Wholesale banks supervision

Share buybacks have grown in popularity, with FTSE-350 issuers buying back nearly £80bn of their shares between January 2023 and June 2024.

Using extensive data, our work looked at how banks structure, market and execute buybacks. We did not find material concerns with the outcomes banks delivered.

Our report[3] shows what we did and what we found.

This review examined gifts and entertainment given by brokers to wholesale banks to assess the operation of the above control.

What we did

We analysed gift and entertainment registers from a sample of wholesale banks and wholesale brokers covering a four-month period. This allowed us to compare records of gifts and entertainment received versus given. We also reviewed policies and procedures associated with gifts and entertainment as well as breach logs.

What we found

• Most entries on registers involved entertainment rather than gifts.
• A higher number of instances of entertainment recorded as being given by brokers to wholesale banks, compared to a lower number of instances of entertainment recorded as received by wholesale banks from brokers. This was a consistent pattern.

For example, one wholesale bank had a policy requiring all broker-provided entertainment to be declared regardless of value, yet our analysis found discrepancies:

• For the relevant period, the bank recorded around 150 instances of entertainment received from brokers.
• But brokers in our scope reported around 500 instances of entertainment being given to the bank.
• Many of these were low value.
• Brokers provided 93 instances of entertainment over £100 with only 9 of these being declared by the bank.
• The highest value entertainment we saw brokers providing was between £300-400 although given our conservative assumptions in analysing the data, the true value could be higher.
• We observed groups of employees being given the same entertainment but none recording it.
• We identified individuals receiving more than one instance of entertainment but not declaring any of them. The highest number we identified was 19 separate instances of entertainment received by one individual from the same broker. None were declared.
• This firm had issued 39 policy reminders through this period.

Key questions for firms to consider: 

• Are firms confident in the clarity of their policies and procedures for gifts and entertainment given and received?
• Why are groups of employees failing to record entertainment received? What does this indicate?
• Crucially, where there are breaches known to firms, senior management may want to consider whether they are concentrated in a particular area and also to judge whether undeclared entertainment has given rise to negative outcomes for clients or markets.
   

We examined conflicts of interest registers and breach data relating to conflicts of interests across 7 wholesale banks.

In most, we saw scenarios being added to reflect changes in business scope, eg expansion into new markets/products. One firm had not added any new business-related scenario for 3 years. In such circumstances, senior management may wish to challenge whether this reflects the firm’s business activities.

Breach data primarily involved internal policy violations put in place to manage conflicts of interest, such as committing to transactions before obtaining full conflicts clearance. One firm stood out in being the only one not to have recorded any such breaches over a 3-year period. In such circumstances, firms may wish to challenge whether their controls are as strong as the data suggests.

We reviewed 11 firms to assess their efforts to strengthen frameworks for managing off-channel communications.

We found that all firms in our sample had made improvements in the past 2 years.

Firms continue, however, to see breaches of their internal policies. They occurred across all staff grades with 41% involving individuals at the director grade or above.

Care needs to be taken when interpreting the breach data. For example, a breach of a firm’s internal policy may not represent a breach of FCA requirements. Consideration should also be given to the size of the organisation.

See our findings[4].

Separate to the above work, we have observed examples of non-compliance with policies on the use of personal mobiles on the dealing floor. In one example, despite concerns being raised previously, a formal compliance inspection – as opposed to first line management – was required to address the non-compliance. As well as raising concerns around the firm’s ability to ensure all in-scope conversations are recorded, this potentially highlights a wider issue around first line culture when non-compliance is not acted upon.

Our work shows that while arrangements across the industry have improved, certain issues persist.

Title Transfer Collateral Arrangements (TTCA)

Some firms misuse TTCAs by:

• Holding all client funds or assets under a TTCA without an actual client obligation.
• Failing to monitor customer obligations properly.
• Holding money or assets under TTCA without appropriate agreements in place.

Change management

Frequent corporate transactions and technological advancements have increased the pipeline of change activity. We have seen a significant rise in CASS breaches due to:

• Insufficient CASS consideration at the scope and planning stage.
• Lack of testing, impact analysis, and ongoing scrutiny throughout the programme lifecycle, including post implementation reviews.
• Weak oversight and challenge of change programmes at third-party administrators.

Interest on client money

Our enhanced scrutiny has uncovered more CASS breaches related to delays in allocating client money interest. Firms must ensure their approach aligns with client money rules, the client's best interests’ rule (COBS 2.1), and the Consumer Duty.

IT control framework

An increased number of CASS breaches in firms’ annual reasonable assurance reports highlight IT control failures. A strong operational environment, which is required to comply with CASS, depends on a secure IT framework. We have seen firms suffer system hacks, outages, and loss of access to their books and records – emphasising the need for robust IT controls.

Reconciliations

Aside from using external data to populate internal records, common CASS reconciliation failures include:

• Missing or unclear break narratives, making discrepancies hard to trace.
• Excluding accounts with zero balances from reconciliations.
• Misunderstanding internal client money reconciliation rules and margin transaction requirements.
   

Market Watch 79[6] outlines our peer review of firms’ front-running surveillance models, noting that some lacked specific policies.

Other relevant reports include:

• Market Watch 80[7] – Dealing with overseas clients
• Market Watch 81[8] – Transaction reporting
• Primary Market Bulletin 54[9] – Strategic leaks and unlawful disclosure

Key lessons from firms’ responses to the CrowdStrike outage[10] and their preparedness for future incidents.

Findings from our culture and non-financial misconduct survey[11] – examining how firms, including wholesale banks, detect and handle misconduct. These insights have informed further supervisory work on firm engagement with the results.

The FCA published findings on money laundering in financial markets[12], primarily focused on brokers but also relevant to wholesale banks. Deficiencies in financial crime controls remain a key driver of supervisory cases in wholesale banking.