Financial Conduct Authority publishes multi-firm findings on benchmark administrators’ management of data risks

The Financial Conduct Authority (FCA) has published findings and sector lessons from a multi-firm review of how benchmark administrators (BMAs) manage data risks, concluding that practices varied and did not consistently support a robust control environment. The review was framed around firms’ obligations under FCA Principles 2 and 3 and relevant requirements under the UK Benchmarks Regulation, and is intended to be relevant to BMAs, price reporting agencies and data suppliers. The FCA’s work drew on a survey of 10 firms and follow-up engagement across five themes: supplier onboarding, data quality oversight, resilience and incident response, governance and assurance, and emerging risk awareness. Examples of stronger practice included clearly documented and risk-based supplier onboarding with scheduled reassessments, well-designed management information (MI) and key risk indicators (KRIs), and strong data lineage or traceability linking suppliers to affected benchmarks to support monitoring and root-cause analysis. Weaknesses included MI that did not clearly drive decisions or follow-up actions, inconsistent record-keeping and decisions taken outside formal governance channels, contingency plans that were not comprehensive or scalable, fragmentary assurance arrangements beyond the first line, and limited evidence that control frameworks were evolving to reflect growth, new products, market developments and newer technologies such as generative AI. Further FCA work is planned later in 2025 and in 2026 on other risks highlighted in its benchmark administrator supervisory strategy, including benchmark controls and corporate governance.