The Prudential Regulation Authority (PRA) works alongside the Financial Conduct Authority (FCA) and the Bank of England to regulate UK financial services. The PRA’s focus is on minimising systemic risks to the UK financial system by ensuring that businesses delivering key financial services are safe and sound.
If your business is PRA-regulated, you will need to show the PRA that you have adequate financial backing for your business and that you are actively monitoring and managing risk.
The PRA’s ‘prudential’ requirements are rigorous and can be technically complex. Harper James’ financial services solicitors are here to help you understand the PRA’s prudential regime and support your business to stay in compliance.
- What is ‘prudential’ regulation?
- What are the PRA’s objectives?
- Which businesses come under the PRA’s remit?
- Can the PRA’s remit be changed?
- What was the background to the establishment of the PRA?
- How do the PRA and the FCA work together?
- What key areas does PRA prudential regulation cover?
- What do PRA capital adequacy requirements entail?
- What do PRA risk management requirements entail?
- How does the PRA supervise PRA-regulated firms?
- What are the consequences of breaching PRA regulatory requirements?
What is ‘prudential’ regulation?
The PRA is a UK financial services ‘prudential’ regulator. Prudential regulation means the setting and supervising of standards designed to ensure that a regulated business can either withstand reasonably expected financial losses, or otherwise be wound down in an orderly fashion without adversely affecting the wider UK financial system. The PRA does not aim to prevent all the firms it regulates from failing.
Prudential regulation is contrasted with ‘conduct’ regulation. Conduct regulation oversees the standards of market behaviour shown by finance firms. It includes looking at how businesses treat their customers, at how financial markets operate to ensure that trading is fair for all participants and at whether businesses are competing effectively to provide high quality and reasonably priced financial services. The FCA is the UK financial services conduct regulator.
What are the PRA’s objectives?
The PRA’s objectives are to:
- maintain the safety and soundness of the firms it regulates, and
- for insurers, to provide an adequate degree of protection for policyholders.
The PRA sees policyholder protection through a lens of aiming to ensure insurers can meet their liabilities and that there is continuity of service for insurance policyholders.
If your business is PRA-regulated, the PRA will want to satisfy itself that your business is well-managed and financially sound. It will also continuously assess, and work to address, any risks which your business might pose to the wider financial system.
Which businesses come under the PRA’s remit?
The PRA oversees financial firms whose activities which might have systemic impacts on the health of the UK financial system. For example, customers having confidence to leave their money with banks and to insure their homes, cars and businesses is essential for the workings of the real economy and a healthy financial sector.
The key activities which are PRA-regulated are:
- Accepting customer deposits, and
- Underwriting insurance.
If your business has regulatory permission to accept deposits or provide insurance products, your business will be PRA-regulated.
The PRA also looks after the biggest investment firms. These are the investment businesses whose activities are so large, or so embedded in the functionality of UK markets, that the whole financial system might feel an impact if they failed. The financial soundness of smaller investment firms is supervised by the FCA.
In total, the PRA regulates about 1,500 firms. PRA-regulated firms include major UK clearing banks, big insurers and major investment firms. However, the PRA also oversees much smaller businesses like, for example, building societies and credit unions which accept deposits and friendly societies which offer insurance.
Can the PRA’s remit be changed?
Yes. The Financial Services & Markets Act 2000 gives HM Treasury the power to make secondary legislation which designates which types of financial service or businesses will be PRA-regulated. For more information on this Act, please see our Knowledge Hub article ‘What you need to know about the Financial Services and Markets Act 2000’.
What was the background to the establishment of the PRA?
Prior to April 2013, UK financial services were regulated by a single body, the Financial Services Authority (FSA). Following the 2008 financial crisis, the UK government carried out a review of UK financial services regulation to try to learn lessons from the crisis.
This review recognised the problem that, within a single regulator, lots of resource could be allocated to high profile incidents involving poor conduct (such as mis-selling scandals), with less attention then being paid to prudential matters such as firm creditworthiness or cashflow. Likewise, if a firm got into financial difficulty, resource would be concentrated on that, with subsequent risks that inappropriate behaviour impacting customers was given less scrutiny. For these reasons, the UK decided to move to a ‘twin peaks’ system of regulation. This involved the creation of two new regulators, the PRA and the FCA.
As described above, the PRA is the prudential regulator for about 1,500 systemically important financial firms. The FCA prudentially regulates all remaining firms. The FCA is also responsible for the conduct supervision of all firms, whether these are prudentially regulated by the PRA or the FCA. The FCA aims to ensure that UK financial markets work well, with high standards of market integrity, consumer protection and vibrant competition which benefits consumers.
The PRA and the FCA therefore each have a separate (but interconnected) remit, with dedicated resource, to reduce the risk that something is overlooked.
How do the PRA and the FCA work together?
When the PRA and the FCA were set up, tools were also put in place to help them work together. These mechanisms reduce the risk that the PRA and FCA might duplicate each other’s efforts or simultaneously make demands of a regulated business.
Tools include agreements on how the PRA and FCA will cooperate and coordinate, the option of shared regulatory rules, consultation and mutual approval steps and, in very rare circumstances to protect UK financial stability, a PRA veto over FCA actions.
What key areas does PRA prudential regulation cover?
The PRA’s prudential regulatory framework monitors risks to safety and soundness in key areas, including:
- Capital adequacy: the amount and quality of capital which firms hold and can use to absorb losses
- Risk management: the processes which a firm uses to identify, monitor and manage risks
- Funding and liquidity: the amount of cash, or readily realisable assets, which firms have at their disposal to meet their liabilities in the short and medium term
- Governance: the quality of leadership at a firm, its business model, its culture and how it is operated and controlled.
What do PRA capital adequacy requirements entail?
The PRA’s capital adequacy requirements are based on international standards: the Basel Accords for banks and the European Union (EU) Solvency 2 regime for insurers. Since Brexit, the PRA has been looking at how it might make changes to capital adequacy requirements for insurers.
Capital adequacy is designed to provide a degree of protection against any losses which a firm might make, allowing the firm to continue in business. The highest quality ‘capital’ (Tier 1) is broadly shareholder equity which can be wiped out if a firm makes large losses. Other forms of lower tier capital include subordinated debt, hybrid convertible instruments and retained profits. The amount of capital resources which a firm must hold is linked to the amount of risk which its operations run.
The capital adequacy framework is made up of three ‘pillars’. Pillar 1 requirements are minimum capital levels which all firms must maintain based on their business model and size. Pillar 2 requirements are additional capital amounts which the PRA asks firms to hold, over and above the minimum, to respond to particular risks within the firm. Pillar 3 deals with public disclosure of capital and risk information so that counterparties and investors can exert ‘discipline’ over financial firms which might be under-capitalised or too risky.
Smaller firms calculate Pillar 1 capital requirements by applying a detailed set of computational rules to the items on their balance sheets. Larger firms use complex mathematical risk models to work out, within regulatory parameters, how much capital they need to hold. These models must be approved by the PRA, fully documented and regularly checked.
What do PRA risk management requirements entail?
The PRA expects its firms to have clear oversight and control over the risks they face. Firms must prepare detailed reports for the PRA setting out how they have captured all relevant risks and made sure they are holding sufficient capital to offset them. For banks, this process is called the Internal Capital Adequacy Assessment Process (ICAAP). Insurers prepare an Own Risk and Solvency Assessment (ORSA).
Relevant risks to be monitored and managed include:
- Financial risk: e.g. financial market price shifts, interest rate and foreign exchange movements, counterparty default risk and longer-term factors such a climate change.
- Operational risk: e.g. risks from operational errors, cyber threats, computer outages, staff shortages and business continuity challenges.
- Business model risk: e.g. pressure on business sustainability from not providing attractive products, facing too much competition or having a high cost base.
Your business will need to show that you have identified and understood the risks to which you are exposed. You should ensure that a ‘risk culture’ where all staff take account of and ‘own’ risks is embedded throughout your firm.
How does the PRA supervise PRA-regulated firms?
The PRA gathers regular, detailed information from firms to help it assess the risks they pose. This includes asking firms to complete detailed regulatory reporting forms on a regular basis and to share with the PRA management information such as financial results and Board packs.
PRA regulatory reporting requires submission of large volumes of granular financial information, with precise definitions setting out the data points, and so can be resource-intensify for your business to prepare. You should ensure that you understand your PRA reporting obligations and have processes in place to comply.
In addition to asking for information, the PRA will also actively engage with firms’ management at the firms it regulates. The most systemic (Category 1) firms will have a dedicated team of supervisors looking after them. Firms which pose less risk to the system (Category 4 and 5) may not have their own supervisor but will be supervised thematically in a peer group with similar businesses.
What are the consequences of breaching PRA regulatory requirements?
Failing to comply with PRA regulatory rules can have very serious consequences for you and your business.
If the PRA identifies a potential issue at your firm, they are most likely to enter into dialogue with you to learn more and ask you to put things right. If matters are not satisfactorily resolved, the PRA has wide-ranging powers to bring your business back into compliance.
For example, if the PRA considers that your business is running more risk than expected, it can ask you to hold additional capital which increases your costs of doing business. The PRA can also ‘impose a requirement’ on your firm in certain circumstances. This means the PRA can require you to take a specified action or to stop doing something which is problematic.
Alternatively, the PRA can also move to restrict or cancel one or more of your regulatory permissions.
Where serious breaches are suspected, the PRA has powers to launch formal investigations into potential wrongdoing. If a breach of rules is subsequently proven, this could lead to significant sanctions on a business or the individuals running it, including substantial fines or public censure. The PRA can also remove all a firm’s permissions or prohibit individuals from working in regulated financial services in the future.
For these reasons, understanding and complying with your PRA regulatory obligations is vital for your business.
If you are PRA-regulated, your business will need to understand and keep up-to-date with PRA capital adequacy, risk management and reporting requirements because contravening these may lead to serious consequences for you and your business.
Our financial services solicitors can help guide you at all stages of your PRA regulatory journey through authorisation, ongoing compliance and regulatory interactions. Harper James provides expert, tailored advice on how to best navigate the UK prudential regulatory landscape.