Inside the FCA's Brexit Plans: Nausicaa Delfas, Executive Director of International

Regulators’ jobs are incredibly complex under typical, day-to-day circumstances. Add in the political cloudiness of an uncertain Brexit and already-difficult regulatory responsibilities become formidable. 

Fortunately, Nausicaa Delfas is well-positioned for the task. 

As the Financial Conduct Authority’s (FCA’s) first executive director of international, Delfas is responsible for delivering the UK regulator’s official position on one of the most complex breakups in political history. To captain the FCA’s ship safely through Brexit, Delfas must assess technological strategies, consider data management and weigh out the risks tied to each decision. 

The role is broad and sounds daunting, but Delfas says it was a natural fit. 

“I have always had an international outlook. I’m of Greek heritage and bilingual, so I have always been drawn to international work,” says Delfas, from a seat at a conference table within the FCA’s new offices in Stratford, London. 

Her role fuses the three disciplines in which she is skilled: the law, regulatory affairs, and corporate operations. Starting out as a solicitor at Magic Circle law firm Freshfields Bruckhaus Deringer, she practiced European competition legislation and financial services law, later working on the other side of the tracks, as a regulator for the Financial Services Authority (FSA) in 2000. Delfas headed up the department for enforcement, policy, and supervision at the FSA for 12 years, before it split into the FCA and the Prudential Regulation Authority in 2013. Following that reestablishment, she swiftly climbed up the ranks at the FCA, becoming its COO in 2016. “I have tended to be attracted to opportunities where there was a reason to be innovative—setting up new areas, building up new teams and then delivering on that,” says Delfas.

Responsible for strengthening the FCA’s relationship with its global counterparties, determining policies and delivering its position on Brexit, Delfas is involved in the building and implementation of new systems to support the UK’s transition to its new environment, both outside of the EU and the regulatory oversight of the European Securities and Markets Authority (Esma). These systems are being developed to accept regulatory reporting data, provide market surveillance and enable the passporting of services and funds into the UK. These technologies form the backbone of the FCA’s services, and their success is crucial to helping the regulator prepare for any Brexit outcome that unfolds. 

“We have had to prepare for all scenarios, including the possibility of no deal, and so if there is not a deal, we will need to switch these [systems] on,” says Delfas. 

The Bedrock

Since its establishment in April 2013—and before, in its previous form as the FSA—the FCA has had to build technology systems to accurately monitor UK market abuse and enforce regulatory compliance. It is responsible for regulating approximately 58,000 firms across financial services and the financial markets and functions as the prudential regulator for over 18,000 of those firms. Over the last six years, the FCA has encountered huge challenges regarding the implementation of rules and directives, most notably Mifid II—of which it was a key architect through Esma committees—and which it is responsible for implementing under UK law as the country’s National Competent Authority. 

One of the more notable decisions that the regulator made in response to this challenge was to partner with French vendor Sopra Steria to develop the Market Data Processor (MDP) to capture, validate and support millions of transaction reports and reference data from investment firms each day. Between the platform’s launch on Mifid II’s January 3, 2018, implementation date, and October 1, 2018, the MDP processed more than 6 billion Mifid II transactions. The processor is built on cloud infrastructure and according to Delfas is one of the first iterations of a regulator turning to the technology to support critical reporting services. 

As Brexit developments unfold, the FCA has had to bolster the MDP’s resilience and capacity in order to deal with the anticipated influx of reports from UK counterparties.

“Mifid II is one of the biggest regulatory projects that we have had in recent times and we are working through the transition [and transfer] of the transaction reporting data, whereas instead of going to Esma, the [UK] reporting firms come to us,” Delfas explains. 

The FCA is currently working on six different technology projects that are “making good progress,” says Delfas. Much of its technical lift is due to the shift in regulatory responsibility and supervision that will be handed over once the UK leaves the EU. In the event of a hard Brexit, the FCA is developing systems to regulate credit rating agencies (CRAs) in the UK. When required, the new platform will have the ability to register, process and supervise CRAs to minimize disruption on exit day. 

In February 2019, the FCA announced that it had built a Financial Instruments Reference Database (Firds) to replace Esma’s platform. Firds is a data collection infrastructure that records all of the financial instruments being reported by trading venues in a harmonized format. The reference data is used to provide market transparency, indicate liquidity thresholds and help firms determine reporting obligations. Firds is built on the new Esma schema and the two databases are expected to be identical on day one of the UK’s departure from the EU. 

The FCA platform will leverage a different search engine, using Amazon’s Elastic Search, with the inclusion of minor changes to fields. For example, it will remove the “relevant competent authority” field, as it will no longer be required for the UK jurisdiction. The FCA has already begun feeding live production data into the database as of early March in order to have a full record of instruments ahead of the Brexit deadline. Delfas explains that from March 14 onward, the industry has been able to test the FCA’s Firds publishing technology that enables users to download and reference files. 

“We have been working with the industry to make sure that the connection between the industry and us will work, and it is quite a challenge,” she adds.

According to Delfas, the relationship between regulators and technology is an “active partnership” in ensuring the safety and security of all incumbents, requiring the FCA to invest in innovative technologies and keep pace with the rest of the industry. 

New Tech

Like its colleagues abroad and the industry it regulates, the FCA has been tasked with processing unprecedented volumes of data in recent years, putting pressure on its onsite resources. Late last year, it announced that it would be extending its partnership with Sopra Steria, which will provide application maintenance services across all of its major systems and assist in the regulator’s migration to the cloud. Supported by other vendors as well, the FCA is aiming to complete its migration project by 2022.

“The FCA has always been in a position where there is constant change, whether it is a change in scope or implementing other directives. So, one of the strategic approaches that we are taking at the FCA is our transfer to the cloud,” explains Delfas. 

The move to the cloud has been the direction of travel for the FCA over the past four to five years, as the regulator aims to upgrade its IT systems and allow for scalability when implementing new rules. One of the first challenges was the consumer credit regulations implemented in April 2014, which handed supervision of these firms to the FCA and required it to oversee more than 50,000 new firms, recalls Delfas. Now, much of the work around consumer credit has been moved to the cloud in an effort to not only manage the services but improve how they operate. 

To date, more than half of the FCA’s systems and operations have been shifted to the cloud. Over the next two to three years, the regulator aims to gradually remove its reliance on contracted datacenters. Delfas explains that this roadmap will open up a range of opportunities to leverage the cloud’s infrastructure and create bespoke technology roles such as specialized cloud engineers and data scientists. 

“It will have other benefits, such as reducing cyber and operational risks, as well and enabling us to be nimble and innovative going forward as an organization,” she adds. 

The FCA’s technological investments go beyond the cloud. The regulator uses Nasdaq’s Smarts platform for market surveillance and monitoring regulatory compliance. Utilizing machine-learning capabilities and pre-configured detection algorithms, the technology can identify abusive behaviors from a vast pool of data, aggregated from multiple asset classes and trading venues—including lit and dark venues. The platform then creates insights and alerts based on its discoveries. The FCA team uses Smarts to put each alert in chronological order, to create a picture of the events that happened that day or across a series of days, allowing a view “across venues and across time,” which Delfas says is “a significant development.” 

“As [data] volumes have increased, [Smarts] has enabled us to then do some ad-hoc analysis and data analytics on these Mifid II data sets. I think it is important from the FCA’s perspective because it enables us to discharge our objectives on market integrity better than before,” says Delfas. 

Hedging Risks

While new technologies, such as artificial intelligence and cloud computing, continue to creep into the day-to-day operations of industry firms and regulators, one of the leading concerns is the growing dependence on third-party providers and the tech giants of Silicon Valley. On February 14, the Financial Stability Board published a report titled Fintech and Market Structure in Financial Services. It discussed how cost pressures are causing financial institutions to turn to big tech providers such as Google, Amazon Web Services, or Microsoft Azure—potentially exposing them to a new breed of risk regarding cloud concentration and over-reliance on outsourced technology. Delfas explains how the FCA is largely supportive of the services offered by cloud and the opportunities that the technology provides but acknowledges that it is not free from risks.  

“It is another form of outsourcing and from the regulatory perspective, it is the regulated firm that remains responsible for the security of its data and for its outsourcing arrangements,” says Delfas. 

As more of the industry warms to the idea of cloud technology, Delfas says further discussions are forthcoming, pertaining to operational resilience and cyber security when outsourcing important services to third parties. 

“I think the issue on concentration risk is one that we have to continue discussing going forward. The reality is that the cloud isn’t just one thing. There are many different arrangements between firms and cloud providers, and it is something that I think needs further discussion as to what the risk is and how it can best be managed,” she adds. 

In addition to its various platforms and cloud migration efforts, Delfas is also helping to lead the FCA’s charge on its international cybersecurity strategy. Cyber resilience and cross-border security collectively remain some of the biggest challenges facing financial institutions today. The FCA is actively involved in the G7 Cyber Expert Group, where it is working on a range of crucial issues, such as third-party risk, resilience testing, managing attacks, data integrity, and information sharing. 

The emergence of cybersecurity as one of the extant risks of modern markets is symptomatic of the way in which technology has increasingly come to the fore for the FCA and other agencies like it, both as users and regulators. Looking back over a decade ago, the industry and its watchdogs were fixated on post-financial crisis reforms but today, the biggest challenges may lie where the old meets the new. 

“Looking forward, a lot of the challenges will be around modern technologies, and both the opportunities and risks that they bring,” says Delfas. 

In 2019, firms are still tackling the age-old problem of legacy systems, she explains, which edges the door open for operational risks and cyber-attacks, while the uptake of advancing technologies means the newest threat to disrupt the industry is likely to come in the shape of new tech.

Yet, the greatest bugbear of the markets—and often the cause of instability—has long been uncertainty. And nothing is more uncertain than the divorce of the UK from the EU over the next few months.

The Looming Deadline

The deadline for the UK’s departure from the EU was intended for March 29 when Prime Minister Theresa May triggered Article 50, but at the time of writing, the evolving political climate has cast doubt on whether this will remain the official date of exit from the European Union. 

Despite this uncertainty, the FCA announced on February 1  that it had been given temporary transitional powers by HM Treasury to onshore existing EU financial regulations into the UK rulebook for a maximum of two years, at the point of exit and in the event of a no-deal scenario. To allow firms time to adapt to changes, not all regulations will be enforced immediately, and some will be phased in, although those vital to detect market abuse will be effective on day one. These include provisions within the Market Abuse Regulation, Mifid II and the European Market Infrastructure Regulation. As a result, UK firms will have to adjust their systems to be ready to redirect their reporting data to the FCA or a relevant trade repository (TR) in their jurisdiction, in order to remain compliant in a post-Brexit environment. 

“Being appreciative of the fact that there is not much time for firms to make those changes, the government has given us transitional power to waive or modify some of those rules. We have issued a statement that explains that we will, for the most part, waive those rules to start with but there are certain aspects that we expect firms to change immediately,” says Delfas.

Challenging though it may be, the technical burdens of Brexit don’t begin and end with counterparty firms. As it stands, regulators in both the UK and EU may encounter limitations to data sharing in a no-deal scenario. In the absence of a withdrawal agreement, the UK regulator would cease transferring data to Esma, and would no longer have access to the EU regulator’s IT applications and databases. To prevent the cutoff of all data flowing between regulators, some measures have been taken. In February, the FCA agreed memorandum of understanding (MoUs) with Esma and the EU27 NCAs to enable the continued cooperation and exchange of cross-border information, and the continued oversight of credit rating agencies and trade repositories. Similarly, other MoUs have been put in place to ensure UK central counterparties (CCPs) will be recognized as equivalent under EU legislation, in order to mitigate catastrophic disruption to global derivatives markets. 

“Our consultation papers reached almost 2,000 pages and there are a lot of changes we have had to put through,” says Delfas. “So as a starting point, should we exit at the end of March, we will have a complete rulebook with everything onshored.”

The FCA has also introduced measures to support cross-border business operations. On January 7, the regulator opened its application window for the temporary permissions regime (TPR), which will enable qualified trading and reporting firms from the European Economic Area to continue passporting its business and services in the UK for a limited period until they are fully authorized by the UK regulator. The authorization will also allow EEA-based investment funds to continue marketing in the UK. 

However, regulators still have to knock through certain barriers regarding data sharing. The UK has approved the EU as adequate under data protection regulations in its efforts to help maintain cross-border data movement between firms, but as it stands the EU has yet to reciprocate this response. 

“As a result of that, firms are taking steps themselves, using model clauses or other techniques throughout their restructuring to enable data flows to continue from the EU to the UK. So that is still a work in progress,” Delfas adds.  

Over the coming weeks and months, the FCA will continue to keep a close eye on the unfolding events of Brexit. The general objective is to prepare for all scenarios and prevent widespread disruption to the industry in the event of a no deal. In the final moments of the interview, Delfas explains that adapting to rapidly evolving environments—whether advancing technologies or political changes—is all in the nature of the job. 

Reflecting on her past 14 months as executive director of international, she says, “I don’t think that there is anything I would do differently. This is a fast-moving area of work with a lot of diverse challenges.” 

Looking forward, however, the biggest challenge—keeping the ship steady while navigating the murky waters of Brexit—is still ahead. 

Photographs by Jonathan Goldberg.