The United Kingdom’s (the terms United Kingdom and UK will be used interchangeably throughout this chapter) banking sector is regulated for prudential purposes by the Prudential Regulation Authority (PRA), which is part of the Bank of England, the UK’s central bank, and the Financial Conduct Authority (FCA) for conduct purposes. The Financial Policy Committee (FPC), which operates from within the Bank of England, acts as the macro-prudential regulator for the UK’s financial system.

The Financial Services and Markets Act 2000 (FSMA 2000), as amended, sets out the PRA’s and the FCA’s statutory objectives. The PRA’s principal objective is to promote the safety and soundness of the firms it regulates. On 28 March 2018, the PRA published Supervisory Statement (SS)1/18 ‘International banks: the Prudential Regulation Authority’s approach to branch authorisation and supervision’, which replaces SS10/14 ‘Supervising international banks: the Prudential Regulation Authority’s approach to branch supervision’. SS 1/18 is relevant to all PRA-authorised banks and designated investment firms not incorporated in the UK that form part of a non-UK headquartered group (international banks) and which are operating in the UK through a branch, as well as any such firm looking to apply for PRA authorisation in the future. The new approach came into effect on 29 March 2018. For European Economic Area (EEA) firms currently branching into the UK under ‘passporting’ arrangements and intending to apply for PRA authorisation in order to continue operating in the UK after the UK’s withdrawal from the European Union, this approach will be relevant to authorisations. The PRA will keep the policy under review to assess whether any changes will be required due to changes in the UK financial system or regulatory framework, including those arising once any new arrangements with the European Union take effect after the United Kingdom’s withdrawal from the European Union, which will take place on 31 January 2020.

The FCA’s strategic objective is to ensure that the relevant markets function well. The FCA’s operational objectives are:

• the consumer protection objective;
• the integrity objective; and
• the competition objective.

The FPC’s primary responsibility is to protect and enhance the resilience of the UK’s financial system. This involves identifying, monitoring and taking action to reduce systemic risks. Its secondary objective is to support the economic policy of the government.

Under FSMA 2000 (as amended), it is a criminal offence for a person to carry on a ‘regulated activity’ in the United Kingdom unless authorised to do so or exempt from the authorisation requirement. Regulated activities are defined in secondary legislation. Deposit taking is a regulated activity that requires authorisation. Other regulated activities that require authorisation include:

• dealing in investments as principal;
• dealing in investments as agent;
• arranging deals in investments;
• managing investments;
• safeguarding and administering investments (i.e., custody); and
• providing investment advice and mortgage lending.

Investments include:

• shares;
• debentures (including sukuk);
• public securities;
• warrants;
• futures;
• options;
• contracts for differences (i.e., swaps); and
• units in collective investment schemes.

Please see the answer to the question above. Each regulated activity must be authorised.

No. Each regulated activity must be authorised.

Yes. The UK FCA has established a regulatory sandbox for innovative propositions that are either regulated business or support regulated business in the UK financial services market, open to authorised firms, unauthorised firms that require authorisation and technology businesses. The sandbox provides the ability to test products and services in a controlled environment, reducing time to market, providing support to identify appropriate consumer protection safeguards and better access to finance.

On 6 October 2020, the FCA announced that it was banning the sale, marketing and distribution of crypto-derivatives (ie., contracts for difference, options and futures) and exchange traded notes which reference unregulated transferrable cryptoassets by firms acting in or from the UK. In a statement announcing the ban, the FCA said that it: “considers these products to be ill-suited for retail consumers due to the harm they pose. These products cannot be reliably valued by retail consumers because of the: 

• inherent nature of the underlying assets, which means they have no reliable basis for valuation
• prevalence of market abuse and financial crime in the secondary market (eg cyber theft)
• extreme volatility in cryptoasset price movements
• inadequate understanding of cryptoassets by retail consumers
• lack of legitimate investment need for retail consumers to invest in these products  

These features mean retail consumers might suffer harm from sudden and unexpected losses if they invest in these products. 

Unregulated transferable cryptoassets are tokens that are not ‘specified investments’ or e-money, and can be traded, which includes well-known tokens such as Bitcoin, Ether or Ripple. Specified investments are types of investment which are specified in legislation. Firms that carry out particular types of regulated activity in relation to those investments must be authorised by the FCA”.

The ban came into force on 6 January 2021.

At present, the UK has no specific cryptocurrency laws, cryptocurrencies are not considered legal tender and exchanges have registration requirements. Gains or losses on cryptocurrencies are, however, subject to capital gains tax.

On 13 March 2019 the Basel Committee on Banking Supervision (“the Committee”) published Its statement on crypto assets expression the view that the continued growth of crypto-asset trading platforms and new financial products related to crypto-assets has the potential to raise financial stability concerns and increase risks faced by banks. While crypto-assets (not to be confused with the digital currencies of central banks) are at times referred to as “crypto-currencies’, the Committee is of the view that such assets do not reliably provide the standard functions of money and are unsafe to rely on as a medium of exchange or store of value. Crypto assets are not legal tender, and are not backed by any government or public authority. The Committee’s statement was intended to set out its prudential expectations relevant to the exposures of banks to crypto-assets and related services, particularly for those jurisdictions that do not prohibit such exposures and services.

The Committee concluded that crypto-assets have exhibited a high degree of volatility and are considered an immature asset class given the lack of standardization and constant evolution, They present a number of risks for banks, including liquidity risk: credit risk: market risk: operational risk (including fraud and cyber risks): money laundering and terrorist financing risk: and legal and reputation risks. Accordingly, the Committee expects that if a bank is authorised and decides to acquire crypto-asset exposures or provide related services, the following should be ado ted at a minimum:

• Due diligence: Before acquiring exposures to crypto-assets or providing related services, a bank should conduct comprehensive analyses of the risks noted above. The bank should ensure that it has the relevant and requisite technical expertise to adequately assess the risks stemming from crypto assets.
• Governance and risk management: The bank should have a clear and robust risk management framework that is appropriate for the risks of its crypto-asset exposures and related services. Given the anonymity and limited regulatory oversight of many crvpto assets, a bank’s risk management framework for crypto-assets should be fully integrated into the overall risk management processes, including those related to anti money laundering and combating the financing of terrorism and the evasion of sanctions, and heightened fraud monitoring. Given the risk associated with such exposures and services, banks are expected to implement risk management processes that are consistent with the high degree of risk of crypto assets. Its relevant senior management functions are expected to be involved in overseeing the risk assessment framework. Board and senior management should be provided with timely and relevant information related to the bank’s crypto-asset risk profile. An assessment of the risks described above related to direct and indirect crypto-asset exposures and other services should be incorporated into the bank’s internal capital and liquidity adequacy assessment processes
• Disclosure: A bank should publicly disclose any material crypto-asset exposures or related services as part of its regular financial disclosures and specify the accounting treatment for such exposures, consistent with domestic laws and regulations.
• Supervisory dialogue: The bank should inform its supervisory authority of actual and planned crypto-asset exposure or activity in a timely manner and provide assurance that it has fully assessed the permissibility of the activity and the risks associated with the intended exposures and services, and how it has mitigated these risks.

The Committee will continue to monitor developments in crypto assets, including direct and indirect exposures of banks to such assets.  The Committee will in due course clan the prudential treatment of such exposures to appropriately reflect the high degree of risk of crypto assets. The Committee is coordinating its work with other global standard setting bodies and the Financial Stability Board. (FSB).

On 31 May 2019. the FSB published a report on crypto assets which was delivered to the G20 Finance Ministers and Central Bank Governors at their meeting in Fukuoka, Japan on 8-9 June 2019. The report recommended that the G20 keep the topic of regulatory approaches to crvpto assets and potential gaps, including the question of whether more coordination is needed, under review.

In June 2019 Facebook confirmed its intended launch of a global cryptocurrency known as Libra in 2020. As a consequence of intensive regulatory scrutiny, on 15 Jul 2019, Facebook announced that Libra will not launch until all regulatory concerns have been met and Libra has the appropriate approvals.

Part 4A of  FSMA sets out the main requirements.

Applications, by way of detailed forms, must be made to the PRA, and include a permission table that sets out Part 4A Permissions by function. Although the PRA manages a single administrative process, the FCA also assesses the applicant firm from a conduct perspective. Authorisation is granted only if and when both regulators are satisfied.

In addition to the basic application forms, an applicant must provide:

• Business plan including details of the rationale for the business.
• Ownership of the bank.
• Business strategy.
• Financial resources.
• Non-financial resources.
• Management structure.
• Responsibilities.
• Controls and governance arrangements.
• Significant additional detail about the bank’s: policies; capital; liquidity; financial projections; IT systems and processes; compliance; internal audit; outsourcing arrangements; senior managers; and owners and influencers.

Any prospective bank planning to apply for a deposit-taking permission should arrange a pre-application discussion with the PRA. The PRA and FCA are also expected to be in communication with the applicant throughout the process.

Firms other than deposit taking institutions (which in practice includes some investment banks) usually apply only to the FCA, as the PRA’s jurisdiction is limited to deposit-taking banks and certain designated investment firms classified by the PRA as being of systemic importance.

The PRA and the FCA must make their decision within six months of receipt of the completed application but can deem an application incomplete and require further information, which defers the start of the six-month period. In practice, the licensing process may take up to a year to complete.

If the regulators grant permission, each can impose such requirements or limitations on that permission as it considers appropriate. 

An applicant for a banking licence must pay a non-refundable application fee, which varies according to the type of banking business to be carried on. Once authorised, UK banks must pay an annual licensing fee to the PRA or FCA, based on a number of factors, including annual income and types of banking business.

Prior to the UK’s exit from the EU, if an entity was already authorised as a bank elsewhere in the European Economic Area (EEA) it could ‘passport’ into the UK directly, without applying for authorization from UK regulators. On 1 January 2021, the EU-UK Trade and Cooperation Agreement entered into force.  From 1^st January 2021, EU law ceased to apply in the UK. Consequently, the “passporting” of financial services between the UK and the EU is no longer applicable. At present, the cross-border provision of services between the UK and the EU depends on the regulatory environment being deemed to be “equivalent” in the two jurisdictions. The UK and the EU have agreed to reach a Memorandum of Understanding establishing a Framework for Regulatory Cooperation on Financial Services by 31 March 2021. This includes establishing arrangements for “exchanges of views on regulatory initiatives” and “enhanced co-operation and co-ordination including in international bodies”. It is too early to tell what these “arrangements” will mean for “equivalence” considerations but it is hoped that a pragmatic understanding will be reached and maintained.

International banks headquartered outside the EEA may operate in the UK through a branch, a subsidiary or both but they need to go through the new bank authorisation process for either approach.

The PRA requires a deposit-taker to be either a body corporate or a partnership. UK-headquartered banks are generally UK public limited companies or private limited companies.

Organisational systems should be proportionate to the nature, scale and complexity of a bank’s business. A bank must have:

• Decision-making procedures and an organisational structure that clearly specifies and documents reporting lines and allocates functions and responsibilities.
• Adequate internal control mechanisms to secure compliance with decisions and procedures at all levels of the bank.
• Effective internal reporting and communication of information at all levels.
• Appropriate and effective whistleblowing arrangements.

Banks should segregate the duties of individuals and departments so as to reduce opportunities for financial crime or contravention of regulatory requirements and standards (for example front-office and back-office duties should be segregated to prevent a single individual initiating, processing and controlling transactions). Responsibility should also be segregated in a manner that supports the bank’s compliance obligations on conflicts of interest, remuneration structures and prevention of market abuse.

Corporate governance determines the allocation of authority and responsibilities by which the business and affairs of a bank are carried out by its board and senior management, including how they:

• set the bank’s strategy and objectives;
• select and oversee personnel;
• operate the bank’s business on a day-to-day basis;
• protect the interests of depositors, meet shareholder obligations, and take into account the interests of other recognised stakeholders;
• align corporate culture, corporate activities and behaviour with the expectation that the bank will operate in a safe and sound manner, with integrity and in compliance with applicable laws and regulations; and
• establish control functions.

Yes. The PRA has issued a supervisory statement setting out the expectations for firms in relation to the following:

• proportionality;
• material risk takers (MRTs);
• application of clawback to variable remuneration;
• governing body/remuneration committees;
• risk management and control functions;
• remuneration and capital;
• risk adjustment (including long-term incentive plans);
• personal investment strategies;
• remuneration structures (including guaranteed variable remuneration, buy-outs and retention awards);
• deferral; and
• breaches of the remuneration rules.

The majority of the Basel III framework has been implemented and is in force but there are certain aspects, including in relation to changes to the definition of exposure and minimum capital requirements for market risk, that will come into force only in 2022. Due to the coronavirus pandemic in 2020/21, the Bank of England, the FCA and the PRA have had to pause a number of banking regulatory workstreams, including the further implementation of the Basel III framework.

Yes, the UK through the PRA Rules now has a requirement that a regulated firm must hold sufficient tier 1 capital to maintain, at all times, a minimum leverage ratio of 3.25%.

The rules apply to every firm that is a UK bank or a building society that, on the firm’s last accounting reference date, had retail deposits equal to or greater than £50 billion either on: (1) an individual basis; (2) if the firm is a parent institution in a Member State, on the basis of its consolidated situation; or (3) if the firm is controlled by a parent financial holding company in a Member State or by a parent mixed financial holding company in a Member State and the PRA is responsible for supervision of that holding company on a consolidated basis under Article 111 of the CRD, on the basis of the consolidated situation of that holding company.

The UK has implemented the LCR regime and is aligned with the CRR requirement that banks should have enough high quality liquid assets in their liquidity buffer to cover the difference between the expected cash outflows and the expected capped cash inflows over a 30-day stressed period and accordingly with effect from 1 January 2018, the ratio requirement that banks have to meet is 100%.

The NSFR regime is not yet in force in the UK as final EU legislation is awaited. It is expected that when implemented, the NSFR regime will require banks to maintain a stable funding profile in relation to their on- and off-balance sheet activities. Expressed as a percentage and set at a minimum level of 100%, it indicates that an institution holds sufficient stable funding to meet its funding needs during a one-year period under both normal and stressed conditions. As allowed under EU rules, preferential treatment will be possible in certain exceptional cases.

Yes – generally English banks are subject to the same corporate law disclosure requirements as other English company. The need for interim reporting will apply to public companies that are subject to the disclosure rules of a stock exchange and typically on the London market will require semi-annual reporting if there is no US market aspect.

Yes. Consolidated supervision in the UK is derived from the requirements set by the Basel Committee on Banking Supervision. It enables prudential supervision of a bank to look to the strength of the bank’s group and not just the entity itself. Following the CRR regime, calculations are required of group capital requirements and resources and reporting is made at both group and entity level.

Part 12 of FSMA 2000 (as amended) implements the requirements of the EU’s Acquisitions Directive (2007/44/EC) into English law. A person intending to acquire or increase ‘control’ over the shares or voting power of a UK-authorised bank or its parent undertaking above 10 per cent, 20 per cent, 30 per cent or 50 per cent must notify and obtain consent from the PRA prior to acquiring or increasing control. Failure to do so is a criminal offence. The PRA must consult the FCA before reaching a decision on whether to approve a proposed change of control.

Change of control forms are detailed and require disclosure of information about the ultimate beneficial owner of the proposed acquisition.

A person wishing to decrease control of the shares or voting power in a UK-authorised bank or its parent undertaking below 50 per cent, 30 per cent, 20 per cent or 10 per cent, must notify the regulator of the intention to do so. Failure to notify is an offence. There is no requirement for regulatory consent to the reduction of control.

The PRA has 60 business days from receipt of the application to approve the acquisition or increase of control (with or without conditions), or to object. This period may be interrupted once by up to 20 business days in cases where the PRA requires further information.

The Acquisitions Directive was supplemented with Level 3 Guidelines published by the Committee of European Banking Supervisors, the Committee of European Insurance and Occupational Pensions Supervisors and the Committee of European Securities Regulators (together, the Level 3 Committees). The Level 3 Guidelines updated on 1 October 2017 contain guidance on general concepts such as the meaning of the term ‘acting in concert’ and the process for determining acquisitions of indirect holdings.

When considering whether or not to grant approval, the PRA considers the suitability of the person, having regard to their likely influence over the bank. This will involve considering the following statutory items:

• the reputation of the section 178 notice-giver;
• the reputation and experience of any person who will direct the business of the UK authorised person as a result of the proposed acquisition;
• the financial soundness of the section 178 notice-giver, in particular in relation to the type of business that the UK authorised person pursues or envisages pursuing;
• whether the UK authorised person will be able to comply with its prudential requirements (including the threshold conditions in relation to all of the regulated activities for which it has or will have permission);
• if the UK authorised person is to become part of a group as a result of the acquisition, whether that group has a structure which makes it possible to—
  • (i) exercise effective supervision;
  • (ii) exchange information among regulators; and
  • (iii) determine the allocation of responsibility among regulators; and
• whether there are reasonable grounds to suspect that in connection with the proposed acquisition money laundering or terrorist financing is being or has been committed or attempted; or the risk of such activity could increase.

No.

Certain parts of UK regulation (for example in relation to TLAC) deal specifically with globally systemically important banks which are subject to enhanced supervisory and recovery and resolution planning requirements.

This will depend on the nature of the breach but sanctions range from reprimands to fines to suspension of loss of a banking licence. There are also criminal sanctions for certain violations (for example: in relation to change of control).

The current resolution regime is set out in the UK’s Banking Act 2009 which provides for resolution and recovery measures and has been amended to reflect the requirements of BRRD. The PRA rules require banks to maintain recovery plans and resolution packs to enable institutions and the PRA better to plan effectively for recovery or resolution in the future. The Banking Act 2009 introduced a special resolution regime with new insolvency procedures of bank insolvency, bank administration and also empowers the institutions to transfer the bank to a third party or to take it into temporary public ownership. As part of the new powers granted to the Bank of England under the Banking Act 2009, the Bank of England has bail-in powers to write down and covert capital into full equity.

The UK offers protection of deposits up to £85,000 per person per firm, administered by the Financial Services Compensation Scheme (FSCS). This body is responsible for ensuring that compensation is paid to insured depositors and other eligible claimants to cover amounts due from failed banks and in other appropriate cases. The FSCS is independent from, but accountable to, both the FCA and the PRA.

The FCA also has extensive rules on client asset protection which apply to firms holding client assets. These rules require client assets to be segregated and reconciled within set time periods.

Yes. Bail-in involves shareholders of a failing institution being divested of their shares, and creditors of the institution having their claims cancelled or reduced to the extent necessary to restore the institution to financial viability. The shares can then be transferred to affected creditors, as appropriate, to provide compensation. Alternatively, where a suitable purchaser is identified, the shares may be transferred to them, with the creditors instead receiving, where appropriate, compensation in some other form.

Certain arrangements are subject to safeguard provisions to protect netting and set-off.

There are a range of excluded liabilities including:

• liabilities representing protected deposits
• any liability, so far as it is secured
• liabilities that the bank has by virtue of holding client assets
• liabilities with an original maturity of less than 7 days owed by the bank to a credit institution or investment firm
• liabilities arising from participation in designated settlement systems and owed to such systems or to operators of, or participants in, such systems
• liabilities owed to central counterparties recognised by the European Securities and Markets Authority in accordance with Article 25 of Regulation (EU) 648/2012 (EMIR) of the European Parliament and the Council of 4 July 2012 on OTC derivatives, central counterparties and trade depositaries
• liabilities owed to an employee or former employee in relation to salary or other remuneration, except variable remuneration
• liabilities owed to an employee or former employee in relation to rights under a pension scheme, except rights to discretionary benefits
• liabilities owed to creditors arising from the provision to the bank of goods or services (other than financial services) that are critical to the daily functioning of its operations

A “protected deposit” is defined in section 48C as one which is covered by the FSCS, or equivalent deposit guarantee scheme, up to the coverage limit of that scheme.

The UK is subject to TLAC rules in relation to global systemically important banks within its jurisdiction.

On 11 March 2020, the BoE and the PRA announced a number of supervisory and prudential policy measures aimed at alleviating operational burdens on PRA regulated firms to address the challenges posed by the coronavirus pandemic. These measures are reviewed and updated on an ongoing basis to enable financial institutions to deliver the critical functions they provide to the economy.

The change of administration in the US in January 2021, leading to America’s immediate re-engagement with the Paris Agreement, is likely to lead to renewed emphasis on green finance globally and in the UK.

Following a review of unsecured lending undertaken by Christopher Woolard, known as The Woolard Review – A review of change and innovation in the unsecured credit market, published on 2 February 2021, the FCA called for effective regulation of fintech companies providing and enabling “buy now, pay later” (“BNPL”) consumer lending as a matter of urgency given the significant potential for consumer harm posed by unsecured credit providers. BNPL services currently provided by companies such as Klarna, PayPal, LayBuy and Clearpay currently fall outside the FCA’s bailiwick. The BNPL market more than trebled in size in 2020.

The Woolard Review recommends a programme of reform and sets out how regulation can better support a healthy market for unsecured lending, taking into account the impact of the coronavirus pandemic, changing business models and new developments in unregulated BNPL unsecured lending.

The economic fallout from the coronavirus pandemic potentially amplified by uncertainties arising from the rapid growth in popularity of cryptoassets and digital banking apps, exasperated by time consuming discussions between London and Brussels about “equivalence”.