The Financial Services and Markets Act 2000 (FSMA)

FSMA is the primary UK statute governing the financial services sector in the UK, defining the role and purpose of the regulatory authorities. FSMA has subsequently been significantly amended following the financial crisis of 2008–09 to introduce changes (such as the UK Senior Managers Regime and bank ring-fencing requirements) to enhance the resilience of the UK financial services sector.

FSMA makes it a criminal offence to undertake regulated activities by way of business – or (in broad terms) to promote financial services or products – in the UK unless duly authorised or exempt. The list of regulated activities that a bank may undertake is set out in the FSMA (Regulated Activities) Order 2001. Exclusions exist, which (in broad terms and subject to conditions) permit wholesale activities to be undertaken in the UK by foreign banks without obtaining authorisation.

Separate UK legislation governs the provision of payment services (the Payment Services Regulations 2017) and the issuance of electronic money (the Electronic Money Regulations 2011).

EU Directives and Regulations

A significant proportion of UK banking regulation is derived from EU directives and regulations, reflecting the UK’s historic position as a member of the European Union until January 2020.

The UK left the EU on 31 January 2020 (Brexit), and the post-Brexit implementation period ended on 31 December 2020 (IP Completion Date – IPCD). Prior to the IPCD, FSMA and the secondary legislation and regulators’ rulebooks made under it implemented a number of European law directives into UK law. The other key source of UK legal requirements for UK banks was European regulations that were directly applicable, including:

• the Capital Requirements Regulation (Regulation (EU) 575/2013 (CRR), which implements the revised Basel Accord);
• the Market Abuse Regulation (Regulation (EU) 596/2014); and
• the Markets in Financial Instruments Regulation (Regulation (EU) 600/2014 (MiFIR)).

Post-IPCD, EU law ceased to apply in the UK: the EU regulations referred to above and other EU-derived legislation were incorporated into UK law as they applied on IPCD and amended to render them fit for purpose in their new context under the EU Withdrawal Act 2018. This is colloquially referred to as “onshoring”.

Regulators

The UK operates a “twin peaks” system of financial regulators, with two principal regulators that each have their own rulebook: the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). In addition, the Bank of England (BoE) acts as the resolution authority, and has the primary regulatory responsibility for dealing with failed banks.

The PRA is the prudential regulator for banks, and the FCA regulates banks’ conduct. The PRA has a statutory objective to promote the safety and soundness of the institutions it regulates, with a view to ensuring the stability of the UK financial system. The FCA’s strategic objective is to ensure that the UK’s financial markets function well. The FCA is responsible for regulating a wide variety of regulated firms and activities, including investment services, payment services, retail lending and insurance distribution.

The BoE also operates a Financial Policy Committee, which is the UK’s macro-prudential regulator responsible for the regulation of the broader UK financial system from a macro-economic perspective. The Financial Policy Committee has power to make recommendations to the FCA and PRA in certain cases.

Regulated Activities

Section 19 of FSMA prohibits persons from carrying on regulated activities by way of business in the UK, unless duly authorised or exempt.

Regulated activities include deposit-taking. This is triggered if money received by way of deposit is lent to others, or if the conducting of any other activity of the person accepting the deposit is financed out of the capital of, or interest on, money received by way of deposit.

Lending is generally not regulated in the UK, with the exception of various activities relating to home finance and consumer credit activity. A number of activities relating to derivatives, securities or fund units are also regulated, including dealing, advising, portfolio management and custody, as is insurance distribution.

The UK operates a universal banking regime, meaning that (with limited exceptions for ring-fenced banks) banks can obtain authorisation to conduct any financial services except for writing insurance and the management of funds (each of which is reserved to specific classes of regulated entity). A firm authorised for deposit-taking is also permitted to provide payment services and issue e-money.

EU Providers

Pre-IPCD, EU providers benefited from so-called “passporting” rights under various EU directives, enabling them to provide services or establish branches in the UK. Post-IPCD, passporting rights ceased to apply and EU firms now require a UK licence in order to continue undertaking regulated business in the UK, or they will need to operate outside the territorial scope of the UK regulatory regime.

Application Process

A bank looking to establish itself in the UK must obtain authorisation by applying for a so-called Part 4A Permission under FSMA, which will permit it to take deposits and conduct any other regulated activities within the Permission. The application is made to the PRA and FCA (the PRA acts as lead regulator), and requires the submission of extensive and detailed information about the institution, including the completion of a permissions table that sets out in detail the permissions applied for (per type of activity and client type). It is advisable for the applicant to liaise with the PRA in the pre-application phase.

In addition to the application forms, an applicant firm must also provide the following:

• a regulatory business plan complete with a business rationale;
• information about the ownership structure of the bank;
• evidence of sufficient financial and non-financial resources;
• information regarding the management structure; and
• information about the institution’s financial standing as well as its capacity to comply with its regulatory requirements via internal monitoring.

The application will be reviewed by, and subject to the approval of, both the PRA and the FCA.

In reviewing an application for authorisation, the FCA and the PRA will assess the applicant against the threshold conditions for authorisation, which include the following requirements:

• that the applicant has its headquarters or a branch in the UK;
• that the applicant conducts its business in a prudent manner and possesses sufficient non-financial and financial resources;
• that it be fit and proper to conduct regulated activities in the UK; and
• that it be capable of being regulated and supervised by the FCA and the PRA.

The PRA and FCA must make a decision on the suitability of the applicant within a six-month period beginning on the date on which they receive a complete application form. The regulators also have the power to request further information, which resets the start of the six-month period, meaning that the licensing period, in practice, can extend to up to a year.

The application fee is non-refundable regardless of the outcome; if successful, the bank must then pay an annual fee to either the FCA or the PRA, the cost of which varies based on what type of bank the applicant is looking to set up, and the revenue the bank generates. Retail consumer banks also need to pay fees levied by the Financial Ombudsman Service (FOS) and the Financial Services Compensation Scheme (FSCS). Licences granted to banking institutions are theoretically indefinite, albeit with the caveat that the PRA has the power to suspend the licence at any point, and to impose fines if the bank fails to comply with the regulatory framework.

Under Section 178 of FSMA, any person intending to acquire or increase their level of control of a UK-headquartered bank must provide written notice of such to the PRA (no requirement applies to foreign banks with a UK branch). Prior to the acquisition taking place, the PRA requires a 60 working-day window to elapse, or approval to be given before the 60 working days is up, before the transaction can be completed. In this context, the meaning of “control” is defined as shareholding and/or voting rights.

This requirement is triggered by the acquisition of a holding that equates to 10% or more of the total shareholding or voting rights in a UK-authorised person, or a parent of that authorised person, or a share or voting power that would enable the exercise of significant influence over the authorised person. A person’s “control” includes indirectly held voting power and is aggregated with the control of another with whom they are acting in concert.

An increase in control is deemed to have occurred whenever the percentage shareholding or voting rights crosses the 20%, 30% or 50% threshold, or if the authorised person becomes a subsidiary as a result of the acquisition. Likewise, a reduction in shareholding or voting rights at those same thresholds triggers a reporting requirement to provide the PRA with written notice. Failure to comply with either of these obligations is a criminal offence.

In assessing an application, the PRA will consider a number of factors, including:

• the applicant’s reputation and the reputation of anyone who will exert significant control over the bank’s direction;
• the applicant’s financial position;
• the ability of the bank to comply with the prudential requirements; and
• the risk that the acquisition has any connection to financing terrorism or facilitating money laundering.

There are no restrictions on the foreign ownership of banks in the UK, subject to applicable financial sanction requirements at a UK, EU or United Nations level.

The Companies Act 2006 provides the general basis for the general duties of directors of UK companies. Regulated firms are subject to additional requirements, reflecting the need for high-quality governance in the banking sector.

PRA Fundamental Rules and FCA Principles

These establish high-level standards with which banks must comply, designed to protect the interests of customers and the wider economy as a whole. In particular, the PRA Fundamental Rules include requirements that a firm must have effective risk strategies and risk management systems (Fundamental Rule 5), and that a firm must organise and control its affairs responsibly and effectively (Fundamental Rule 6).

PRA Rulebook

These high-level requirements are supplemented by the General Organisational Requirements Part of the PRA Rulebook, which implements a number of more detailed organisational requirements under the European regulatory framework set out in the revised Capital Requirements Directive (CRD IV) and the recast Markets in Financial Instruments Directive (MiFID II), each as onshored in the UK. These include requirements for:

• a robust governance framework, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility;
• effective processes to identify, manage, monitor and report risks;
• internal control mechanisms; and
• the management body to define, oversee and be accountable for the implementation of governance arrangements that ensure effective and prudent management.

The FCA and PRA rules are also supplemented by the UK onshored version of EU Delegated Regulation 2017/565 as regards organisational requirements and operating conditions for investment firms, which imposes more detailed requirements around the compliance, risk and internal audit functions, outsourcing and the management of conflicts of interest.

Senior management and personnel are required to be not only sufficiently experienced in their field, but also of sufficiently good repute, in order to ensure the prudent and sound management of the bank. The bank must ensure that it has two employees who qualify as such, and that at least two of these individuals are independent in their formulation of ideas and the bank’s policies.

Diversity must also be taken into account when selecting management members. Regulators must be notified of the composition of the management team, and changes made to it. Management must have adequate access to information about the bank’s operations, and the effectiveness of the bank’s operations must be monitored and periodically assessed, with steps taken to remediate problems.

The UK framework includes added requirements for significant firms, such as obligations to have a separate chair and CEO, and to have separate board risk, nomination and remuneration committees.

Further requirements apply to UK banks that are UK listed or subject to the UK ring-fencing rules under the UK Corporate Governance Code’s principles of good governance, as overseen and maintained by the Financial Reporting Council.

Senior Managers and Certification Regime (SMCR)

This regime was implemented in March 2016 in the wake of the financial crisis, as a response to a perceived lack of personal accountability amongst individuals working in the financial sector. The SMCR aims to encourage responsibility amongst employees at all levels, and to improve conduct and encourage clear demarcation of responsibility. It is broken up into three separate regimes.

Senior Managers Regime (SMR)

This focuses on individuals performing defined senior management functions (including executives, the chief risk officer, the head of the finance function, the heads of key business areas and the head of compliance). They must obtain approval from the regulator to perform senior management functions at their firm, regardless of whether they are physically based in the UK or overseas. Firms must assess whether senior managers are fit and proper to perform their roles both at the outset (including by taking references) and thereafter.

Senior managers are also subject to the “duty of responsibility”, which requires them to take reasonable steps to prevent breaches of regulatory requirements in their area(s) of responsibility from occurring or continuing. Each regulator sets out a list of prescribed responsibilities that must be allocated among the senior managers, with the intent that senior managers are accountable to the regulators for those responsibilities. UK banks are also required to maintain a management responsibility map describing the firm’s management and governance arrangements, including reporting lines and the responsibilities of senior staff.

Certification Regime

This focuses on individuals who are deemed by the regulator to pose a threat to the firm or its customers, by the nature of their role (certified persons). Examples of roles that are denoted as such include individuals who give investment advice or bear responsibility for benchmarks. Certified persons are not “pre-approved” by the regulator, but instead their employers must seek certification that they are fit and proper both at the start of their employment (including by taking references) and annually on a rolling basis.

Conduct Rules

High-level expectations of all staff involved in the running of the bank are set by the Conduct Rules, which apply to senior managers, certified persons and almost all other employees of the firm, with the exception of those who perform ancillary functions.

UK remuneration requirements have been set in accordance with the EU provisions set out under CRD IV, subject to limited additional restrictions implemented following the financial crisis of 2008. The requirements are set out in remuneration codes of the PRA and FCA, and apply differently depending on the nature of the firm and its activities. UK banks are subject to both the PRA and FCA Remuneration Codes.

Remuneration Codes

Groups in the UK must apply the Remuneration Codes to all their regulated and unregulated entities, regardless of their geographic location. Subsidiaries of UK banks in third countries must also apply the Remuneration Codes to all subgroup entities, including those based outside the UK. The Remuneration Codes also apply to UK branches of third-country firms.

Code staff

Some requirements of the Remuneration Codes apply universally to all employees, such as those limiting variable pay or termination payments, whereas others only apply to staff classified as “Code staff”. Code staff are employees who are either senior managers or “material risk takers”, individuals engaged in control functions, and any individual whose total remuneration places them in the same remuneration bracket as senior managers. If an individual is classified as Code staff but satisfies the requirements for the “de minimis” concession, certain requirements of the Remuneration Codes can be relaxed. The de minimis concession is satisfied by an individual who has variable remuneration that does not exceed GBP44,000 in a performance year, and where variable pay does not make up more than one third of the individual’s total annual remuneration.

Principles applicable to pay

Under the Remuneration Codes, various principles are applicable to an employee's pay (“remuneration”, covering all forms of salary and benefit payments, including in-kind benefits). A bank must set an appropriate ratio between fixed and variable pay. The Remuneration Codes include bonus cap rules that cap variable pay at 100% of fixed remuneration (or 200% with shareholder approval). At least 50% of variable pay should be in equity, equity-linked or equivalent instruments, and at least 40% of variable pay (or 60% where variable pay is particularly high) must be deferred and vested over a period of four to seven years. Banks are also required to adjust non-vested deferred amounts to reflect outcomes.

Limits are also placed on guaranteed bonuses, which should be exceptional and limited to new staff, and on contract termination payments, to ensure these do not reward failure.

Finally, banks must also implement policies and procedures to ensure that Code staff do not engage in personal investment strategies that undermine the principles of the Remuneration Codes, such as insurance or hedging against the risk of performance adjustment.

Proportionality rule

The requirements in the Remuneration Codes are subject to a proportionality rule, which provides that, when establishing and applying the total remuneration policies for its Code staff, a firm must comply with the requirements in a way and to an extent appropriate to its size and internal organisation, and the nature, scope and complexity of its activities. The expectations of the PRA and FCA regarding firms’ application of the proportionality rule is based on their “relevant total assets”, divided into three levels.

• Level 1 is for firms with total assets exceeding GBP50 billion, averaged over a four-year period.
• Level 2 firms are those with total assets exceeding GBP13 billion but less than or equal to GBP50 billion, averaged over a four-year period. A firm with total assets of less than GBP13 billion, averaged over a four-year period, will nonetheless be considered a Level 2 firm if it is a large institution (as defined in the onshored version of the CRR (UK CRR)), or if the firm's assets as calculated on an individual basis exceed GBP4 billion over a four-year period.
• Level 3 firms are those with less than GBP13 billion in total assets on average over a four-year period, provided that they are not large institutions (as defined in UK CRR), and provided that their assets as calculated on an individual basis are less than or equal to GBP4 billion, averaged over a four-year period. Any firm with total assets of less than or equal to GBP4 billion, averaged over a four-year period, will also be considered a Level 3 firm.

The UK is a member of the Financial Action Task Force (FATF), which is an international, intergovernmental task force (not a formal international body) set up and funded by the G7 and other members to combat money laundering and terrorist financing.

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (the MLR)

This is the primary legislation governing AML requirements in the UK, and is supported by extensive non-statutory guidance given by the Joint Money Laundering Steering Group, which sets out what is expected of banks and staff in relation to the prevention of money laundering and terrorist financing. The principal elements of the MLR are requirements to conduct risk assessments associated with money laundering and terrorist financing, and to apply risk-based customer due diligence policies, controls and procedures, calibrated to the type of customer, business relationship, product or transaction, and taking into account situations and products which by their nature can present a higher risk of money laundering or terrorist financing; these specifically include correspondent banking relationships, and business relationships and occasional transactions with politically exposed persons.

The FCA requires firms to give overall responsibility for their anti-money laundering operations to a director or senior manager, who is responsible for being aware of the money laundering risks and taking steps to effectively mitigate them. A Money Laundering Reporting Officer must also be appointed, as the keystone of the firm’s anti-money laundering procedures.

In January 2020, the UK government enacted the Money Laundering and Terrorist Financing (Amendment) Regulations 2019, which was the legislative instrument designed to implement the European Union’s Fifth Anti-Money Laundering Directive (5MLD). The UK, in fact, has opted to exceed the requirements set out under the EU legislation, as part of its push to maintain its role as a world-leading financial centre.

The updated regulations extended the scope of the persons subject to the MLR, extended the customer due diligence requirements, created bank account portals that can be accessed by financial intelligence units and national regulators, and created a system of registration for crypto-asset businesses. The EU introduced a sixth anti-money laundering directive ((EU) 2018/1673), which was to be implemented by EU member states by 3 December 2020. The UK chose not to transpose this directive into national law, on the basis that the vast majority of its requirements were already part of existing UK legislation.

In July 2022, the Money Laundering and Terrorist Financing (Amendment) (No 2) Regulation was enacted, with a view to updating and strengthening the existing UK AML legislation. Amongst other things, the Regulation allows the FCA to object to an acquisition or change in control of crypto-asset firms, and to publish notices relating to such objections; it also allows the FCA and HMRC to publish notices of refusals to register applicants for MLR registration.

The FSCS

The FSCS is the UK compensation fund available to customers of a majority of UK financial services firms. Its purpose is to provide a backstop in case of the failure of a regulated financial institution, paying compensation up to certain limits when the institution in question is unable to pay claims against it, or is likely to become unable to do so. It is the UK’s depositor compensation scheme, but also covers other classes of regulated business, including insurance and investment business.

The failure of a bank, the insolvency of an insurer or the provision of negligent advice causing loss to a consumer by a financial adviser are all examples of potential justified causes for making a claim for compensation. The extent to which a claimant will be compensated in the event of a successful claim varies depending on the nature of the claim.

The regulatory rules applicable to the FSCS’s depositor protection arrangements are largely set out in the Depositor Protection module of the PRA Rulebook. This provides that the FSCS must pay compensation in respect of an eligible deposit with a defaulted UK bank or foreign bank with respect to its UK branch deposits. For protected deposits, including retail deposit accounts, compensation is capped at GBP85,000, subject to a higher cap of GBP1 million for certain temporary high balances (such as a balance associated with home sales and purchases). Certain classes of depositor are ineligible for compensation, including banks, investment firms, insurance undertakings, financial institutions and certain funds.

To support the need for the FSCS to be able to make rapid payouts in respect of banks in default, the depositor protection rules are supplemented by extensive requirements to ensure that banks can provide the FSCS with the requisite information to make compensation payments. These are centred around the so-called Single Customer View, which is a dataset made available to the FSCS to enable it to identify clients and their claims in order to be able to identify and fund compensation payments.

The FSCS primarily operates under Part 15 of FSMA, which sets out the governance of the scheme, as well as the capacity of the FCA and PRA to make rules in relation to the FSCS. The scheme is officially managed by Financial Services Compensation Scheme Ltd, operating as a guarantee-limited company.

The scheme is principally funded via fees and levies charged to participating firms. These costs include the management expenses levy (broken up into yearly base cost running fees, and specific costs for particular funding classes) and the compensation costs levy, which is primarily a result of the costs incurred by the FSCS in paying out compensation.

Firms participating in the scheme are typically allocated into one or more funding classes, decided on the basis of the regulated activities they perform. The amount each firm is obliged to pay is based on which of these funding classes they have been placed in, up to a maximum amount per funding class each year. If a firm were to fail, and there was insufficient funding available from the other institutions in that funding class, the costs would be pooled across all the funding classes through a mechanism known as the FCA retail pool.

Duty of Confidentiality

The UK does not have a specific statutory regime regulating banking secrecy, but instead relies on the common law duty of confidentiality between the customer and bank, borne from their contractual relationship. Common law provides that the bank has a duty of confidentiality to the customer, as an implicit term of the contract.

The duty of confidentiality from a bank to its customer broadly covers all information about the customer that is held by the bank. The case of Tournier v National Provincial and Union Bank (1924) established that the duty expressly covers the credit or debit balance of the customer’s account, all transactions made through the account, and the securities given in respect of the account.

This duty of confidentiality also extends beyond the lifetime of the account, continuing to apply after it is no longer active or even after it is closed. It further extends to information that is held by the bank about the customer that is from a source other than the customer’s own account, if the acquisition of this information was an indirect result of the customer holding that account.

Exceptions

The bank’s duty to the customer is not absolute; there are a number of exceptions to the duty established in Tournier that allow a bank to divulge information in certain circumstances. Information may be disclosed by the bank if the customer has provided their express or implied consent to the disclosure, if the bank is legally compelled, if there is a public duty, or if the disclosure would protect the bank’s own interests.

If a customer has agreed, however, to express terms in their contractual relationship with the bank to permit disclosure in particular situations, then this agreement would take precedence over Tournier. Regulators also have some additional specific powers in relation to compelling bank disclosure; the FCA has statutory powers to require certain disclosures, as does HMRC (the UK’s tax authority) in respect of tax. Likewise, if there are reasonable grounds for suspicions of money laundering or terrorist financing, banks may be compelled to co-operate in providing information under AML and CTF legislation.

When the FCA or PRA requires a disclosure to be made by a bank to its investigators as part of an ongoing investigation, it is subject to a statutory obligation of confidentiality with respect to the information, subject to limited “gateways” permitting disclosure in certain circumstances.

Breaches

As the duty of confidentiality is a common law regime, rather than a statutory one, a breach of contract or a breach of common law is the potential result of a bank failing to observe the customer's rights. The customer may seek an injunction, even pre-emptively, in order to prevent a breach, or to restrain or avoid a repetition of something previously disclosed. The customer may then also seek damages potentially for a breach of contract, presuming that there are express confidentiality provisions, or for a common law breach of the duty of confidentiality.

The Basel Accord

As a member of the G20, the UK has implemented the Basel Accord. The principal legislation implementing the Accord is CRD IV (as implemented in the UK) and UK CRR, which apply the Accord to all banks. In 2022, the PRA implemented many of the remaining reforms under the Basel III package, including the Net Stable Funding Ratio, which came into force on 1 January 2022. The PRA has announced that it will publish a consultation paper on the final Basel III standards, which are expected to apply in the UK from 1 January 2025 and to focus on credit, market and operational risk. Further reports are expected from the PRA and the BoE in the near future in respect of climate-related risks and any changes required to the UK prudential framework as a result of such risks.

All authorised banks are subject to PRA Fundamental Rule 4, requiring institutions to hold and maintain adequate financial resources. UK banks are additionally subject to detailed risk management, capital and liquidity requirements that do not apply to non-UK banks, with the exception of some risk management requirements, which apply at branch level.

Risk Management

A bank must be able to identify, manage, monitor and report actual or potential risks through adequate risk management policies and procedures and risk assessments. Specific risks that a bank must plan for include credit risk, market risk and liquidity risk, but also less apparent sources of risk such as operational risk, residual risk, group risk and reputational risk.

A bank must establish and maintain an independent risk management function implementing its policies and procedures and reporting to or advising senior personnel accordingly. The risk control arrangements should (where appropriate considering the bank's size, nature and complexity) include a chief risk officer (CRO) and a board-level risk committee.

Among other things, the CRO should be accountable to the board, be fully independent of business units, have sufficient stature and authority to execute the responsibilities, and have unfettered access to any part of the bank's business that impacts its risk profile. The CRO is expected to report to the chief executive, chief finance officer or other executive directors.

A risk committee should be headed by a non-executive director and be composed mainly of non-executive directors. The risk committee oversees and challenges the bank's risk monitoring and management, and advises the board on risk strategy and oversight. A bank's internal control mechanisms and procedures must permit verification of its compliance with rules adopted under CRD IV and UK CRR at all times.

Capital Requirements

The CRR imposes capital requirements on UK banks in the form of risk-weighted asset and leverage requirements.

Risk-weighted asset capital requirements oblige a bank to maintain regulatory capital ratios by reference to a bank’s “total risk exposure amount”, which weights the accounting value of a bank’s assets and credit exposures according to their potential to suffer loss.

Regulatory capital comprises Tier 1 capital (comprising Common Equity Tier 1 (equity) and Additional Tier 1 (equity-like hybrid capital instruments)) and Tier 2 capital (deeply subordinated debt). Common Equity Tier 1 capital is the highest quality capital, generally comprised of ordinary share capital and reserves. Additional Tier 1 capital is the next level of quality of capital, comprised of perpetual subordinated debt instruments or preference shares that must automatically be written down or converted into CET1 if the bank’s CET1 ratio falls below a specified level. In practice, the PRA generally expects that this level is at least 7%. Tier 2 capital is capital that is of an insufficient quality for CET1 or AT1, and is comprised of subordinated debt or capital instruments with an original maturity of at least five years, meeting specific criteria.

The Pillar 1 minimum capital requirements that currently apply to UK banks under UK CRR require the following:

• a base regulatory capital of at least 8% of the total risk exposure amount;
• Tier 1 capital (comprising CET1 capital and AT1 capital) of at least 6% of the total risk exposure amount; and
• CET1 capital of at least 4.5% of the total risk exposure amount.

These are supplemented by buffer requirements. Pillar 2A captures those risks against which banks must hold capital and that are not eligible under the Pillar 1 regime. This includes the combined buffer, formed of a capital conservation buffer of 2.5% of the total risk exposure amount, a countercyclical buffer (currently set at 0% and due to increase to 1% from 13 December 2022, with a further increase to 2% from 5 July 2023), a buffer for global and other systemically important institutions, and a systemic risk buffer for banks that are subject to UK ring-fencing requirements. Pillar 2B, or the PRA buffer, takes into account a bank’s ability to withstand severe stress, alongside perceived deficiencies in its risk management and governance framework, as well as any other information deemed relevant by the PRA.

In determining risk-weighted assets, the bank’s assets and liabilities are divided into the trading book and non-trading book. In determining capital requirements in the non-trading book, banks may follow the standardised or (with PRA approval) internal ratings-based approach. Capital requirements in the trading book comprise counterparty credit risk and market risk, position risk, equity risk, commodities risk, foreign exchange risk and risk associated with options and collective investment schemes. As with the non-trading book, the rules contemplate a variety of methods of calculating risk-weighted asset requirements. The risk-weighted asset requirement also includes a metric for operational risk.

Leverage Ratio

Unlike the risk-weighted assets ratio, the leverage ratio is non-risk sensitive. The leverage ratio requires that a bank’s Tier 1 capital exceeds 3.25% of its total assets and off-balance sheet exposures. The PRA has also issued firm-specific countercyclical buffer requirements and additional leverage ratio buffer requirements for such banks.

MREL

The BoE also regulates the minimum requirement for own funds and eligible liabilities (MREL), broadly following the revised EU Directive 2014/59 on bank recovery and resolution (EU BRRD); it has also implemented the Financial Stability Board’s standards on total loss-absorbing capacity (TLAC) through the MREL framework. The BoE has issued a policy statement establishing its approach to MREL. The quantum of the MREL requirement depends on the resolution strategy of any given bank, which in turn depends on its size and the nature of its activities. The largest UK banking groups are expected to issue MREL that broadly equate to either twice their risk-weighted asset or twice their leverage capital requirements, whichever is higher. In December 2021, the BoE published a revised MREL Statement of Policy, which sets out its MREL framework and has applied since 1 January 2022.

Liquidity Requirements

All UK banks are subject to liquidity requirements implementing the Basel III liquidity coverage ratio, which came into force in January 2015. It is designed to ensure that banks hold a buffer of unencumbered, high-quality, liquid assets in order to meet modelled outflows in a 30-day stress test scenario. The presumption in this scenario is that the institution’s management will be able to take suitable actions to correct the course in that period.

High Quality Liquid Assets (HQLA) are cash or assets that can be converted into cash quickly with limited or no loss in value. An asset can be deemed an HQLA for the purposes of the liquidity requirements if it is unencumbered and meets the minimum liquidity criteria, and if the firm is able to demonstrate that it can be quickly converted into cash if required. HQLA are divided into Level 1 and Level 2 assets, based on their likely liquidity. Level 1 assets include only the most liquid – including cash – central bank reserves, and certain securities that have the backing of a sovereign government or a central bank.

There is no limit on the quantity of Level 1 assets a bank can hold, as these are preferable from a regulatory perspective. Level 2 assets include particular government securities, covered bonds, corporate debt securities and residential mortgage-backed securities. A firm must hold no more than 40% of its total liquid asset pool in Level 2 assets. Under the UK CRR, except for periods deemed to be crises, a UK bank must maintain a liquidity buffer equal to at least 100% of its anticipated net liquidity outflows over a 30-calendar day stress period, where the total net outflows must not exceed the total HQLA pool over the period of the stress testing upon the bank.

The requirements also compel UK banks to regularly report their liquidity data to the PRA, with retail funding reports and systems and control questionnaires being reported quarterly, marketable assets and funding concentration reports being reported monthly, mismatch reports and pricing data being reported weekly, and the underlying liquidity of the bank being reported daily. Liquidity requirements apply on a solo and consolidated basis. The PRA can waive the application of the requirements on a solo basis, but is unlikely to do so other than in relation to sub-groups of institutions authorised in the UK. UK banks are, therefore, generally not able to rely on liquidity from non-UK subsidiaries to satisfy UK liquidity requirements.

The UK has implemented the Financial Stability Board Key Attributes of Effective Resolution Regimes. A bank incorporated in the UK may be wound up under the general insolvency law applicable to UK companies, or wound up or resolved under the special resolution regime (SRR) under the Banking Act 2009. The UK regulatory framework also provides for recovery and resolution planning to enhance the resilience and resolvability of UK banks and banking groups: the MREL requirement described under 8.1 Capital, Liquidity and Related Risk Control Requirements also supports resolution by ensuring that firms have sufficient capital or liabilities available for recapitalisation in resolution, where appropriate.

Insolvency

Banks have special protections from insolvency proceedings, with only the BoE, PRA or the Chancellor of the Exchequer being able to apply for the court order required under Section 94 of the Banking Act. The application to the court would be made on the basis that the bank is either unable to pay its debts or is likely to become unable to do so, and that the winding-up of the institution would be just and equitable. In order for the application to be made to the court in the first place, the PRA must be satisfied that the trigger conditions of failure or likely failure have been met, and the BoE must be satisfied that it is not reasonably likely that the situation will be reversed. Separately, the Chancellor of the Exchequer can apply on the grounds that the winding-up of the bank would be in the public interest.

Recovery and Resolution Planning

Consistent with the requirements of the EU BRRD (as implemented in the UK), UK banks are required by the PRA to produce and maintain recovery plans, along with resolution packs, in order to reduce the risk that the failure of a UK bank could threaten the broader market or require government intervention in the form of taxpayer money being used for a bailout.

The PRA and BoE introduced a resolvability assessment framework for major banks in 2019, which supplements the recovery and resolution framework by requiring banks to undertake an assessment of their resolvability, submit it to the PRA and publish a summary of the assessment thereafter. Banks submitted their resolvability disclosures to the PRA by October 2020 and made them public by June 2021. In June 2022, the BoE published the results of the first assessment of resolvability, with the next assessment due to take place in 2024.

Resolution

The SRR gives the UK authorities powers to resolve a failing bank (or banking group company). It consists of five stabilisation options:

• transfer to a private sector purchaser;
• transfer to a bridge entity;
• an asset management vehicle tool;
• a bail-in tool; and
• transfer to temporary public sector ownership.

It also includes a modified bank insolvency procedure that facilitates the FSCS in providing a prompt payout to depositors or a transfer of their accounts to another institution, and a bank administration procedure, for use where there has been a partial transfer of business from a failing bank.

The SRR tools may only be deployed in the following circumstances:

• where a bank is failing or likely to fail;
• where it is not reasonably likely that action will be taken that would result in the bank recovering; and
• where the exercise of resolution powers is in the public interest.

In exercising the stabilisation powers, the resolution authority (generally the BoE, although temporary public ownership is reserved to HM Treasury) is required to have regard to a number of resolution objectives, including ensuring the continuity of banking services, depositor and client asset protection, financial stability and the need to avoid interfering with property rights.

On entry into resolution, the SRR requires the BoE to write down equity and write down or convert other capital instruments into common equity. The BoE has discretion to select the appropriate resolution tool to apply to resolve the bank. The main resolution tools are:

• bail-in – the write-down of the claims of the bank’s unsecured creditors (including holders of capital instruments) and conversion of those claims into equity as necessary to restore solvency to the bank, which is intended to be applied to large banks;
• transfer to a private sector purchaser or bridge bank – the transfer of all or part of a bank’s business to another bank or to a temporary bank controlled by the BoE, which is intended to be applied to smaller banks; and
• finally, the modified insolvency regimes for the smallest banks.

Nationalisation is also provided for within the SRR framework as a last resort.

The regime carries with it a number of ancillary powers to enable the transfer of property, to stay default and other rights, and to take other action supporting resolution. Because these potentially affect property and other rights, the framework includes a number of safeguards, including a “no creditor worse off” provision designed to ensure that creditors and other stakeholders in the process are no worse off as a result of the resolution than they would have been had the bank been put into liquidation at the point of the resolution.

Insolvency Preference

Consistent with the requirements of the EU BRRD (as implemented in the UK), the UK insolvency framework includes depositor preferences. These prefer covered deposits (deposits protected by the FSCS). Eligible deposits (deposits by persons eligible for FSCS coverage over the FSCS limit) and deposits made by natural persons and micro, small and medium-sized enterprises that would be eligible deposits if they were taken in the UK are subordinate to covered deposits but rank ahead of other senior claims.

The Financial Services and Markets Bill (FSMB Bill)

The FSMB Bill was introduced to Parliament in July 2022. Following a consultation on the optimal structure for UK financial services post-Brexit, the FSMB Bill is intended to create the legislative and institutional architecture to support a move away from onshored EU legislation towards the historic approach taken under FSMA, whereby primary responsibility for regulation is delegated to the UK regulatory authorities, subject to the oversight of Parliament.

The FSMB Bill will establish a framework to revoke retained EU law relating to financial services, and will enable HM Treasury and the UK financial services regulators to replace it with legislation and, more commonly, regulatory rule sets designed specifically for the UK, to deliver a comprehensive FSMA model of regulation. Outside the post-Brexit agenda, the FSMB Bill also makes a number of other changes that reflect ongoing international developments (eg, critical outsourcing), and deals with some gaps in the existing UK regulatory framework (eg, around approval of financial promotions).

Depositor Protection

The PRA recently published its policy statement regarding the deletion of the continuity of access rules in its Depositor Protection Part of the PRA Rulebook and the deletion of the Dormant Account Scheme Part of the PRA Rulebook. The changes came into force on 30 November 2022. The PRA is expected to publish an additional policy statement in 2023 in respect of the other proposed changes to its depositor protection framework consulted on in September 2022.

The changes are intended to reduce the complexity and the costs of compliance associated with these requirements, which were initially designed to ensure depositors’ access to deposits and banking services during the resolution of a deposit-taking firm. The BoE and the PRA are expected to consult on new rules aimed at improving depositor outcomes in a bank insolvency scenario.

Strong and Simple Initiative

The PRA is seeking to mitigate the “complexity problem” that arises when the same prudential requirements are applied to all firms, and aims to achieve this through its “strong and simple” initiative that would seek to simplify the prudential framework for non-systemic domestic banks. In its consultation paper of April 2022, the PRA sets out its proposal for a definition of a “Simpler regime Firm”. The PRA expects to consult on other aspects of the strong and simple initiative in early 2023 and to publish a policy statement on the definition of a Simpler regime by early 2023.

In addition to their international engagement and initiatives, the BoE and the PRA have in recent years started considering climate-related risks and their potential impact on the UK financial stability. In particular, the BoE is committed to ensuring that the UK financial system is resilient to the risks from climate change and has made a ten-part pledge to advance the climate agenda across its strategic priorities.

The PRA has included climate change in its core supervisory approach from 2022 and aims to supervise firms in line with its expectations. In October 2022, the PRA published a “Dear CEO” letter regarding, among other things, the thematic review on the PRA’s supervision of climate-related financial risk. The PRA expects firms to continue improving their compliance and risk frameworks by incorporating climate considerations in their governance and risk management processes.

Furthermore, in October 2021 the BoE published a Climate Change Adaptation Report, which considered climate risks and regulatory capital regimes. The UK regulators are expected to further progress their analysis of prudential requirements applicable to UK banks in respect of climate risks in the near future.

The UK government announced in 2020 that UK financial institutions (including banks) will be required to make mandatory climate-related disclosures compliant with the Task Force on Climate-related Financial Disclosures (TCFD) recommendations by 2025. Some of these disclosure requirements are expected to come into force sooner than that, and firms should be prepared to update their client-facing documentation in line with the new requirements in due course.

In October 2022, the FCA published a consultation paper regarding the UK’s sustainability disclosure requirements (SDR) and investment labels, with a view to protecting UK consumers and ensuring that trust is not eroded in sustainable investment products as a result of greenwashing. While many of the proposed SDR requirements are not yet applicable to banks, the general “anti-greenwashing” rule will apply to all UK-regulated entities and “reiterates existing rules to clarify that sustainability-related claims must be fair, clear and not misleading”. The regime is expected to be expanded in the future, and the prudent approach would be for UK banks to monitor developments in this space.