Challenger Banks: Achieving profitability whilst dealing with regulation and crises

Challenger banks are revolutionising the UK banking market. Back in 2010, Metro Bank made a big splash by opening the first new high-street bank in the UK for more than 100 years. In the context of a retail banking market which has faced various reputational and conduct issues, Metro has prioritised the customer. Their "stores" (branches) are open seven days a week, "fans" (customers) can set up accounts on the spot and receive credit and debit cards within half an hour. The physical premises are lively, dog-friendly and, dare we say it, fun.

In more recent years, the digital-only challengers, such as Starling, Monzo and Revolut, have targeted millennials. Like Metro, they prioritise client experience, but their focus is on user-friendly, app-based delivery. Accounts are quick to set up, customers receive realtime payment notifications, spending is categorised into summary charts and customer service teams are responsive and effective. Some of these challengers are fully licensed banks, offering current accounts into which salaries can be paid and from which direct debits can be set up. Others offer pre-paid cards which can be used for spending and which allow access to a certain level of zero fee foreign currency.

The licensed banks are permitted to accept deposits and have focused on building their retail and small and medium-sized enterprise (SME) depositor base. This provides a "sticky" and relatively cheap source of funding, and critically, enables the challenger banks to establish long-term customer relationships.

As the provision of current and savings accounts is generally free to customers (free banking is the norm in the UK), however, challengers are under commercial pressure to sell products which enable them to generate revenue and profit. These profitable products include loans (mortgages, personal loans, credit cards and overdrafts), foreign currency (banks will earn a spread between the buy and sell price even if no fee is charged), and the sale of third-party products, such as insurance cover, for which the bank can earn a commission as distributor.

Regulatory compliance challenges

While growing their customer base and looking to increase their sales of profitable products, challenger banks must deal with a complex and wide-ranging UK regulatory regime. Unlike the established banks, which have huge legal and compliance teams, the challengers are more thinly resourced, but must deal with the same regulatory rules.

They must therefore identify and focus on their most critical regulatory risks, which are likely to include:

  • Licensing: The e-money and payment institutions which have not yet obtained a banking licence should ensure that they do not in fact accept deposits, and that they appropriately safeguard client funds, which is a condition for maintaining their e-money licence. Many of these firms will also be seeking to obtain a UK banking licence, which involves a rigorous and time-consuming Prudential Regulation Authority (PRA) application process. Regardless of whether they have a banking licence, all challengers need to consider whether the roll-out of new products and services will trigger the need for additional permissions.
  • Conduct of business rules: Challengers need to ensure that they embed regulatory conduct requirements across their entire customer journey, from marketing and sales, through to onboarding, customer-facing contracts, continuous servicing of accounts, and termination/loan enforcement procedures. There are several sources of rules to consider here, including the Payment Services Regulations, the Electronic Money Regulations, the Consumer Credit Act, the Consumer Rights Act, and the Financial Conduct Authority's (FCA) Mortgages and Home Finance: Conduct of Business (MCOBS), Consumer Credit Sourcebook (CONC) and Banking: Conduct of Business Sourcebook (BCOBS) rulebooks. Getting this wrong can, in the worst cases, trigger regulatory fines and customer redress measures. In the case of consumer credit, it can even result in loans becoming unenforceable.
  • Governance and systems and controls: It is critical that a firm's senior managers are clear about who is responsible for what within the organisation. For example, who is responsible for each of the bank's core product offerings (current accounts, credit, insurance products, etc.) and internal functions (finance, compliance, risk)? Who reports to whom? Is the firm satisfied that each senior manager is taking reasonable steps to ensure that the business line or function for which they are responsible is compliant with applicable regulatory requirements, and how can this be evidenced? Putting in place appropriate systems and controls is essential for the management of all types of regulatory risks, but recently there has been a particular focus on anti-money laundering/sanctions, operational resilience and regulatory reporting.
  • Prudential regulation: There are two issues here. The first relates to the "liabilities" side of the balance sheet. All firms are required to ensure that they have enough capital, and that the capital instruments which they issue meet the technical eligibility criteria which are set out in the rules. The second relates to the "assets" side of the balance sheet and is particularly relevant to banks which need to calculate their capital requirement based largely on the size and nature of their loan book. The rules are highly complex, and getting it wrong can result in regulatory reporting errors and potentially a capital deficit, which would invite unwanted regulatory scrutiny
Crisis management

Inevitably things will go wrong. In those circumstances, firms need to exercise judgement and carefully plan how to respond, to protect their brand and regulatory relationships. The first 72 hours of a crisis are critical. It pays to be prepared and develop a plan in advance, bearing in mind these points:

  • Team: Mobilise the right multidisciplinary team to help navigate a crisis is essential. Identify the appropriate individuals (internal and external) to ensure they capture a diverse range of views, establish governance processes and consider building in redundancies: what if a decision-maker cannot be reached at a critical moment? Firms should establish a protocol for communications within the core team: how will the team communicate if there is a total systems failure? Knowing how to mobilise the team will put firms ahead of the curve.
  • Investigate: Firms should have a process that allows them to identify the relevant facts quickly and to secure evidence, ensuring privilege is maintained where possible. They should also start to build a core set of verified facts. This will form the basis of their communications with stakeholders and help define priorities for next steps, so it is important to get it right, and not to make assumptions.
  • Regulatory notifications: Firms should consider any immediate regulatory notifications that may be required. For challenger banks, it will be essential to contact the FCA and the PRA. Depending on the nature of the crisis, other regulators may also be involved (e.g.,the Information Commissioner's Office (ICO) in the event of a data breach).
  • Communications: Firms must understand who their stakeholders are, both internal and external, so they have a clear idea of who they may need to communicate with, and for what purpose. External stakeholders will include regulators, customers, insurers, investors and industry bodies. Internal communications are just as important. Employees can be a firm's greatest asset in a crisis. It is important to ensure that the information employees have comes from the firm itself.

Challenger banks that understand the regulatory landscape and are ready to respond to a crisis are positioning themselves for growth
and operational resilence.

By Alastair Holt, counsel, Financial Regulation Group, Linklaters. Emma Pagan, managing associate, Dispute Resolution,

“This article (Subscription only) was originally published by Thomson Reuters Regulatory Intelligence”