As a challenger consultancy founded by the former senior partners of Big Four auditors and top strategic advisory firms, ICAG Partners provides a wide range of risk, regulation and digital services to clients in the UK, North America and the EMEA. Given its geographical footprint, client base and service model, it is vital for ICAG itself to maintain a scrupulous approach to regulations within its sector. 

“Our clients include a number of large and mid-sized financial firms such as banks, capital markets companies, asset managers and insurers,” says CEO Subas Roy. “As we are growing in key regions outside the UK, we must therefore meet the standards of a variety of different domestic and foreign regulators.”

Robust policies

At home, ICAG is accountable to the Prudential Regulation Authority, the Bank of England and the Financial Conduct Authority. In the US, Roy’s firm must operate in line with the Securities and Exchange Commission, the Financial Industry Regulatory Authority and the Commodity Futures Trading Commission.

On the continent, meanwhile, Roy notes: “The European Central Bank oversees balance sheet and capital management provisions, while the European Banking Authority focuses on environmental, social and governance (ESG) measures and operational resilience. Then the European Securities and Markets Authority sets further rules around capital markets.

“They’re the main UK and overseas regulators that I think about all the time,” he says. “And I’m confident that, as a business, we have a very robust set of policies and procedures covering our staff and clients, and that everyone is aware of the dos and don’ts.”

Competitive advantage

In Roy’s assessment, there are three main areas of concern that ICAG must prioritise in its efforts to meet regulations:

1) Consumer protection

“How can I demonstrate that the decisions my organisation takes on behalf of its clients are in their best interest? From that perspective, MiFID II is the absolute key package of rules to observe in Europe, and continues to apply to the UK. Then there’s the UK Market Abuse Regulation, which sets very specific measures around conflicts of interest and insider trading. Regarding our US activities, Dodd-Frank is by far the most important piece of legislation for safeguarding consumers.”

2) Acceptable use of data

“Under General Data Protection Regulation, the fines are huge – plus there are broader, reputational impacts arising from non-compliance that would affect any business looking to provide our sorts of services. In the UK, we have a range of data protection provisions set up at the Information Commissioner’s Office – many of which are mirrored in systems operated by similar, national bodies across Europe. In the field of cybersecurity, there is the US National Information Systems Directive – and in January, the EU Network and Information Security 2 Directive came into force."

3) ESG

“In the investment disclosure arena, there are some key, relevant requirements in place across the EU. Indeed, at any given point in time, we are carefully assessing where ICAG stands in relation to nine regulatory tracks, covering obligations around benchmarking, plus carbon credit, carbon offset and carbon accounting. In addition, we must comply with a number of UN Sustainable Development Goals (SDGs) – we are subject to SDGs 5, 6, 8 and 9, related to areas such as carbon emissions, water and deforestation.”

For Roy, falling in line with that array of regulations ultimately helps ICAG to distinguish itself commercially. “As CEO, my job is to strike a balance between efficiency and resilience,” he says. “In my previous work as senior partner at both Oliver Wyman and EY, I ran their risk and compliance practices. So I understand how important these regulations are – and I think that complying with them actually increases my business’s competitive advantage. It helps us to demonstrate that the services we are providing to our customers are trustworthy.”

Mode of delivery

Roy broadly supports the consultation process between businesses and government bodies that helps ensure new rules meet a high mark of quality for the companies to which they apply. However, he explains, the pace of change in the regulatory environment is often quite slow, which impacts the rate at which companies can update their business processes.

Also, he says: “We must see further digitalisation of the regulatory framework – and greater digital awareness in the relevant text. That would benefit not just the way new rules are shaped and designed, but the mode of delivery, too.

In the past few years, Roy notes, ICAG has been working its way through a cloud migration programme, and is now fully automated. “However, if a new regulation comes out asking us to evidence manual processes that we’ve spent the past two or three years removing, that’s counterproductive. That’s one area where regulators need to do a bit of a catch-up – and that applies equally across the UK, US and Europe.”

Roy has recently encountered at least four scenarios where he had to respond to a regulator’s letter to point out that some of the tasks the regulator required ahead of a new rule taking effect weren’t relevant anymore. “They’re trying to enforce a new provision that will be out of date on day one.”

Room for debate

Roy also takes the view that the government could do more to provide SMEs with a voice at the table and listen to what they have to say. “Consultations aside, business owners similar to me would definitely like to be much more at the forefront of government thinking around the development of regulations – particularly in Cabinet Office briefings and so on. Inviting more representations from SMEs could only be a positive step for UK plc.”

With that in mind, he adds: “Consultations tend to be closed-ended, rather than open-ended. They ask very specific questions on an exposure draft – which is useful. But having gone through this process more than 20 times in the past five years, I can say that whenever I read an exposure draft, it feels as though the authors don’t really appreciate the amount of change that financial services, particularly across London, have gone through.”

His hope is for greater room for group discussions and debate within the affected business community, with those talks then helping to inform the government’s own decision-making.