and CRD IV. For example, Article 21a of the Capital Requirements Directive V (CRD V) set new requirements for holding companies to seek supervisory approval and be subject to consolidated or sub-consolidated supervision. The deadline for implementing the CRD V was before the end of the UK’s Brexit transition period and there the UK implemented the requirements via the Financial Holding Companies (Approval etc.) and Capital Requirements (Capital Buffers and Macro-prudential Measures) (Amendment) (EU Exit) Regulations 2020.

Consolidated supervision enables prudential supervision of a bank by assessing the overall strength of a banking group together with an assessment of the impact on a bank of the operations of other parts of the group to which it belongs. Following the CRR regime, calculations are required of group capital requirements and resources and reporting is made at both group and entity level.

Part 12 of FSMA 2000 (as amended) implements the requirements of the EU’s Acquisitions Directive (2007/44/EC) into English law. A person intending to acquire or increase ‘control’ over the shares or voting power of a UK-authorised bank or its parent undertaking above 10 per cent, 20 per cent, 30 per cent or 50 per cent must notify and obtain consent from the PRA prior to acquiring or increasing control. Failure to do so is a criminal offence. The PRA must consult the FCA before reaching a decision on whether to approve a proposed change of control.

Change of control forms are detailed and require disclosure of information about the ultimate beneficial owner of the proposed acquisition.

A person wishing to decrease control of the shares or voting power in a UK-authorised bank or its parent undertaking below 50 per cent, 30 per cent, 20 per cent or 10 per cent, must notify the regulator of the intention to do so. Failure to notify is an offence. There is no requirement for regulatory consent to the reduction of control.

The PRA has 60 business days from receipt of the application to approve the acquisition or increase of control (with or without conditions), or to object. This period may be interrupted once by up to 20 business days in cases where the PRA requires further information.

The Acquisitions Directive was supplemented with Level 3 Guidelines published by the Committee of European Banking Supervisors, the Committee of European Insurance and Occupational Pensions Supervisors and the Committee of European Securities Regulators (together, the Level 3 Committees). The Level 3 Guidelines updated on 1 October 2017 contain guidance on general concepts such as the meaning of the term ‘acting in concert’ and the process for determining acquisitions of indirect holdings.

On 21 November 2023, the PRA and FCA issued Consultation Paper 23/23 setting out proposals to replace the EU guidelines with a new PRA Supervisory Statement and FCA guidance. The proposed new Supervisory Statement and FCA guidance would largely replicate the EU guidelines, although there would be some rephasing, simplification, and changes to align with the UK approach. The consultation closed on 23 February 2024.

When considering whether or not to grant approval, the PRA considers the suitability of the person, having regard to their likely influence over the bank. This will involve considering the following statutory items:

• the reputation of the section 178 notice-giver;
• the reputation and experience of any person who will direct the business of the UK authorised person as a result of the proposed acquisition;
• the financial soundness of the section 178 notice-giver, in particular in relation to the type of business that the UK authorised person pursues or envisages pursuing;
• whether the UK authorised person will be able to comply with its prudential requirements (including the threshold conditions in relation to all of the regulated activities for which it has or will have permission);
• if the UK authorised person is to become part of a group as a result of the acquisition, whether that group has a structure which makes it possible to—
  • exercise effective supervision;
  • exchange information among regulators; and
  • determine the allocation of responsibility among regulators; and
• whether there are reasonable grounds to suspect that in connection with the proposed acquisition money laundering or terrorist financing is being or has been committed or attempted; or the risk of such activity could increase.

Following the invasion of Ukraine by Russia, amendments to the Russia (Sanctions) (EU Exit) Regulations 2019 were made in respect to financial institutions and investment. On 14 December 2023, the UK Government introduced two further regulations (The Russia (Sanctions) (EU Exit) (Amendment) (No. 4) Regulations 2023 and The Russia (Sanctions) (EU Exit) (Amendment) (No. 5) Regulations 2023) to impose further restrictions that the UK Government considers could support Russia’s war against Ukraine. The amendments came into force in December 2023. It is prohibited for a person to deal with a transferable security or money market instrument if it has a maturity exceeding 30 days, and was issued on or after 1 March 2022 by:

• an entity incorporated or constituted under the law of the UK and owned by one or more of the entities listed in Schedule 2; or
• an entity acting on behalf or at the direction of the above.

It is further prohibited for a person to directly or indirectly, deal with a transferable security or money market instrument if it was issued:

• on or after 15 December 2022;
• by a relevant entity (i.e., a person who is not connected with Russia); and.
• for the purposes of making an investment in relation to Russia.

Financial services are prohibited from providing financial services for the purpose of foreign reserve and asset management to the following:

• the Central Bank of the Russian Federation;
• the National Wealth Fund of the Russian Federation;
• the Ministry of Finance of the Russian Federation;
• a person owned or controlled directly or indirectly by any of the persons above; or
• a person acting on behalf or at the direction of any of the persons above.

Prospective bank investors located in a non-Financial Action Force compliant jurisdiction are likely to have difficulty getting approval from the PRA on the basis that money laundering and terrorist financing risk is on the mandatory assessment criteria under FSMA change in control regime.

Certain parts of UK regulation (for example in relation to total loss-absorbing capacity (TLAC)) deal specifically with globally systemically important banks which are subject to enhanced supervisory and recovery and resolution planning requirements.

This will depend on the nature of the breach, but sanctions range from reprimands, to fines, to suspension of loss of a banking licence. There are also criminal sanctions for certain violations (e.g., in relation to change of control).

The current resolution regime is set out in the UK’s Banking Act 2009 (Banking Act) which provides for resolution and recovery measures and has been amended to reflect the requirements of the Bank Recovery and Resolution Directive. The PRA has also set out rules in the Recovery Planning Part of the PRA Rulebook and has set out its expectations in Supervisory Statements 9/17 and 19/13 on ‘Recovery Planning’. The PRA uses the Resolvability Assessment Framework to assess whether banks operating in the UK are prepared for resolution.

The Banking Act introduced a special resolution regime with stabilisation options, insolvency procedures and administration procedures. Resolution takes place if a bank is failing, or likely to fail, and it is not reasonably likely that action will be taken that will result in a change to this. As part of the powers granted to the BoE under the Banking Act, the BoE has bail-in powers to write down and covert capital into full equity.

The UK government does not insure bank deposits. The UK offers protection of deposits held with UK authorised banks of up to £85,000 per person per firm and up to £170,000 for joint accounts, administered by the FSCS. This body is responsible for ensuring that compensation is paid to insured depositors and other eligible claimants to cover amounts due from failed banks and in other appropriate cases. The FSCS is free to consumers. Banks are required to develop and maintain a method of identifying all depositors who would be eligible if the bank in question were to fail. The FSCS is independent from, but accountable to, both the FCA and the PRA.

In terms of PRA rules, these are set out in the Depositor Protection Part of the PRA Rulebook. Further guidance is set out in Supervisory Statement 18/15 on ‘Depositor and formant account protection’, PRA Supervisory Statement of Policy on ‘Deposit Guarantee Schemes’ and PRA Statement of Policy on ‘Calculating Risk-Based Levies for the FSCS deposits class’.

The FCA also has extensive rules on client asset protection which apply to firms holding client assets. These rules require client assets to be segregated and reconciled within set time periods.

Yes, the Banking Act does provide for a bail-in tool although to date the BoE has not used it. Bail-in involves shareholders of a failing institution being divested of their shares, and creditors of the institution having their claims cancelled or reduced to the extent necessary, to restore the institution to financial viability. The shares can then be transferred to affected creditors, as appropriate, to provide compensation. Alternatively, where a suitable purchaser is identified, the shares may be transferred to them, with the creditors instead receiving, where appropriate, compensation in some other form.

Certain arrangements are subject to safeguard provisions to protect netting and set-off.

The Banking Act excludes a range of liabilities. These excluded liabilities are listed in section 48B of the Banking Act.

A “protected deposit” is defined in section 48C, as one which is covered by the FSCS, or equivalent deposit guarantee scheme, up to the coverage limit of that scheme.

Ahead of any resolution action, the authorities will undertake an assessment to determine whether the conditions for a firm to be placed into resolution are met. The four general conditions which must be satisfied are contained in section 7 of the Banking Act. Where a resolution tool like bail-in is used to stabilise a bank, the BoE may provide liquidity temporarily if the bank’s own liquid resources are insufficient. The BoE’s ‘Approach to Resolution’ (the so-called Purple Book) further describes the BoE’s approach to providing liquidity in resolution. In addition, the BoE guide ‘Executing bail-in: an operational guide from the BoE sets out practical information on the ways in which it might execute a bail-in resolution and the operational processes and arrangements that may be involved.

Yes. TLAC is an international standard intended to ensure that globally systemically important banks have enough equity and bail-in debt to pass losses to investors and minimise the risk of a government bailout. The BoE has adopted the EU’s minimum requirement for own funds and eligible liabilities (MREL) framework set out in the CRR to implement the Financial Stability Board’s TLAC standard. The UK’s MREL requirements apply to credit institutions and investment firms. Mortgage credit institutions are exempt from MREL obligations. More stringent MREL requirements are placed on UK-headquartered banking groups that have been designated as global systemically important banks or domestic systemically important banks.

HM Treasury and the PRA intend to delete provisions in the onshored CRR relating to TLAC and transfer them to the PRA Rulebook and to other materials. The November 2023 Financial Initiatives Grid indicates that HM Treasury and the PRA intend to consult on this initiative in Q3 2024.

An appropriate and effective regulatory framework for cryptoassets remains of key focus for 2024. HM Treasury has set out its final proposals for the UK’s future financial services regulatory regime for cryptoassets, confirming its intention to bring a number of crypto activities into the regulatory perimeter for the first time. The proposals, published on 30 October 2023, are outlined in HM Treasury’s response to its February 2023 consultation and call for evidence on the topic, its response to the May 2022 consultation on managing the failure of systemic digital settlement asset (including stablecoin) firms, and a policy paper which provides an update on plans for the regulation of fiat-backed stablecoins. The legislation to facilitate the bringing of stablecoins and cryptoassets into financial services regulation, FSMA 2023, received Royal Assent on 29 June 2023.

A week after HM Treasury’s final proposals were published, on 6 November 2023, the FCA published its discussion paper DP23/4 on ‘Regulating cryptoassets Phase 1: Stablecoins’ and the BoE also issued a discussion paper on its proposed ‘Regulatory regime for operators of systemic payment systems using stablecoins and related service providers’. Both papers closed for feedback on 6 February 2024.

HM Treasury proposed to regulate cryptoasset-related activities within the existing UK regulatory framework, rather than creating an entirely standalone regime. This would be done via amendments to FSMA 2000, the RAO, the Financial Services and Markets Act 2000 (Financial Promotions) Order 2005, and the FCA Handbook. Some provisions may also be introduced through the new Designated Activities Regime (DAR).

We expect these changes to be realised over the course of 2024.

2023 saw some key developments in the ESG disclosure landscape and a continuing focus for the regulators.

The FCA published Policy Statement 23/16 on 28 November 2023 introducing new rules around “greenwashing”, sustainability disclosure requirements and investment labels and rules around the use of certain sustainability related terms. Whilst PS23/16 is a focus primarily for asset managers, this Policy Statement explained that the FCA advocates international corporate reporting standards and referenced the launch of the International Sustainability Standards Board’s first sustainability-related reporting standards in June 2023. These international standards were used as a reference point for financial institutions, and the FCA intends to consult on updating its Taskforce on Climate-Related Financial Disclosures to reference these standards. It is also expected to form the basis for a new set of rules for listed companies, which will most likely be developed over the course of 2024. In January 2024, the PRA wrote to UK deposit-takers and international banks setting out its priorities for 2024. There was a key emphasis for firms to develop and embed their climate-related financial risk management capabilities into their decision-making processes.

Diversity and inclusion also remain a continuing theme with the PRA and FCA. On 25 September 2023, the FCA (CP 23/20) and PRA (CP 18/23) published separate consultation papers on diversity and inclusion in financial services. These proposals will require firms to have clear strategies and action plans in place to address underrepresentation.

Financial crime continues to threaten the UK economy, and there is an increasing focus from regulators including the FCA, PRA and the UK Government (most recently in their Economic Plan 2 (2023-2026) and Fraud Strategy) on the threat posed by fraud. The new ‘failure to prevent fraud’ offence introduced as part of the Economic Crime and Corporate Transparency Act 2023, also forms part of broad reforms into the UK Government’s fight against fraud and financial crime.

On 8 February 2024, the FCA published an update on its progress in tackling financial crime, which identified four areas of focus for the coming year, one of which was fraud. The FCA notes that it has continued to invest in fraud prevention strategies, including working alongside the Payment Systems Regulator to support the mandatory reimbursement requirement for victims of Authorised Push Payment (APP) fraud via the Faster Payments System (the payment system across which most APP fraud currently takes place), which is expected to come into effect in October 2024.

Since the beginning of the Russia-Ukraine conflict, the banking sector continues to see a huge surge in cyberattacks. Banks have a continuing battle to ensure they keep abreast of and invest appropriate resources in state of the art technologies to deal with the increased cyber security risks.