A review of the controls at firms that administer financial benchmarks by the U.K.’s Financial Conduct Authority (FCA) found a number of deficiencies that could undermine their operations — and, ultimately, impact investor confidence in the benchmarks they produce.
On Monday, the regulator published the results of its examination of data quality controls in the benchmarks sector, which found that while there were some good practices at each firm, overall the industry’s practices don’t “consistently support a robust control environment.”
Specifically, the review examined firms’ practices when onboarding data suppliers, their oversight of data quality, firms’ resilience and incident response plans, governance and their awareness of emerging risks — finding shortcomings across the industry overall.
“Gaps in control frameworks increased the risk of inaccurate benchmarks being produced with the potential for harm to end-users,” the report noted. “Weaknesses in controls create vulnerabilities for the firms themselves, including reputational and commercial damage.”
The FCA noted that in some cases, firms’ data controls haven’t kept pace with their product development, resulting in potential operational harm to the firms “due to the increased numbers of errors and the resource lost in investigating and resolving these.”
The regulator also reported that when it comes to data oversight, it couldn’t always understand how oversight translated into action.
“In some cases, actions were being taken due to early identification of potential risks, while in others it was less clear that the oversight arrangements had led to specific changes or improvements,” it noted.
Additionally, these changes weren’t always well documented, it said.
The FCA also flagged concerns with firms’ contingency plans.
“Resilience appeared less effective when contingency plans for data availability and integrity were less comprehensive or unlikely to be scalable,” it noted.
Additionally, the regulator found that assurance arrangements “varied greatly” between firms, “often appearing fragmentary and disjointed.”
“In some firms, the assurance around technical controls appeared weak, with risk oversight difficult to measure beyond the first line,” it said.
Finally, the shifting risk environment has also posed a growing challenge to benchmark firms, it noted.
“Increased market volatility and changes in market dynamics create challenges to firms’ operations or may undermine their resilience,” it said. “We didn’t consistently see evidence that firms’ control frameworks, including policies and processes, were evolving to address new and emerging risks.”
These emerging threats included both internal risks, such as new product development, and external risks, including the growth of novel technologies such as generative AI.
The report also provided guidance to the industry on proposed good practices to ensure controls are adequate. It called on senior management at the firms to consider these findings and their potential application to their own operations.
“Addressing any weaknesses in data quality should help firms gain confidence in, and better demonstrate, the effectiveness of their arrangements in these additional areas, as well as strengthening their overall operational resilience,” the FCA said. It added that it will continue work in this area over the next couple of years.