As a challenger consultancy founded by former senior partners of Big Four auditors and top strategic advisory firms, ICAG Partners provides a wide range of risk, regulation and digital services to clients in the UK, North America and the EMEA. Given its geographical footprint, client base and service model, it is vital for ICAG itself to maintain a scrupulous approach to regulations within its sector – as CEO Subas Roy explains.
“Our clients include a number of large and mid-sized financial firms, such as banks, capital markets companies, asset managers and insurers,” he says. “As we are growing in key regions outside the UK, we must therefore meet the standards of a variety of different domestic and foreign regulators.”
At home, ICAG is accountable to the Prudential Regulation Authority, the Bank of England and the Financial Conduct Authority. In the US, Roy’s firm must operate in line with the Securities and Exchange Commission, the Financial Industry Regulatory Authority and the Commodity Futures Trading Commission.
On the continent, meanwhile, Roy notes: “The European Central Bank oversees balance sheet and capital management provisions, while the European Banking Authority focuses on environmental, social and governance (ESG) measures and operational resilience. Then the European Securities and Markets Authority sets further rules around capital markets.
“They’re the main UK and overseas regulators that I think about all the time,” he says. “And I’m confident that, as a business, we have a very robust set of policies and procedures covering our staff and clients, and that everyone is aware of the dos and don’ts.”
In Roy’s assessment, there are three main areas of concern that ICAG must prioritise in its efforts to adhere to regulations:
- Consumer protection: “How can I demonstrate that the decisions that my organisation takes on behalf of its clients are in their best interest? From that perspective, MiFID II is the absolute key package of rules to observe in Europe, and continues to apply to the UK. Then there’s the UK Market Abuse Regulation, which sets very specific measures around conflicts of interest and insider trading. Regarding our US activities, Dodd-Frank is by far the most important piece of legislation for safeguarding consumers.”
- Acceptable use of data: “Under GDPR, the fines are huge – plus, there are broader, reputational impacts arising from non-compliance that would affect any business looking to provide our sorts of services. In the UK, we have a range of data protection provisions set up at the Information Commissioner’s Office – many of which are mirrored in systems operated by similar, national bodies across Europe. In the field of cyber security, there is the US National Information Systems Directive (NISD) – and in January, the EU Network and Information Security 2 (NIS2) Directive came into force.”
- ESG: “In the investment disclosure arena, there are some key, relevant requirements in place across the EU. Indeed, at any given point in time, we are carefully assessing where ICAG stands in relation to nine regulatory tracks, covering obligations around benchmarking, plus carbon credit, carbon offset and carbon accounting. In addition, we must comply with a number of UN Sustainable Development Goals (SDGs) – we are subject to SDGs 5, 6, 8 and 9, related to areas such as carbon emissions, water and deforestation.”
For Roy, falling in line with that array of regulations ultimately helps ICAG to distinguish itself commercially.
“As CEO, my job is to strike a balance between efficiency and resilience,” he says. “In my previous work as senior partner at both Oliver Wyman and EY, I ran their risk and compliance practices. So, I understand how important these regulations are – and I think that complying with them actually increases my business’s competitive advantage. It helps us to demonstrate that the services we are providing to our customers are trustworthy.”
Mode of delivery
Roy broadly supports the consultation process between businesses and government bodies that helps to ensure new rules meet a high mark of quality for the companies to which they apply. However, he explains, the pace of change in the regulatory environment is often quite slow, which impacts the rate at which companies can update their business processes.
In connection with that, he says: “We must see further digitalisation of the regulatory framework – and greater digital awareness in the relevant text. That would benefit not just the way new rules are shaped and designed, but the mode of delivery, too.
In the past few years, Roy notes, ICAG has been working its way through a cloud migration programme, and is now fully automated. “However, if a new regulation comes out asking us to evidence manual processes that we’ve spent the past two or three years removing, that’s counterproductive. So, that’s one area where regulators need to do a bit of catch-up – and that applies equally across the UK, US and Europe.”
Room for debate
Roy also takes the view that the government could do more in terms of providing SMEs with a voice at the table and listening to what they have to say. “Consultations aside, business owners similar to me would definitely like to be much more at the forefront of government thinking around the development of regulations – particularly in Cabinet Office briefings and so on. Inviting more representatives from SMEs could only be a positive step for UK plc.”
In addition, he says: “Consultations tend to be closed-ended, rather than open-ended. They ask very specific questions on an exposure draft – which is useful. But having gone through this process more than 20 times in the past five years, I can say that whenever I read an exposure draft, it feels as though the authors don’t really appreciate the amount of change that financial services, particularly across London, have gone through.”
Roy notes: “In the past two years, I’ve encountered at least four scenarios where I’ve had to respond to a regulator’s letter to say that some of the tasks they want us to deliver ahead of a new rule taking effect just aren’t relevant any more. We’ve technologically improved and streamlined our business, and they’re trying to enforce a new provision that will be out of date on day one.”
With that in mind, he adds: “One ask we’d have is for consultations to be more open-ended, with greater room for group discussions and debate within the affected business community. Those talks could then help to inform the government’s own decision-making.”
Better Regulation project
The Better Regulation project aims to help ICAEW and its members understand how the UK’s regulatory regime might be improved and to use our insights to call for change.
Member views on UK regulation
Briefing on the UK's regulatory regime
This briefing looks at what is meant by regulation, what makes good regulation and key components of the UK’s regulatory architecture.Read briefing
What is the Better Regulation project?
This project aims to understand how the UK’s regulatory regime might be improved and to call for change where needed.Read introduction