If your business is subject to prudential regulation by the Prudential Regulation Authority (PRA), meeting its complex compliance standards is critical to maintaining your regulatory status.
As one of the UK's two central financial regulators, the PRA plays a crucial role in ensuring that deposit-takers, insurers, and systemically important firms remain financially sound and resilient. Whether you’re navigating PRA capital adequacy rules, risk management expectations or supervisory reviews, the demands are detailed and exacting.
Our financial services solicitors can help you make sense of the PRA’s prudential regime, giving you practical support to stay compliant, avoid regulatory scrutiny and focus on delivering core financial services with confidence.
Contents:
- What is ‘prudential’ regulation?
- Which businesses come under the PRA’s remit?
- What was the background to the establishment of the PRA?
- What key areas does PRA prudential regulation cover?
- PRA capital adequacy requirements
- PRA risk management requirements
- How does the PRA supervise firms?
- Consequences of PRA compliance failures
- Consequences of non-compliance with PRA requirements
What is ‘prudential’ regulation?
The Prudential Regulation Authority (PRA)ensures that financial services firms can handle financial losses or be closed down in an orderly manner without harming the wider UK financial system. It also ensures that the businesses it regulates are well-managed, which involves setting and supervising standards to achieve this stability. This does not mean that the PRA aims to prevent all failures, but it seeks to manage them safely.
The PRA’s objectives are to:
- maintain the safety and soundness of the firms it regulates, and
- for insurers to provide adequate protection for policyholders.
Prudential regulation is contrasted with ‘conduct’ regulation. The FCA manages conduct regulation, focusing on the behaviour of financial firms. This includes overseeing how businesses treat their customers, how financial markets operate, and whether companies are competing effectively to provide high-quality and reasonably priced financial services.
The PRA’s approach is grounded in promoting safety and soundness, making PRA compliance a core focus for any regulated firm.
Which businesses come under the PRA’s remit?
The key activities which are PRA-regulated are:
- Accepting customer deposits, and
- Underwriting insurance.
If your business has regulatory permission to accept deposits or provide insurance products, it will be subject to PRA regulation.
The PRA also oversees the most significant investment firms whose failure could affect the entire financial system. The FCA supervises the financial soundness of smaller firms.
In total, the PRA regulates approximately 1,500 firms, including major UK clearing banks, large insurers, and significant investment firms. It also oversees smaller businesses, such as building societies, credit unions, and friendly societies, which offer insurance.
HM Treasury can change the PRA's remit through secondary legislation under the Financial Services and Markets Act (2000).
What was the background to the establishment of the PRA?
Before 2013, UK financial services were regulated by a single body, the Financial Services Authority (FSA). Following the 2008 financial crisis, a government review revealed that focusing on high-profile conduct issues (such as mis-selling scandals) left prudential matters like creditworthiness neglected.
The UK moved to a ‘twin peaks’ regulatory model, establishing both the PRA and the FCA in 2013
To prevent conflicting demands and duplication of work, the PRA and FCA use several coordination tools. These include agreements on how the PRA and FCA will cooperate and coordinate, as well as options for shared regulatory rules, consultation, and mutual approval steps. In exceptional circumstances, to protect UK financial stability, the PRA can also issue a veto over FCA actions.
What key areas does PRA prudential regulation cover?
The PRA’s prudential regulatory framework monitors risks to safety and soundness in key areas, including:
- Capital adequacy: ensuring firms have enough high-quality capital to absorb losses.
- Risk management: evaluating how firms identify, monitor and manage risks.
- Funding and liquidity: assessing a firm’s available cash and assets to meet its liabilities in the short and medium term.
- Governance: reviewing the quality of leadership at a firm, its business model, its culture, and how it is operated and controlled.
PRA capital adequacy requirements
The PRA’s capital adequacy requirements are based on international standards: the Basel Accords for banks and the EU Solvency II regime for insurers. Post-Brexit, the PRA is considering changes to these requirements for insurers.
Capital adequacy ensures firms have enough capital to withstand losses and continue operating. The highest quality ‘capital’ (Tier 1) is broadly shareholder equity, which can absorb significant losses. Lower tiers include subordinated debt, hybrid convertible instruments and retained profits. The required capital is linked to the firm’s risk level.
The capital adequacy framework is made up of three ‘pillars’:
- Pillar 1: Minimum capital levels based on the firm’s business model and size.
- Pillar 2: Additional capital to respond to particular risks within the firm.
- Pillar 3: Public disclosure of capital and risk information for transparency and market discipline.
Smaller firms use detailed rules to calculate their Pillar 1 capital requirements. In comparison, larger firms utilise complex risk models within the regulatory guidelines outlined in the PRA Rulebook to determine the amount of capital they need to hold. The PRA must approve these models, which must be fully documented and regularly checked.
PRA risk management requirements
The PRA requires firms to have clear oversight and control over their risks. Firms must prepare detailed reports for the PRA outlining all relevant risks and confirming they have sufficient capital to offset them. For banks, this process is called the Internal Capital Adequacy Assessment Process (ICAAP). Insurers prepare an Own Risk and Solvency Assessment (ORSA).
Relevant risks to be monitored and managed include:
- Financial risk: This includes market price shifts, interest rate and foreign exchange movements, counterparty default, and longer-term factors such as climate change.
- Operational risk: Covers errors in operations, cyber threats, computer outages, staff shortages and business continuity challenges.
- Business model risk involves risks related to non-competitive products, excessive competition, or high operational costs.
Your business will need to show a thorough understanding of these risks and foster a ‘risk-aware culture’ where all staff recognise and take responsibility for these risks.
How does the PRA supervise firms?
The PRA conducts its regulatory oversight by gathering regular, detailed information from firms, including financial results and summaries of board meetings.
Firms are required to submit large volumes of financial information through detailed reporting forms, which is a precise and resource-intensive process. This necessitates that firms fully understand their PRA reporting obligations and have processes in place to comply.
The PRA also actively engages with the management of regulated firms. The most systemically important (Category 1) firms will have a dedicated team of supervisors looking after them. In contrast, less risky firms (Categories 4 and 5) will be supervised thematically in a peer group with similar businesses.
Effective PRA compliance processes help firms avoid issues during supervisory engagement and reduce the risk of escalated interventions.
Consequences of PRA compliance failures
Failing to comply with PRA regulatory rules can have very serious consequences for you and your business.
If the PRA identifies a potential issue at your firm, they are most likely to enter into a dialogue with you to learn more and ask you to put things right. If matters are not satisfactorily resolved, the PRA has wide-ranging powers to bring your business back into compliance.
For example, if the PRA considers that your business is running more risk than expected, it can ask you to hold additional capital, which increases your costs of doing business. The PRA can also ‘impose a requirement’ on your firm in certain circumstances. This means the PRA can require you to take a specified action or to stop doing something which is problematic.
Alternatively, the PRA can also move to restrict or cancel one or more of your regulatory permissions.
For significant breaches, the PRA can launch formal investigations, and, if a breach is proven, can impose substantial fines or public censures. It may also completely withdraw a firm’s permissions or ban individuals from the financial services industry.
Consequences of non-compliance with PRA requirements
Understanding and applying the PRA’s capital, risk and governance rules isn’t just about ticking boxes – it’s about safeguarding your firm’s stability and regulatory future. With serious consequences for non-compliance, from capital add-ons to formal investigations or licence withdrawal, your business must have the right systems, reporting processes and internal culture in place.
Our financial services solicitors work closely with firms of all sizes, from building societies to large insurers, to help meet the expectations of the PRA. Whether you need strategic advice, technical input on ICAAP or ORSA submissions, or long-term compliance support, we’re here to guide you through every stage of your PRA journey.
