Capital Rules, Tokenisation, and Staying Secure

Unknown Speaker

Hello everyone, welcome back to the B-Compliant Podcast. I'm Vicky Pearce, joined as always by the ever-enthusiastic Rachel MacRae. Rach, how are you doing today?

Rachel MacRae

Oh, I'm grand, Vicky. Bit soggy from the Manchester rain, but other than that, can't complain! And I'm genuinely looking forward to this episode—bit of a meaty one with capital rules, tokenisation, and all sorts of compliance excitement.

Unknown Speaker

Brilliant. So, let's kick off with something a lot of investment firms will be eyeing closely—FCA’s Policy Statement PS25 14. If you missed it, the FCA’s basically announced they’re simplifying and consolidating how investment firms define regulatory capital under MIFIDPRU 3. They're taking out all those cross-references to the UK CRR, so it’s no longer tied to bank rules—finally, right?

Rachel MacRae

Yeah, about time really! It always felt a bit odd, didn’t it, having investment firms jump through these hoops meant for banks. Now we've got a regime that's actually built for our side of the fence. The new rules don't change how much capital you have to hold, just, well, make things clearer and far less faffy, I suppose.

Unknown Speaker

Absolutely. It's all about accessibility and proportionality—especially for smaller firms who, let's face it, might not have a large compliance army on payroll. The FCA wants to clarify what kind of capital counts, scrap bank-only stuff, and tidy up the language so you don’t need to be a regulatory translator to figure it out.

Rachel MacRae

I love that, regulatory translator—there’s a job title! But seriously, if you’re listening and you run or work for a smaller investment firm, this shift could really simplify how you manage your capital reporting. No need to panic about restructuring, but you probably will want to update documentation and those old references to the CRR.

Unknown Speaker

Exactly. And none of this comes in until April 2026, so there’s some breathing room. It fits with what the FCA’s been doing in other bits of regulation—trying to bring everything under this big prudential sourcebook umbrella eventually, that COREPRU thing. The theme’s familiar if you've tuned in recently: reduce unnecessary complexity, keep standards up, but make life easier where possible.

Rachel MacRae

I mean, we have seen this before, haven’t we, with other regulatory changes that try (sometimes clumsily, sometimes not) to streamline the rules. But this one actually feels workable—especially compared to some of the more, uh, convoluted proposals they've had over the years. So, here's hoping it sets a new trend for common sense in compliance!

Unknown Speaker

Since we’re talking about regulations trying to keep up with the modern world, let’s dive into another biggie—tokenisation in fund management. So, the FCA’s published their Consultation Paper CP25/28, which basically charts out how fund tokenisation might actually work in the UK fund industry. Rachel, you got stuck into this one, didn’t you?

Rachel MacRae

Honestly, I love all the futuristic stuff. Distributed ledger technology in fund registers? That’s almost sci-fi for asset management. The FCA’s looking to let authorised funds use DLT for things like keeping registers—so, think private or public blockchain. Much more efficient, less chasing paperwork, fewer reconciliation headaches.

Unknown Speaker

Exactly. And there’s this “Direct to Fund” model they’re consulting on too—letting investors deal straight with the fund or depositary, not having to go through the AFM all the time. Could mean much quicker, slicker transactions—and potentially less operational risk in the process.

Rachel MacRae

Which is just… well, mad to think how far things have come! Used to be, you’d send off a form, cross your fingers, and wait for days. Now, we're chatting about tokens and direct digital entries. And it’s not just about being trendy—tokenisation could lower costs industry-wide, maybe open access for younger or more tech-savvy investors who wouldn’t have bothered otherwise.

Unknown Speaker

Yeah. The FCA are excited about the operational wins, but they’re not taking their eye off the ball when it comes to risk. Consumer protection and market integrity are still absolutely central. So, you won’t see any cowboy tokens running loose—they want reassurance that whether it’s private or public blockchain, all the existing COLL and OEIC duties still get met.

Rachel MacRae

And that’s probably the right approach. A wild west would only hurt trust. If you think back to our earlier episodes—like when we covered crypto ETNs—they've made it clear that innovation's fine as long as clients are protected. Tokenisation won’t change that core expectation: good systems, good disclosures, and transparency always.

Unknown Speaker

Spot on. Just as a heads-up for listeners, responses on most chapters of this consultation run until November or December 2025, and the FCA’s looking to fine-tune rules for quite a while yet. It’s not a revolution, but if you’re in funds, keep your radar switched on—big changes might be coming over the next couple years.

Unknown Speaker

Speaking of risk and controls, we’ve got no shortage of data headlines lately. I think most people saw the Capita fine—£14 million pounds, staggering number for a data security failure. And Eastwood Financial Solutions just had the Ombudsman uphold a complaint about a data breach on an ISA account. Seems there’s a pattern here, doesn’t it Rachel?

Rachel MacRae

Oh, absolutely. The Eastwood case was a classic—fraudsters managed to gain access to a client’s details, tried to get nearly £10,000 pounds out. Luckily stopped, but the client’s data was already exposed. The Ombudsman said, look, EFS, even if you couldn’t pin down the exact cause you’ve still got to pay, because your systems and controls weren’t up to scratch under SYSC 3.2.6R, Principle 3, all of that.

Unknown Speaker

Exactly. It’s not just the financial redress, either—400 pounds for distress and inconvenience, and nearly 900 pounds for years of data monitoring. The bigger issue is the regulatory expectation. Quick communication, clear responsibility with third parties, making sure controls are tight enough regardless of company size. The FCA and ICO are crystal clear: no firm’s too small to be a target for cyber crime. We're not exempt just because we think hackers focus on the big guys.

Rachel MacRae

And then add in the BlueCrest Capital Management drama—$101 million in redress because of conflicts of interest that weren't properly managed or disclosed. It’s a textbook example of why good governance and conflict management matter—these aren’t just box-ticking exercises, because the consequences are eye-watering.

Unknown Speaker

Yeah, and the FCA’s not shy about going public, are they? Affected investors will be contacted directly, and it’s a huge reminder—failures in controls and conflict management aren't just bad for your compliance record, they're bad for reputation and your pocket. For our listeners, strong systems and controls, whether it's about data or conflicts, really are your best friend.

Rachel MacRae

Couldn’t agree more. For anyone still thinking, “It’ll never happen to us”, well, the attack surface is only getting bigger—and even well-prepared firms aren’t immune. But robust, well-tested plans can make all the difference if the worst does happen.

Unknown Speaker

Absolutely. I think that’s a good point to wrap up for this week—lots of food for thought, and plenty for firms to work on whether it’s capital rules, new tech, or data security. Rachel, any closing words before we say goodbye?

Rachel MacRae

Just that if anyone listening needs help making sense of these latest changes or wants to beef up their controls, don’t hesitate to get in touch. And keep tuning in—there's always something new on the compliance horizon!

Unknown Speaker

Thanks as always, Rachel. And thanks to all our listeners for joining us again. We’ll be back soon with even more updates and insights—so take care, stay compliant, and we’ll speak to you next time. Goodbye everyone!

Rachel MacRae

See you next time, Vicky! Bye everyone!