What are the hot topics that may cross the threshold from supervision to enforcement in 2022?

The FCA is likely to expand their focus for enforcement activity in 2022 – but what does this mean in reality for firms?

The regulatory landscape is changing but there are key areas of focus.

The use of personal devices for conducting business.

With an increase in remote and hybrid working patterns, the use of personal devices throughout the working day is now the norm. While there is nothing intrinsically wrong with using a personal device to access a work email account or a virtual work place, issues arise when employees conduct firm business on unapproved, unmonitored and/or unencrypted communication apps. The FCA raised concerns about this last year and is likely to take a dim view of firms who have not addressed these risks.

Employee communication off a firm’s system suggests that firms don’t have adequately secure practices in place to protect personal and other confidential data. More generally, if an employee is communicating off-radar (using e.g. WhatsApp), the firm is unable to comply with its obligations to monitor and preserve those communications.

Can regulators reasonably expect firms to police the use of personal devices for business purposes? Those devices do not belong to the firm and will clearly contain personal data that has no relevance to the firm. As a minimum, firms would need a reasonable basis to suspect that firm business is being conducted on the device before accessing it, and would then need to adopt technological solutions that are as unobtrusive as possible.

As always, prevention is better than cure:

  • Assess the risk: how does this risk manifest in the context of your particular firm?
  • Implement clear policies and training: set out guidance on the use of non-approved devices and include the circumstances in which the firm will seek access to the personal device.
  • Invest in secure and efficient technology and communications platforms: many only use WhatsApp because they think it’s less cumbersome than the approved platforms.

From supervision to enforcement: the FCA’s focus on climate change.

Climate change continues to be a highly politicised topic, resulting in a fast-evolving regulatory landscape. The UK is set to become the first G20 country to make it mandatory for the largest UK-registered businesses to disclose climate-related financial information from April 2022¹.

Climate change continues to be a highly politicised topic, resulting in a fast-evolving regulatory landscape.

In August 2021, the FCA itself came under public scrutiny for its failure to hold firms within its remit to account in respect of climate change-related reporting obligations2. The topic has yet to cross over into the enforcement space but the FCA has been spurred to send out warning signals, referencing concerns surrounding ‘greenwashing’3 and a planned enforcement mechanism to improve the quality of ESG disclosures4.

The PRA has also noted it will consider “exercise of its powers and use of its wider supervisory toolkit” where progress in respect of climate change is insufficient.

It’s not just here - the EU has introduced stricter regulations and taxonomy over the past two years and some member states have announced specific ESG enforcement units. Similar measures could be adopted in the UK market.

So, how can firms best prepare?

  • Scope and act early. Assess and map out current commitments, stakeholder or other requirements (including reporting or disclosures) and perform an assessment to identify where legal requirements will aggregate, extend and/or conflict (or are likely to do so). Baseline the firm’s policies, procedures, controls and performance and perform a gap analysis.
  • Develop a prioritised implementation plan balancing strategic and corporate objectives, stakeholder expectations, legal and risk governance profiles and culture. .
  • Develop and leverage best practice. Identify ESG champions / technical expertise across different business lines and ensure multi-disciplinary perspectives and engagement, harmonise the review/approval processes and align stakeholder engagement and communication. Apply guidance from professional bodies and regulators and monitor how other firms act. Use specialist external experts and perspectives. .
  • Maintain and build resilience. Identify KPIs to track and audit progress, review, and learn from stakeholder feedback and engagement processes and build resilience for increasing performance expectations and regulatory standards.

The FCA’s attempt to regulate cryptoassets: how wide is the scope?

The regulation of cryptoassets has been gathering pace for the last couple of years:

  • in 2019, the FCA clarified which cryptoassets would fall within the regulatory perimeter6.
  • in 2020, the FCA was given supervisory responsibility for UK firms undertaking cryptoasset activities; and
  • in 2020, the FCA obtained supervisory responsibility for UK firms undertaking cryptoasset activities; and
  • in 2021, the FCA moved to protect retail customers by banning the sale of crypto-derivatives to retail customers, including issuing a warning to retail investors regarding the risks of losses associated with crypto-related investments⁷.

HM Treasury is in the process of considering widening the FCA’s regulatory powers following the Government’s announcement of a consultation on its regulatory approach to cryptoassets. This could result in unregulated tokens remaining outside of the perimeter for conduct and prudential purposes but becoming subject to more stringent regulation via AML/CTF regulation. We also anticipate the introduction of a regulatory regime for stable tokens and firms providing services in relation to them. Long-term, the government is also considering bringing a broader set of cryptoasset market actors or tokens into an authorisation regime. If new rules are adopted, the expectation is that most cryptoassets will ultimately have to meet the same standards applied to more traditional investments regarding fairness, clarity and accuracy. This is discussed further here.


It is clear that, as ever, the regulation is evolving at a rapid rate. Act now: consider what these topics mean for your firm, update policies and procedures, educate staff and implement new operating methods before they become mandatory. The FCA is in the spotlight when it comes to enforcement; taking the time to address emerging trends now is one of the best ways of ensuring that your business remains sustainable and secure within the future enforcement landscape.

Share this article:



Partner, London

Link to bio >


Read our latest report that combines the views and insights from across our teams in both the UK and US incorporating opinions of market practitioners and regulators.

We delve into many questions facing boardrooms today across six core themes:- Changing Markets; Risk & Regulatory Enforcement; Sustainability & ESG; Technology; Talent & People and Inclusion & Diversity; and Governance.


Join our upcoming events or catch-up On Demand at your own pace


For one of our team to get in touch with you just...

Share #BCLPEmergingThemes

Stay in the know and sign up for future updates

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.

Legal notices Privacy notice Modern Slavery Act Connect with us Stay informed Our locations © 2022 Bryan Cave Leighton Paisner LLP. All rights reserved.