Introduction
On 13 December 2024, the Financial Conduct Authority (the FCA) published a “Dear CEO” letter related to the FCA’s “Custody and Fund Services Supervision Strategy.” The letter sets out the FCA’s expectations of an UK authorised firm that act as a custodian, depository of authorised and unauthorised funds, and a third party administrator (providing fund accounting and transfer agency services) (the Sector Firms).
Areas of supervisory focus
Key areas of supervisory focus include:
Operational resilience: the FCA expects strong ownership of operational resilience by governing bodies and senior management for Sector Firms that fall within the scope of the new operational resilience rules (or have voluntarily opted to comply). Such firms should review and approve annual operational resilience self-assessments as outlined in the FCA policy statement, PS21/3, and complete their mapping and testing to provide assurance that they are able to remain within impact tolerances by 31 March 2025. The FCA expects firms to:
- evidence prompt deployment of incident management plans;
- prioritise important business services to reduce operational and client impact;
- maintain detailed mapping of delegation arrangements to ensure there is a clear understanding of underlying exposures; and
- implement processes to facilitate clear communication with the FCA, where required.
Sector Firms should expect active engagement with the FCA as they intend to undertake focused assessments on “how firms have coordinated with clients and third parties to drive cross sector resilience”.
The FCA is considering whether to extend the scope of the operational resilience rules to a broader category of firms, therefore, firms that currently fall outside of scope of PS21/3 should treat the rules and guidance as examples of best practice...
and then 