The Prudential Regulation Authority (PRA) works alongside the Financial Conduct Authority (FCA) and the Bank of England to regulate UK financial services. The PRA’s focus is on minimising systemic risks to the UK financial system by ensuring that businesses delivering key financial services are safe and sound.
If your business is PRA-regulated, you will need to show the PRA that you have adequate financial backing for your business and that you are actively monitoring and managing risk.
The PRA’s ‘prudential’ requirements are rigorous and can be technically complex. Our financial services solicitors are here to help you understand the PRA’s prudential regime and support your business to stay in compliance.
Contents:
- What is ‘prudential’ regulation?
- Which businesses come under the PRA’s remit?
- What was the background to the establishment of the PRA?
- What key areas does PRA prudential regulation cover?
- PRA capital adequacy requirements
- PRA risk management requirements
- How does the PRA supervise firms?
- What are the consequences of breaching PRA regulatory requirements?
- Summary
What is ‘prudential’ regulation?
The PRA ensures financial services firms can handle financial losses or can be closed down in an orderly fashion without harming the wider UK financial system. It also ensures that the businesses it regulates are well-managed, which involves setting and supervising standards to achieve this stability. This does not mean that the PRA aims to prevent all failures but aims to manage them safely.
The PRA’s objectives are to:
- maintain the safety and soundness of the firms it regulates, and
- for insurers, to provide adequate protection for policyholders.
Prudential regulation is contrasted with ‘conduct’ regulation. Conduct regulation is managed by the FCA and focuses on how financial firms behave. This includes overseeing how businesses treat their customers, how financial markets operate, and whether businesses are competing effectively to provide high quality and reasonably priced financial services.
Which businesses come under the PRA’s remit?
The key activities which are PRA-regulated are:
- accepting customer deposits, and
- underwriting insurance.
If your business has regulatory permission to accept deposits or provide insurance products, it will be PRA-regulated.
The PRA also oversees the largest investment firms whose failure could affect the entire financial system. Smaller firms’ financial soundness is supervised by the FCA.
In total, the PRA regulates about 1,500 firms, including major UK clearing banks, big insurers and major investment firms. It also oversees smaller businesses like building societies, credit unions, and friendly societies offering insurance.
The PRA's remit can be changed by HM Treasury through secondary legislation under the Financial Services & Markets Act 2000. For more information, see please refer to our article on the Financial Services and Markets Act 2000.
What was the background to the establishment of the PRA?
Before 2013, UK financial services were regulated by a single body, the Financial Services Authority (FSA). Following the 2008 financial crisis, a government review revealed that focusing on high-profile conduct issues (such as mis-selling scandals), left prudential matters like creditworthiness neglected.
For this reason, the UK decided to move to a ‘twin peaks’ system of regulation, creating the PRA and the FCA.
To prevent conflicting demands and duplication of work, the PRA and FCA use several coordination tools. These include agreements on how the PRA and FCA will cooperate and coordinate, the option of shared regulatory rules, consultation, and mutual approval steps. In very rare circumstances to protect UK financial stability, the PRA can also issue a veto over FCA actions.
What key areas does PRA prudential regulation cover?
The PRA’s prudential regulatory framework monitors risks to safety and soundness in key areas, including:
- Capital adequacy: ensuring firms have enough high-quality capital to absorb losses.
- Risk management: evaluating how firms identify, monitor and manage risks.
- Funding and liquidity: assessing a firm’s available cash and assets to meet their liabilities in the short and medium term.
- Governance: reviewing the quality of leadership at a firm, its business model, its culture, and how it is operated and controlled.
PRA capital adequacy requirements
The PRA’s capital adequacy requirements are based on international standards: the Basel Accords for banks and the EU Solvency II regime for insurers. Post-Brexit, the PRA is considering changes to these requirements for insurers.
Capital adequacy ensures firms have enough capital to withstand losses and continue operating. The highest quality ‘capital’ (Tier 1) is broadly shareholder equity, which can absorb significant losses. Lower tiers include subordinated debt, hybrid convertible instruments and retained profits. The required capital is linked to the firm’s risk level.
The capital adequacy framework is made up of three ‘pillars’:
- Pillar 1: Minimum capital levels based on the firm’s business model and size.
- Pillar 2: Additional capital to respond to particular risks within the firm.
- Pillar 3: Public disclosure of capital and risk information for transparency and market discipline.
Smaller firms use detailed rules to calculate Pillar 1 capital requirements, while larger firms use complex risk models within regulatory guidelines to work out how much capital they need to hold. These models must be approved by the PRA, fully documented and regularly checked.
PRA risk management requirements
The PRA requires firms to have clear oversight and control over their risks. Firms must prepare detailed reports for the PRA outlining all relevant risks and confirming they have sufficient capital to offset them. For banks, this process is called the Internal Capital Adequacy Assessment Process (ICAAP). Insurers prepare an Own Risk and Solvency Assessment (ORSA).
Relevant risks to be monitored and managed include:
- Financial risk: Includes market price shifts, interest rate and foreign exchange movements, counterparty default, and longer-term factors like climate change.
- Operational risk: Covers errors in operations, cyber threats, computer outages, staff shortages and business continuity challenges.
- Business model risk: Involves risks related to non-competitive products, excessive competition or high operational costs.
Your business will need to show a thorough understanding of these risks and foster a ‘risk aware culture’ where all staff recognise and take responsibility for these risks.
How does the PRA supervise firms?
The PRA conducts its regulatory oversight by gathering regular, detailed information from firms, including financial results and board meeting summaries.
Firms are required to submit large volumes of financial information through detailed reporting forms, which is a precise and resource-intensive process, necessitating that firms fully understand their PRA reporting obligations and have processes in place to comply.
The PRA also actively engages with the management of regulated firms. The most systemically important (Category 1) firms will have a dedicated team of supervisors looking after them, whereas firms that are less risky (Categories 4 and 5) will be supervised thematically in a peer group with similar businesses.
What are the consequences of breaching PRA regulatory requirements?
Failing to comply with PRA regulatory rules can have very serious consequences for you and your business.
If the PRA identifies a potential issue at your firm, they are most likely to enter into a dialogue with you to learn more and ask you to put things right. If matters are not satisfactorily resolved, the PRA has wide-ranging powers to bring your business back into compliance.
For example, if the PRA considers that your business is running more risk than expected, it can ask you to hold additional capital which increases your costs of doing business. The PRA can also ‘impose a requirement’ on your firm in certain circumstances. This means the PRA can require you to take a specified action or to stop doing something which is problematic.
Alternatively, the PRA can also move to restrict or cancel one or more of your regulatory permissions.
For significant breaches, the PRA can launch formal investigations, and, if a breach is proven, can impose substantial fines or public remands. It may also completely withdraw a firm’s permissions or ban individuals from the financial services industry.
Summary
If your business is PRA-regulated, keeping up to date with PRA capital adequacy, risk management and reporting requirements is essential. Non-compliance may have serious consequences for you and your business.
Our financial services solicitors can help guide you at all stages of your PRA regulatory journey from initial authorisation to ongoing compliance and regulatory interactions.