Greg Kilminster
Head of Product - Content
FCA to consult on extending response time for motor finance complaints
The Financial Conduct Authority (FCA) has announced a consultation on extending the timeframe for motor finance firms to handle consumer complaints concerning commission disclosure in finance agreements. This follows the recent Court of Appeal judgment in cases involving Close Brothers Ltd and Firstrand Bank Ltd, which ruled that brokers in motor finance deals must secure a customer’s informed consent before receiving commission. If adopted, the extension will apply by mid-December, providing more time for firms and consumers to respond.
Some context
The FCA’s decision to consult stems from the Court of Appeal’s 25 October ruling, which addressed legal requirements for transparency in motor finance commission payments. The judgment declared it unlawful for brokers to receive commission from lenders without informing consumers of key details, including commission amounts and calculation methods. This ruling affects both non-discretionary commission and discretionary commission arrangements (DCAs), the latter of which were banned by the FCA in 2021 to protect consumers from hidden charges.
Following the court’s decision, the FCA engaged with 63 motor finance firms, industry bodies, and consumer advocates, gathering perspectives on the ruling’s implications. Given the high volume of anticipated complaints, the FCA aims to prevent inconsistent and disorderly responses by motor finance firms and ensure that consumers’ concerns are addressed efficiently.
Key takeaways
- Extended complaint handling period: The FCA’s proposed extension aims to provide firms with adequate time to manage complaints linked to commission disclosure. This will cover the interim period while awaiting the Supreme Court’s decision on whether it will hear an appeal, potentially avoiding rushed or inconsistent outcomes for consumers.
- Court of Appeal’s ruling on informed consent: In the case in question, the court ruled that brokers must obtain informed consent from consumers regarding commission payments, a requirement under common law. This judgment holds even for FCA-regulated firms, as it falls under broader legal obligations rather than regulatory rules.
- FCA’s consumer protection measures: Since 2021, the FCA has banned DCAs in motor finance, yet the Court of Appeal’s decision could lead to retrospective complaints. The FCA’s consultation on complaint extensions seeks to ensure consumers and firms alike have time to adapt to the legal implications of the judgment.
- Potential for FCA intervention: The FCA has indicated it will request the Supreme Court to prioritise its decision on granting appeal permission and may intervene with expertise if the case proceeds.
Next steps
The FCA plans to release its consultation proposals within two weeks, exploring options for the duration of the complaint-handling extension. Motor finance firms are encouraged to prepare for final complaint responses once the extension ends, ensuring their resources and legal provisions are in place. Meanwhile, customers with commission-related concerns should continue to submit complaints as usual.
Click here to read the full RegInsight on CUBE's RegPlatform.
APRA reports mixed progress on climate risk
A report from the Australian Prudential Regulation Authority (APRA) suggests that while large financial entities have generally increased their climate risk maturity since 2022, significant variation remains, with some entities even reporting regressions in key areas. The 2024 survey, a continuation of APRA's climate risk assessment efforts, involved 149 voluntary responses from banks, insurers, and superannuation trustees, representing over half of the regulated entities invited to participate.
Mixed progress across sectors
The report reveals that larger financial institutions, particularly major banks, have shown improvement in climate risk management, with banking entities reporting an 18% increase in climate risk maturity scores. In contrast, the insurance and superannuation sectors reported minimal improvement, with superannuation trustees leading in risk management maturity, yet with limited advancements in overall climate resilience across the sector. While superannuation entities showed strength in governance and metrics, insurers - especially general insurers - exhibited considerable disparities in climate preparedness and maturity levels.
Setbacks in climate disclosure maturity
Despite increased regulatory focus on climate disclosure and the anticipated roll-out of Australia's mandatory climate-related financial disclosure standards from January 2025, a notable decline in disclosure maturity was observed, particularly among entities that had reported more advanced practices in the previous 2022 survey. This trend, APRA notes, may reflect entities recalibrating their disclosures in response to evolving regulatory expectations, including heightened scrutiny on greenwashing and a developing global landscape for sustainability reporting standards.
Varied maturity in governance and risk management
Governance and strategy, alongside risk management, emerged as areas of relative strength for most entities. Almost all responding institutions reported board-level oversight of climate risk, and many have integrated climate risk into their risk management frameworks. However, only a minority of institutions link climate performance to executive remuneration, and fewer than half have specific climate expertise on their boards. Additionally, the survey found that while many institutions consider climate as a driver of other risks—such as reputational and credit risk—few have fully embedded climate risk across all levels of their risk management frameworks.
Forward-looking measures: nature risk and transition planning
APRA observed a growing trend of entities considering adjacent risk factors like nature risk and the development of climate transition plans. More than 30% of entities have established climate transition plans, and an additional third expect to do so within the next year. This interest aligns with APRA’s support for Australia's Sustainable Finance Roadmap, which encourages institutions to factor climate-related and nature-related financial risks into long-term planning.
Next steps
APRA has outlined a series of initiatives to bolster climate risk management across Australia’s financial sector. In 2025, APRA will begin consultations on integrating climate risk into prudential standards CPS 220 and SPS 220, alongside ongoing supervisory enhancements aimed at embedding climate risk within broader regulatory frameworks. APRA’s findings underscore the need for a proportionate approach, urging smaller institutions to consider material climate risks in alignment with their operational scale and resources.
Click here to read the full RegInsight on CUBE's RegPlatform.
ESMA issues latest newsletter
The European Securities and Markets Authority (ESMA) has released the latest edition of its ‘Spotlight on Markets’ newsletter. The newsletter contains factsheets highlighting key events during the month, including:
- Two Consultation Papers – on draft technical advice under the Prospectus Regulation and one on amendments to the MiFID research regime.
- ESMA’s first consolidated Report on Sanctions
- Joint Committee 2025 Work Programme.
Several other publications and developments are also covered in the update.
Click here to read the full RegInsight on CUBE's RegPlatform.
SFC issues AI guidelines for licensed corporations
The Hong Kong Securities and Futures Commission (SFC) has released a circular setting out expectations for licensed corporations (LCs) using generative AI language models (AI LMs). The guidelines come as financial institutions increasingly integrate AI-driven solutions to enhance client interactions and operational efficiency.
Some context
The circular reflects insights gathered by the SFC through its engagement with international and local LCs, which use AI LMs in a variety of applications—from handling client inquiries via chatbots to generating investment research and automating coding processes. While the SFC supports innovation through AI, it stresses the additional risks posed by AI LMs, particularly the risk of unreliable, biased, or inaccurate outputs, as well as heightened cybersecurity and data privacy risks.
Key takeaways
- AI-related risks: AI LMs, although accessible and versatile, carry significant risks. The SFC warns of "hallucination" risks, where AI LMs may provide plausible yet incorrect responses. Biases embedded in training data can lead to discriminatory outputs, and performance drift may degrade model accuracy over time. There are also increased risks of cyberattacks, data leaks, and dependencies on third-party providers, which may affect operational resilience.
- Risk-based governance approach: The SFC’s circular calls for a risk-based approach in AI LM deployment, with senior management responsible for overseeing lifecycle governance. AI LMs deemed high-risk, especially those generating investment advice, should be monitored more closely and should include "human-in-the-loop" interventions to ensure factual accuracy before delivering outputs to clients.
- Core principles for risk management: Four core principles should guide LCs in managing AI-related risks:
- Senior management responsibilities: Senior leaders are tasked with ensuring effective governance and oversight across the AI LM’s lifecycle, from model development to monitoring.
- AI model risk management: Rigorous model validation and review processes are recommended to address potential errors, particularly in high-risk applications.
- Cybersecurity and data risk management: Firms must adopt robust cybersecurity measures, including adversarial testing and periodic reviews, to guard against data leaks and malicious attacks.
- Third party provider risk management: Due diligence and ongoing monitoring of third-party providers are required, particularly where open-source AI LMs are used.
Next steps
The SFC encourages LCs to critically assess and update their risk management frameworks to align with these guidelines. For high-risk use cases, LCs are reminded of the regulatory requirement to notify the SFC of significant business changes and are advised to consult the regulator early to mitigate potential compliance issues. The circular is effective immediately, with a period of pragmatic regulatory assessment to allow firms time for full implementation.
Click here to read the full RegInsight on CUBE's RegPlatform.
The Bank of England’s updates enforcement policy
The Bank of England has released a policy statement outlining amendments to its enforcement policies and procedures, specifically the "Enforcement Statements of Policy and Procedure" (Enforcement SoPP). The updates follow a March 2024 consultation and introduce revised enforcement practices in line with new powers granted under the Financial Services and Markets Act 2023 (FSMA 2023). The revised Enforcement SoPP is applicable to critical third parties (CTPs) as well as other entities involved in financial market infrastructure and operations, marking a significant regulatory shift aimed at enhancing operational resilience and compliance across the UK financial sector.
Some context
The revised Enforcement SoPP reflects the expanded regulatory scope granted by FSMA 2023, with an emphasis on managing risks associated with critical third parties in the financial sector. Critical third parties, often major providers of technology or operational support, play a pivotal role in the stability of financial systems. The updated policies therefore outline enforcement measures intended to oversee CTPs as they meet new operational resilience standards. These measures were proposed to ensure that the Bank of England and the Prudential Regulation Authority (PRA) have the authority to hold these entities accountable, mitigating potential systemic risks.
In a March 2024 consultation, the Bank and PRA sought industry feedback on four enforcement policy updates: 1) securitisation regulation, 2) digital settlement assets, 3) cash distribution, and 4) the oversight of critical third parties. Seven responses were received, focusing exclusively on the CTP enforcement approach. Respondents generally welcomed the new enforcement powers but expressed concerns over their operational implementation, many of which had been raised previously in a separate consultation on CTP resilience frameworks.
Key takeaways
The Bank’s policy statement provides insights into the adjustments made to the Enforcement SoPP following industry feedback:
- Assurances on CTP expertise: The Bank and PRA have committed to deploying expertise specific to CTPs at all stages of the enforcement process, aiming to ensure that regulatory actions are informed and effective.
- International alignment: The regulators have highlighted efforts to align enforcement approaches with global standards, particularly in operational resilience, to minimise duplicated efforts and streamline compliance for globally active firms.
- Provisions for CTP service continuity: To avoid abrupt disruptions, the regulators will consider the availability of alternative CTPs and may impose transitional conditions for any disciplinary measures. This approach is aimed at maintaining financial stability while enforcing compliance.
- Enforcement seriousness and mitigation factors: Factors influencing the gravity of any enforcement action include the severity of any breach, its financial impact, and whether the CTP cooperated by promptly reporting the breach. This clarification aims to add transparency and fairness in enforcement procedures.
Additional minor corrections and updates to other chapters clarify enforcement approaches for digital securities depositories (DSDs), ensuring the applicability of enforcement standards across evolving digital financial assets.
Next steps
The revised Enforcement SoPP takes effect immediately as of 12 November 2024. However, enforcement will apply only to breaches occurring from this date forward. The policy statement also clarifies that no entities have yet been designated as CTPs; therefore, oversight and enforcement actions for CTPs will only commence after such designations are made
Click here to read the full RegInsight on CUBE's RegPlatform.