Fortunately, in the final rules the FCA have not adopted some of the more outré suggestions from the consultation proposals. And in many ways the new position is not much different from where we are. But there are some differences and it's important they're built into your systems as soon as possible.
What the FCA has not done is lay down a prescriptive set of rules, though many asked for that. It fears that would be too inflexible. At the same time they worry that lenders are in some cases being too rigid in their own approach - as if it's never occurred to the FCA that lenders are terrified of FCA discipline for not doing as much investigation as, after the event, the FCA determines it would have liked. Anyway, we are where we are.
The changes are to CONC 5 and 6 and SYSC 9. Despite pleas to the contrary in response to the consultation, the same rules are to apply to regulated business lending, though it is accepted that the FCA's recommended proportionate approach may lead to different outcomes in business lending. It's now clear from CONC that you can take account of the different circumstances of business credit, including the customer's business plan, the nature and resources of the business and expected fluctuations in business income.
Perhaps the key issue with 1 November approaching are the changes to SYSC 9 regarding record-keeping. You need to ensure in a short timescale that your systems comply with the following:
- you have written policies and procedures as to how you determine creditworthiness and affordability and these are set at the top level of your business
- those policies and procedures are reviewed both for efficacy and compliance with them by the business
- you keep records for each deal so you can evidence compliant assessments when the FCA comes calling
- curiously, there's no requirement to keep records of deals declined, though it's hard to see how you can demonstrate the efficacy of your policies and procedures if you can't show where you've made decline decisions. So, I strongly recommend you keep those too.
Backtracking from that key issue to the FCA's over-arching approach and the outcomes they want to see: as before, they consider creditworthiness as being the credit viewed from the creditor's perspective and affordability of the same credit from the customer's point of view. They want a reasonable assessment of the customer's ability to repay affordably and to eliminate lending which is "foreseeably unaffordable". To do this, the creditor must, before advancing credit (or increasing a credit limit significantly), undertake a reasonable assessment of the affordability:
- by assessing the customer's ability to make payments as they fall due;
- without having to borrow to make those payments;
- without having to default on other financial commitments to do so; and
- without experiencing a serious adverse impact.
In looking at this the new rules do depart from the FCA's original ideas in the consultation document in the following respects:
- you can look at joint income not just the customer's income, provided it's available to the customer. (It was evidence of the FCA being out of touch with how the average family often organises its money that they thought the opposite was a runner in the first place);
- you can take repayments from savings provided there's no serious customer impact, taking account of the purpose of the savings and their availability to meet repayments.
So what do you need to do? Let's start with some negatives:
- you're not allowed to look at the value of any security you hold when assessing affordability. That makes sense as if you're relying on the security (which would include the value of financed goods in asset finance transactions) to get repaid from the outset, it suggests you don't think the customer can afford the repayments;
- but this rule extends to a guarantee. This makes less sense, admittedly depending on the circumstances. But it means a parent can't guarantee a loan say to a student with eyes open, which seems counter to how many families may wish to organise their finances;
- you don't need to assess income where the credit is "obviously affordable" or repayment is to be made from savings. Alas, it's not clear what "obviously" means, given that, if you make no investigation, you won't know what commitments a person has. Still, the rule may be helpful so far as it goes.
Moving to things you should be doing where you do need to make an income assessment:
- you should take reasonable steps to estimate reasonably the customer's income. Self declaration by the customer will not suffice. And you should consider reasonably foreseeable future changes. This shouldn't extend to asking invasive personal questions to which you don't already know the answer - possible pregnancy, divorce etc;
- and you should estimate the customer's non-discretionary expenditure to lead you to the relevant disposable income again taking into account future changes which are reasonably foreseeable and may have a "material impact" such as rising interest rates on mortgage payments;
- the assessment must be proportionate to the type of credit and the specifics of the customer, looking at the customer's history, vulnerability and financial circumstances. It doesn't need me to say this is a tad vague, but we have a lot of output from the FCA to look at on the vulnerability part of the assessment;
- you can use automated systems, but this must extend to expenditure as well as income (unless you don't need to estimate income). So, the FCA understand you're likely to use CRA data and perhaps Office of National Statistics data on typical expenditure. But, if you know different you must of course use that actual knowledge;
- in your policies and procedures you should recognise the risk of CRA data being inaccurate. What you can do about that isn't explained. Perhaps you just treat the data with caution where you have reason to be suspicious of the results you are getting.
Two final points to consider:
- despite the FCA's concern with firms being too rigid in applying their policies and procedures and their wish that processes should be tailored and graded for individual risks, over-compliance remains safer than under-compliance; and
- if you outsource your assessments, say to a credit broker, compliance with CONC 5 requires proper due diligence of the compliance policies and procedures of the intermediary and how they apply them in practice.