Five years of conduct risk – are you focusing on the right things?
30 May 2018
‘Putting customers at the heart of our business’. ‘Fair customer outcomes’. ‘Tone from the top’.
These are phrases that have entered the lexicon of financial services in the five years since the Financial Conduct Authority (FCA) was born. It is certainly more commonplace now for Boards to talk about culture, conduct risk and customer outcomes. But is the talk filtering through into better outcomes for customers? Are firms intervening earlier to tackle potential risks to customers and to market integrity before they crystallise?
We certainly see lots of effort in day-to-day compliance. The industry is constantly enhancing compliance toolkits and training, conduct risk frameworks and supporting policies and frameworks. We feel we are moving in the right direction. But are firms focusing on the right things?
Two recent examples demonstrate that some firms are not.
First we have the FCA and PRA joint fine for Jes Staley, CEO of Barclays, for failing to act with due skill, care and diligence in the way he acted in response to a whistleblower. Mr Staley was the subject of aspects of the whistleblower’s complaint. He therefore had a conflict of interest in relation to the complaint, and should have taken particular care to maintain an appropriate distance from the investigation into it. Instead, Mr Staley attempted to identify the whistleblower; he allowed his own interest in the complaint to override his objectivity. This was an obvious conflict of interest, yet Mr Staley did not take adequate steps to manage it. What does this example say about culture at Barclays? The purpose of a whistleblowing regime is to enable individuals to speak up anonymously and without fear of retaliation; attempting to identify a whistleblower undermines a culture of trust in an organisation, never more so than when it is the CEO at fault.
The second example is from Australia where the Australian Prudential Regulation Authority (APRA) commissioned a Prudential inquiry into the Commonwealth Bank of Australia (CBA). It is notable that Australia had the notion of conduct risk well before the UK, with the Australian ‘twin peaks’ model of regulation being the pre-cursor to countries such as the UK and South Africa adopting the model. The purpose of APRA’s inquiry was to examine CBA’s practices in relation to governance, culture and accountability that have contributed to a number of conduct incidents in recent years (including mis-selling of credit card insurance and fees for no service in financial advice). The inquiry concluded that operational, compliance and conduct risks at CBA were “neither clearly understood nor owned, the frameworks for managing them were cumbersome and incomplete, and senior leadership was slow to recognise, and address, emerging threats to CBA’s reputation”.
What is striking about the inquiry’s findings is that, on paper, CBA were focused on conduct risk. CBA had operational risk and compliance frameworks. But the frameworks were under-developed and ineffective in the context of a heavy emphasis on financial risks. CBA had a customer focus enshrined in their ‘Vision and Values’ and industry-leading customer satisfaction scores. But the customer voice did not always ring as loudly as the voice of finance in decision-making forums and product design.
The inquiry concluded that CBA suffered from a lack of “critical thinking about the bigger picture and the full depth of risk issues”. Firms need to ask themselves – are we focusing on the right things; the big ticket items? Culture and behaviour, governance, remuneration, and conflicts of interest. It is difficult for a firm to benchmark itself on these big ticket items; an expert and independent viewpoint are invaluable. Indeed the APRA inquiry found that the CBA Board undertook an annual assessment of its performance and that CBA Directors and senior leadership described CBA’s governance as ‘world class’. Yet the inquiry found that rigorous benchmarking would have indicated that aspects of CBA’s governance practices were below the level expected. One wonders whether an external Board Assessment would have come to the same conclusions.
Conduct and culture are still very much on the FCA’s agenda, with four publications in the last three months. How do you know if you’ve got a conduct problem at your firm? Here are the tell-tale signs that the APRA inquiry Panel identified:
- inadequate oversight and challenge by the Board and its gatekeeper committees of emerging non-financial risks
- unclear accountabilities, starting with a lack of ownership of key risks at the Executive Committee level
- weaknesses in how issues, incidents and risks are identified and escalated through the institution and a lack of urgency in their subsequent management and resolution
- overly complex and bureaucratic decision-making processes that favoured collaboration over timely and effective outcomes and slowed the detection of risk failings
- an operational risk management framework that works better on paper than in practice, supported by an immature and under-resourced compliance function
- a remuneration framework that has little sting for senior managers when poor risk or customer outcomes materialised.
Do you recognise any of these in your firm? Give us a call to see how we can help.
 (i) FCA transforming culture conference – event summary and next steps, published 25 May 2018. (ii) 5 conduct questions – industry feedback for 2017, published 1 May 2018 (iii) 5 conduct questions – industry feedback for 2016, published 1 May 2018. (iv) Discussion paper on transforming culture in financial services, published 12 March 2018.