VREQs and OIREQs: Differences, Management and FCA Regulations

Introduction

Recent enforcement actions by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) emphasize the importance of effectively managing regulatory interventions, particularly with Voluntary Requirements (VREQs) and Own Initiative Requirements (OIREQs). For firms regulated by the FCA and PRA, understanding and complying with VREQs and OIREQs is crucial to avoid breaches that could lead to severe penalties. This article provides a comprehensive guide on VREQs and OIREQs, offering key lessons for firms on managing these regulatory tools effectively.

Source

[1]

Financial promotions data 2022

This page analyses the data, between 1 January 2022 to 31 December 2022, resulting from action taken against authorised firms breaching financial promotion rules and referrals and investigations into unregulated activity.

FCA

[2]

FCA OIREQ/ OIVOP and Enforcement investigations data - May 2021

The FCA provides data about FCA cases on OIREQ /OIVOP and Enforcement investigations into insider dealing.

FCA

What are VREQs?

Voluntary Requirements (VREQs) are regulatory tools used by the FCA or PRA where firms voluntarily agree to specific conditions imposed by the regulator. VREQs are often negotiated between the firm and the regulator to address operational issues that could harm consumers or the financial system. By agreeing to VREQs, firms can show a proactive approach to compliance, taking corrective actions without facing formal enforcement proceedings. However, VREQs are publicly recorded on the FCA register, which can impact a firm’s reputation and regulatory standing. The use of VREQs has surged by 95% since 2019/20, reflecting the FCA’s intensified use of early intervention powers to manage regulatory risks proactively.

VREQs are commonly used when the FCA identifies control weaknesses, governance failures, or emerging risks that need addressing to prevent further escalation. For firms, VREQs offer a collaborative route to compliance, allowing them to resolve issues with regulatory oversight but without the more severe implications of enforcement. However, firms must ensure robust monitoring and compliance with VREQs, as any failure to meet these voluntary commitments can still lead to significant reputational and regulatory consequences.

What are OIREQs?

Own Initiative Requirements (OIREQs) are regulatory actions imposed directly by the FCA or PRA without the firm's consent, using the regulator’s own initiative powers. OIREQs are deployed when the FCA or PRA deems immediate intervention necessary to prevent significant harm due to misconduct, governance failures, or risks that threaten market integrity or consumer protection. OIREQs are stricter than VREQs and reflect the FCA’s commitment to swift regulatory action where firms pose a substantial threat.

OIREQs are typically announced through a ‘First Supervisory Notice,’ making the requirements public and often drawing significant media attention. This public disclosure can severely impact a firm’s reputation, highlighting the seriousness of the regulatory concerns involved. The number of OIREQ cases has increased by 183% since 2019/20, showcasing the FCA’s growing reliance on OIREQs to address urgent regulatory issues effectively.

OIREQs can mandate firms to halt specific business activities, implement immediate control enhancements, or restrict certain financial products, often without prior negotiation. This reflects the FCA’s strategic priority to act decisively against firms that compromise market stability or consumer protection. For firms, compliance with OIREQs is critical, as these requirements are non-negotiable and any failure to adhere can lead to severe enforcement actions. Managing OIREQs effectively is essential for maintaining regulatory compliance and mitigating further regulatory risks.

Key Differences Between VREQs and OIREQs

Consent: VREQs (Voluntary Requirements) involve a voluntary agreement by the firm, where the firm consents to specific conditions imposed by the regulator. In contrast, OIREQs (Own Initiative Requirements) are imposed unilaterally by the FCA or PRA without the firm's consent, reflecting the regulator’s authority to enforce compliance swiftly when necessary to protect market integrity or prevent consumer harm.

Negotiation: VREQs provide firms the opportunity to negotiate terms with the FCA or PRA, allowing some level of input on how the requirements will be structured and implemented. This negotiation can enable firms to shape VREQs in a way that aligns with their operational capabilities while addressing regulatory concerns. However, OIREQs are non-negotiable, imposed directly by the regulator without firm input, and must be complied with immediately. OIREQs reflect the FCA’s intent to act decisively, particularly when negotiations have failed or immediate action is required.

Severity of Issues Addressed: OIREQs are typically used to address severe or immediate risks, such as serious misconduct, governance failures, or substantial threats to consumers or market stability. VREQs are generally preventive, aimed at resolving less critical issues through voluntary compliance. The FCA often resorts to OIREQs when there is a clear and urgent need to protect the financial system or consumers from significant harm.

Public Disclosure: Both VREQs and OIREQs can be made public, but OIREQs are frequently disclosed through Supervisory Notices, highlighting severe regulatory concerns and signaling the FCA’s commitment to transparency. This immediate publication increases reputational risks for firms, as it draws public and media scrutiny. VREQs, although also recorded publicly, are often perceived as proactive measures, mitigating some reputational damage compared to OIREQs.

Regulatory Implications: Firms must carefully manage VREQs and OIREQs as these tools align with the FCA and PRA’s broader strategy of assertive regulation. The FCA’s recent adjustments to its decision-making processes, including transferring authority to its executives and bypassing the Regulatory Decisions Committee (RDC), have streamlined the use of own-initiative powers. This approach allows the FCA to act faster but raises concerns about fairness, as firms now have limited recourse to challenge OIREQs once imposed. This evolution highlights the critical need for firms to implement robust compliance systems and maintain strong internal controls.

Governance and Internal Controls: The FCA’s ability to swiftly impose VREQs and OIREQs emphasizes the importance of effective governance and internal controls. Firms are expected to have clear documentation, proactive compliance monitoring, and coordinated internal processes to manage these regulatory interventions effectively. The FCA’s focus on assertive actions, including unannounced visits and direct impositions, underscores the need for preparedness, as failing to manage VREQs and OIREQs can lead to further enforcement actions, reputational damage, and financial penalties.

Managing VREQs and OIREQs

1. Respond Early and Open a Dialogue with the Regulator
Engaging early with the regulator when facing a potential VREQ or OIREQ is vital for effective compliance management. The FCA and PRA often show a willingness to discuss the terms and wording of VREQs, providing firms with an opportunity to understand the practical implications of these requirements. Early dialogue allows firms to negotiate terms and propose alternative measures that might address the regulator’s concerns without imposing formal restrictions. Timely and accurate responses to regulatory inquiries are crucial, as delays or misunderstandings can lead to an OIREQ being imposed unilaterally, bypassing the chance for negotiation. This is particularly important given the FCA's streamlined decision-making process, which increasingly relies on direct executive action rather than the traditional Regulatory Decisions Committee (RDC) route.

• Understand the Regulator’s Concerns: Be clear on the reasons behind the VREQ or OIREQ. Understanding the underlying issues helps in crafting responses that align with the FCA's expectations, especially given the regulator's recent shift towards quicker executive-level decisions.
• Negotiate Terms: Actively participate in negotiating VREQ terms to ensure the requirements are feasible and implementable. By highlighting practical challenges early, firms can avoid agreeing to terms that could later lead to compliance difficulties, especially under the more stringent framework of OIREQs.
• Explore Alternatives: Before accepting a VREQ or facing an OIREQ, consider alternative solutions that might satisfy the regulator’s objectives. Proposing effective controls or risk mitigation strategies can help prevent the escalation to formal enforcement, aligning with the FCA's focus on proactive regulatory engagement.

2. Document the Governance Framework for Compliance
A robust and documented governance framework is essential for managing compliance with VREQs and OIREQs. This framework should clearly outline the steps for implementing and monitoring compliance, detailing specific policies, procedures, and oversight mechanisms. The FCA and PRA expect firms to maintain a comprehensive audit trail of their decision-making processes, especially when responding to regulatory interventions. As the FCA has shifted much of its decision-making power to its executives, having a well-documented governance structure is more important than ever to demonstrate accountability and compliance.

• Create Detailed Documentation: Outline all steps, responsibilities, and processes involved in complying with VREQs and OIREQs. Given the FCA’s transfer of decision-making authority to senior executives, detailed documentation is crucial for internal tracking and responding to regulatory scrutiny.
• Assign Clear Roles and Responsibilities: Define specific roles within the organization responsible for compliance, from implementation through ongoing monitoring. Involving senior management is key, as the FCA emphasizes accountability at all levels, especially when dealing with VREQs and OIREQs.
• Regular Reviews and Updates: Continuously review and update the governance framework to reflect changes in the regulatory environment or business operations. The FCA’s evolving approach demands that governance structures remain agile and responsive to new challenges.

3. Ensure Clear Internal Communications and a Joined-Up Approach

Clear internal communication is critical when implementing VREQs and OIREQs, as these requirements often involve multiple departments such as compliance, legal, IT, and operations. Without proper coordination, implementation failures and misunderstandings can occur, jeopardizing compliance. The FCA’s stance on swift and assertive regulatory action means firms must synchronize their communication strategies to ensure consistent and aligned responses.

• Simplify Technical Jargon: Translate regulatory and technical terms into straightforward language to ensure all stakeholders fully understand the compliance requirements. This clarity is vital given the FCA’s preference for precise and rapid responses, especially in OIREQ scenarios.
• Conduct Walkthroughs: Host walkthrough sessions to review the practical steps required for implementing VREQs or OIREQs. Collaborative reviews help identify potential issues early, ensuring that the firm’s response aligns with regulatory expectations.
• Foster Collaboration: Encourage cross-functional collaboration to develop a cohesive implementation strategy. The FCA’s focus on rapid action means that internal silos can significantly hinder effective compliance with VREQs and OIREQs.

4. Pre-Implementation Testing

Conducting thorough pre-implementation testing is crucial before fully adopting a VREQ or OIREQ. This testing identifies potential gaps or issues within the firm’s systems and controls, ensuring that the requirements can be effectively met without unforeseen complications. The FCA’s increased use of early interventions highlights the necessity for firms to be resilient and prepared, with robust testing protocols that demonstrate proactive compliance.

• Robust Testing Procedures: Develop testing protocols that simulate the actual conditions under which the VREQ or OIREQ will operate. This approach is essential, as the FCA may closely examine testing records to verify that compliance measures are both effective and comprehensive.
• Document Testing Results: Keep detailed records of all testing activities, including issues found and the corrective actions taken. Such documentation is often requested by the FCA, particularly in the context of OIREQs, where evidence of diligence is crucial.
• Continuous Testing: View testing as an ongoing requirement rather than a one-time task. Continuous testing allows firms to adapt quickly to new regulatory challenges and ensure that compliance remains robust over time.

5. Consider All Practical Implications

When implementing a VREQ or OIREQ, firms must consider how these requirements will impact every aspect of their business, including products, services, systems, and group entities. A comprehensive view helps avoid oversights that could lead to non-compliance. With the FCA’s focus on assertive and rapid interventions, a thorough understanding of all practical implications is essential to avoid further regulatory action.

Best Practices:

• Cross-Functional Workshops: Conduct workshops and brainstorming sessions to identify potential loopholes or unique scenarios that could affect compliance. Involving diverse teams ensures that responses to VREQs and OIREQs are thorough and well-considered.
• Scenario Planning: Develop various scenarios, including worst-case outcomes, to ensure that all angles are covered. This aligns with the FCA’s expectation for firms to anticipate and mitigate potential compliance risks proactively.
• Involve All Relevant Stakeholders: Engage stakeholders from across the business to gather a comprehensive view of the impact of VREQs and OIREQs. Ensuring broad participation helps to identify critical areas that might otherwise be overlooked.

These strategic approaches to managing VREQs (Voluntary Requirements) and OIREQs (Own Initiative Requirements) highlight the critical importance of being proactive and prepared in a regulatory landscape marked by assertive and rapid FCA interventions. The growing focus of the FCA and PRA on VREQs and OIREQs underscores the need for firms to establish robust compliance measures and engage proactively with regulators. As OIREQs become more prevalent, early communication with the FCA and PRA is crucial for negotiating terms and addressing concerns before formal actions are imposed.

Implementing clear governance frameworks is essential for managing VREQs and OIREQs effectively. These frameworks should outline the firm’s compliance processes, define roles, and ensure accountability across all departments, including compliance, legal, IT, and operations. The FCA’s shift towards faster, executive-level decision-making in imposing VREQs and OIREQs emphasizes the need for strong documentation and seamless coordination across all business functions.