The outlook for retail banks and lending firms in 2019/20
25 April 2019
The FCA’s 2019/20 Business Plan provides important insights in both their sector and cross-sector priorities. In this article, we look at examples from: Culture and Governance, Operational Resilience, Fair Treatment of Customers and Open Finance.
Culture and Governance
It is fair to say that the retail banking and lending sectors have not always been exemplars in the industry when it comes to ensuring good customer outcomes. We will finally see an end to the PPI saga this year, but many other areas of potential concern remain:
- Since the FCA took over the oversight of consumer credit in 2014 they have been proactive in addressing customer detriment they have seen in the high cost sector – and this focus will continue in 2019/20.
- In mainstream lending, recent work in motor finance has identified poor practices where firms have financially benefited from charging customers high costs for credit.
- The mortgage sector also remains an area where the Regulator perceives that there are structural problems within the status quo practices and conventions.
- In banking, the long overlooked (and long profitable) overdraft market has come under the spotlight, with the FCA’s proposals in December 2018 to reform the ways banks and building societies charge for overdrafts – the policy statement is expected in late Summer 2019.
In the Business Plan, and also in various policy statements, thematic reviews and enforcement actions, the FCA is challenging firms to demonstrate a customer-centric sense of purpose, and the ability to exercise sound judgement in the decisions they make, across a range of areas.
The impression given by the FCA is that culture is an overarching principle to drive their assessment of how firms are ensuring good customer outcomes, and maintaining market integrity. This builds on the pre-FCA foundations of TCF, and the concepts of conduct risk.
It is evident that if things go wrong, the Regulator will be looking to the culture within a firm as a key determinant factor. And if the culture is found lacking, they will be using the SMCR framework (see below) to identify who is responsible.
However, despite its importance, culture is often low down on the list of priorities within firms. This is largely because culture change is seen as too intangible, too complicated, and too costly. The cost and complexity issues are not helped by people’s experience of grandiose cultural transformation projects which over promise and under deliver. They are seen as attempting to impose culture from 30,000ft, detached from the reality of the firm.
Successful change programmes see culture for what it is – another lever to pull (albeit a crucial one). It is a force multiplier for control, a mitigator for risks, a roadmap to goal congruence. By embedding culture within the overall control framework, firms can make the intangible tangible, and build positive norms and values which are aligned to clear objectives.
The FCA sees the Senior Manager’s & Certification Regime as a cornerstone of their objectives to:
‘embed consistent standards of personal conduct for all individuals working in financial services and highlight the individual accountability of senior managers so that consumers are treated fairly and market integrity is enhanced.’
Retail banks are already operating under SMCR, and all FCA regulated firms will be by the end of 2019. Whether firms are operating under the regime or not, the FCA is sending a clear message that senior management needs to demonstrate effective oversight and control within the organisations they manage and be at the forefront of driving a customer-centric culture.
Many lenders are still considering how to approach SMCR or are at the early stages of planning their implementation. Our advice is to not to consider it as just another regulatory box to tick, but look at it as a framework for enhanced business improvement and control. Why would you not want to know whether you have the right people, in the right roles within your organisation?
For firms already operating under SMCR, now is a good time to take a step back and assess whether the process is working as expected, and where it could be streamlined or improved.
Strategy and business models
The FCA highlight ‘purpose’ as a concept they will be exploring when reviewing firms. The aims and objectives of the firms are key elements – within the overarching strategy, and within the business plans. While customer detriment may have many symptoms, the cause can often be pinpointed in the attempt to execute unachievable plans. Or at least in the attempt to execute plans which are unachievable without creating conduct risk and causing poor outcomes. In essence, this is an over-focus on cash rather than customers. We explore this theme in greater depth in our recent paper ‘Financial Drivers of Conduct Risk’.
Potential issues are across all products, but the FCA has highlighted particular areas of focus:
- The overdraft market – There is a significant difference between arranged and unarranged overdraft prices, with firms making around ten times the yield on unarranged lending than on arranged lending. The FCA’s High-Cost Credit Review (HCCR) found that charges for overdrafts were highly concentrated, with a minority of consumers paying most fees. In particular, vulnerable consumers are more likely to use unarranged overdrafts and pay more in charges. Firms should provide better information to customers about their existing overdraft (e.g. text messages or push notification alerts, and online cost calculators), and reduce barriers to switching.
- SME banking – The FCA has concerns (based on some well-publicised cases of historic harm) that the governance, systems and controls within banks may fail to ensure that SMEs are treated fairly. In particular, the information and resource asymmetry between banks and SMEs puts SMEs at a disadvantage in understanding complex issues relating to products and charges. The FCA is conscious that only some lending to SMEs is within their regulatory remit (where a borrower is a sole trader, small partnership or unincorporated body, and the amount of credit or hire does not exceed £25,000), and there is ongoing debate (within the Regulator, and in parliament) about widening the regulatory perimeter.
- Credit cards and High Cost lending – In both the HCCR and Credit Card Market Study (CCMS), the FCA found that customers were not given sufficient choice and control over credit limit increases. Both studies also identified the need for firms to develop appropriate steps to identify consumers in financial difficulties at an earlier stage – this should be seen by firms as a read-across to all lending sectors.
- Mortgages – The Regulator remains concerned about the treatment of second charge mortgage customers, with the potential that the business models of some firms are designed to benefit them disproportionally, if customers struggle with arrears. The Regulator will also be continuing to assess the remedies from the Mortgage Market Study (MMS).
Performance management, remuneration and reward
The FCA looked specifically at staff incentives, remuneration and performance management in consumer credit firms, in 2018. This followed a number of other reviews across financial services over the years. That they will be returning to it again in 2019/20 reflects the continued importance of the topic, and the continued challenges firms find in managing the inherent risks.
If an unachievable business plan is the pull factor, an inappropriately designed incentive scheme is the push factor towards poor customer outcomes. In the findings of the FCA:
‘too many firms still operate high risk financial incentives and/or performance management practices likely to encourage high-pressure sales or collections, with inadequate or ineffective controls, and a lack of appreciation of the risks their incentives posed and the controls needed to address them’.
Firms should look at reward in the broadest sense – the incentives of the sales team, the bonuses of senior management, and the commission paid to intermediaries. In the Lending sector, inappropriate rewards paid to brokers can drive the wrong behaviours and result in poor customer outcomes – as highlighted by the FCA in their recent review of motor dealers.
The FCA (alongside the PRA and Bank of England) highlighted operational resilience as a key issue in their July 2018 discussion paper, and it continues to be a focus in the 2019/20 plans. Ensuring continuity of service, and safeguarding data is a core requirement for all firms.
In recent years we have seen a number of high-profile IT failures in the banking sector which have caused significant disruption for customers impacted and raised broader concerns around market integrity. The interconnectivity of retail banking in the financial system means that interrupted services or lost or corrupted data can cause widespread harm. Outside the news headlines, there have been countless more incidents at smaller firms.
While these failures had many different triggers, there are often common causes:
- Lack of engagement from senior management. Operational resilience is too important to be left to operations and IT. Boards and Excos should review relevant MI (uptime, capacity, near misses etc), and demonstrate they understand the issues, and have taken appropriate action.
- Risk landscapes which are too narrowly drawn or fail to fully quantify the impacts.
- Lean programmes which have become dangerously underweight – with cost cutting exercises resulting in insufficient resources to maintain adequate services (under BAU conditions and in times of stress).
- Inadequate oversight and control of change management programmes.
- Insufficient due diligence, and ongoing monitoring of third party suppliers.
Alongside IT failures, there is a growing threat from cyber-attacks. With the threat made worse by the use of complex and ageing IT systems, outsourcing of operations and the growing transfer of data between firms. While incidents at High St companies get the press coverage, there is a growing trend for criminals to exploit the vulnerabilities at smaller and mediums sized organisations. In all cases, firms should also be very much aware that the Regulator’s response to any reported data loss will be much harsher if the organisation cannot demonstrate that GDPR has been fully adopted, and the controls are operating effectively in BAU.
Fair treatment of customers
In the 2019/20 plans, the FCA focuses on fair treatment of ‘existing’ customers – which is a particular focus for the insurance sector. But all firms should be looking at customer outcomes, throughout the lifecycle, from new business to end of life. In retail banking and lending there are particular hotspots firms should consider:
- Consumer Credit – Ensuring appropriate affordability checks at inception, controls around additional credit granting, and the suitable use of forbearance in collections activity.
- Mortgage switching and information flows – Making it easier for consumers to switch mortgage products, particularly consumers who cannot move easily. Enabling customers to make more informed choices, about products and about sales channels (e.g. intermediary vs direct).
- SME banking – Justifying the value of business current accounts (BCAs) and business deposit accounts which pay very little interest, in comparison to the relatively high transaction charges on BCAs and comparatively high fees and charges for other services such as foreign exchange.
- Fairness in pricing and charges – Making sure charges reflect the costs incurred, and that firms do not make excessive profits from consumers who do not or cannot repay in full and on time. Ensuring that differential costs for credit can be justified by risks.
E-money regulations and the Payment Services Directives (PSD1 and PSD2), have encouraged many technology firms to enter the market, increasing diversity and enhancing customer choice. In 2019/20 the FCA will be reviewing the success of Open Banking and conducting a broader investigation into how technology and the appropriate use of data can open up other areas of financial services. In retail banking, there is an intention to continue to use initiatives like PSD2 to encourage competition and foster an environment that helps facilitate innovation and improve the quality of service to consumers (e.g. enhanced fraud controls). September 2019 will also see rules coming into force to govern how Account Information Services (AIS) or Payment Initiation Services (PIS) providers can securely connect with consenting customers’ banks or other account providers to provide their services.
Open Finance, and in particular the continuation of the FCA’s work on Open Banking will be closely aligned to their follow-up work on the strategic review of retail banking business models, published in December 2018. Open Finance will be an opportunity for many, but a threat to some. For incumbent providers there are potential risks that challengers will significantly eat into their market share. However, established players also have the opportunity to utilise new technologies and align their product offerings to new customer requirements.
In a fragmenting market, it is expected that banking and payment services will be increasingly offered in partnership with and between technology firms. It is expected that incumbent firms will increasingly outsource the delivery of major and critical services to third parties, and often unregulated ones. Which reflects back to the challenges around operational reliance, the need for effective oversight, and the perennial truth, that firm’s can outsource functionality, but not responsibility.
The Business Plan is there to give insights into the FCA’s mindset and direction of travel. Firms should review the document and consider the elements relevant to their businesses.
Whatever your sector, it is clear that culture – and the associated requirements under SMCR – is a cross-sector focus that will underpin much of the Regulator’s approach in the future.