Sooner or later we’ll get to the end of lockdown. Before settling into the new normal it’s worth taking a look at how you dealt with the experience as a business, and how it affected your performance. There’s a window of opportunity both to minimise the risk of regulatory repercussions and to identify how best to serve customers’ interests, and your own, in a post-lockdown world.
Most financial services firms have responded impressively to the pandemic, their business continuity management (BCM) plans morphing into business as usual – an achievement that often reflects considerable effort from operations and IT teams.
Inevitably, however, there have been difficulties along the way. For some firms, Covid-19 has been an existential threat, and sub-optimal decisions have been made. Poor advice may have been given to customers. Call recording, staff monitoring and record keeping may have been challenging. In terms of governance, actions and behaviours may not have always been in line with expectations, and individual Statements of Responsibility (SoR) and the collective Management Responsibilities Map (MRM) may not have reflected the reality, on the ground.
As the pandemic subsides, firms have an opportunity to take stock of what’s happened in recent months and, equally importantly, anticipate the “new normal”. We’ve identified three major areas to focus your review on: customer outcomes, data and governance.
Focus on customer outcomes
Look at the choices made during lockdown through the lens of customer outcomes, as opposed to commercial and cash-flow imperatives. Specifically, review the business that’s been written and the customer interactions that have occurred.
Do this proactively, before regulators ask, and apply what you’ve learned to the future. For example, in the key area of resilience, use your Covid-19 performance to see how your systems and processes can be updated to serve customers better. The PRA and FCA were discussing resilience before Covid-19, so be ready for that discussion to restart.
Check data and data management
Evaluate records kept during the crisis and see if they are adequate. Regulators including the European Securities and Markets Authority (ESMA) and FCA have acknowledged that recording telephone conversations has been difficult, but indicated that they expect firms to have utilised suitable alternatives.
So it’s worth checking that your records of calls, and your broader business records, are accurate and up to date. This will strengthen not only your understanding of what has happened, but potentially your defence against claims management companies.
Another area for review is data security and GDPR. The Information Commissioner’s Office’s proportionate response applies for the period of the crisis only. Firms may want to review Data Protection Impact Assessments (DPIA) and Data.
Data security and the pandemic generally are topics for inclusion in BCM reviews. Many assumptions and aspirations in BCM plans will need adjustment in the light of recent experience, as may Remote Working policies and Bring Your Own Device (BYOD) rules.
Scrutinise and rethink governance
If your firm operates under the Senior Managers and Certification Regime (SMCR), those holding a Senior Management Function (SMF) and Certified functions should satisfy themselves that their actions and behaviours during the crisis meet expectations and role requirements. SMFs should ensure they can evidence and justify the ‘reasonable steps’ they have taken. Governance, including SoRs and MRMs, will need overhauling in the light of business change.
Firms should also consider how they are going to undertake effective oversight, in the future. For example, having experienced the benefits of home working, your firm may well be considering operating with smaller premises and less infrastructure, going forwards.. But decentralised operations make performance measurement and management harder. All this has implications for demonstrating effective governance.
Taking a fundamental look at your business post-coronavirus
Issues created by newly decentralised operations illustrate that, as well as reviewing recent experience focusing on customer outcomes, data and governance, it’s also necessary to take a more fundamental look at your business. We can’t yet know what a post-Covid-19 world will look like, but we can be fairly sure that firms’ strategies will change radically, along with customer expectations – and it’s possible that change will keep happening, much faster and more often than we’ve been used to.
Rather than simply fixing issues in existing processes, we suggest examining each element of your firm’s delivery chain asking what value and risk it adds. Once you really understand what matters to you and your customers, you will be in a stronger position to cope with uncertainty and possible volatility.
To discuss any of these issues, please get in touch.