David Lawton and Jeremy Heales spoke at a breakfast seminar in Dublin on 18^th May, hosted jointly by Byrne Wallace and A&M on transforming culture in regulated financial services. Their remarks particularly focused on some of the lessons that can be drawn from the UK experience.

That experience is drawn from some key case studies, and from supervising regulated firms.

Case Studies

Payment Protection Insurance (PPI)

PPI is the archetype case. Over £29 billion has now paid in redress (and in some people’s view, the cure has raised as many issues as the disease). PPI is not intrinsically a bad product. However, it was sold aggressively outside what we would now call the “target market”, and with very high commission rates.

There are four lessons that flow from this experience:

1) Follow the money! Regulators should focus on fast-growing, high margin business lines as potential high conduct risks. And so should firms.

2) A key part of the regulatory response has been to emphasise “product governance”. MiFID II embeds this for investment services and products, for example, with its rules around product design; target markets; distribution channels; senior management sign-off etc.

3) Flowing from stricter product governance, if firms are going to sell outside the target market, you need to have a good reason.

4) Finally, when there are redress exercises, firms need to take them seriously right from the outset, and not risk having to play catch-up

Interest rate hedging products (IRHP)

This is PPI for small corporates! After the FCA asked several banks to review sales of IRHP (e.g. structured collars, swaps, simple collars and cap products) to “unsophisticated” customers, £2.2 billion has been paid in redress.

A valuable lesson here is that there has been regulatory action, even though unsecured lending to corporates is not within the UK regulatory perimeter. Poor conduct knows no bounds! If a firm is regulated, it should consider all its activity as capable of generating conduct risk, regardless of whether it is in or out of the regulatory perimeter.

This redress exercise has also, de facto, created a sub-divide of what would otherwise be classed as retail customers into “sophisticated” and “non-sophisticated”. So, a second lesson is that firms need to be ready to consider the circumstances of each client differently, even if they all fall in same client classification bucket.

Libor/fx (i.e. benchmarks)

Here, there have been hefty fines (not redress) - over £2.25 billion in the UK alone. They created a massive outcry and led to the setting up of the UK Parliamentary Commission on banking (out of which came the UK senior manager regime).

These cases were about attempted manipulation of markets, not misselling. Indeed, in many cases, it was hard to ascertain who the losers were.

There are three lessons from this:

1) A first key lesson for Boards and senior management is the importance of identifying and challenging sub-cultures and groupthink within their firms.

2) These cases reinforce the need to rigorously identify and manage conflicts of interest on an ongoing basis. Some of the conflicts which were exploited here (e.g. banks having large derivative books whose prices in part depended on benchmarks) arose over time. They should have been spotted and dealt with.

3) This is another case with speaks to the regulatory boundary. Even the FSA said Libor was not a matter for them when concerns about its robustness were originally raised. In today’s world, anything done by regulated firms should be treated as in scope for conduct.

Consumer credit

Consumer credit regulation moved to the FCA, and a new regulatory regime, in 2014. As part of steps being taken to establish new standards, firms in the sector have paid over £900 million in redress since then.

A big lesson is that affordability assessments are becoming key for all lending activities (including, of course, mortgages). Regulators are expecting firms to ask: am I putting the customer in a difficult position?

A related lesson is that how firms treat customers who fall into arrears is now getting specific and separate scrutiny.

CFDs/binary options

This is the most topical example, with ESMA, supported by the FCA, announcing in January 2018 that it will impose restrictions on firms selling binary options and CFDs to retail customers. This is the first use of ESMA’s new product intervention powers under MiFID II. It puts the spotlight back on how firms assess whether products are appropriate for their customers.

The lesson here is that, henceforth, regulators are likely to be more proactive in using their powers to intervene to head off conduct risks before they significantly impact on customers – but with the corollary that firms’ business models might have to adjust very rapidly in response.

What can we learn from UK supervisory experiences

Turning to lessons from supervising firms, there are both poor examples – “7 sins of poor culture” - and good examples – “7 virtues” - that we have seen through our regulatory experiences as ex-regulators and now consultants across many jurisdictions. They should not necessarily be seen in isolation or thought about as examples that are restricted to the past. They are also happening today.

Poor cultural practices

The “7 sins of poor culture” are examples of some of the poor cultural practices we have seen:

• Dominance – this is not just related to the CEO or Chair but can permeate across many important functions, making it difficult for other individuals to challenge or ask questions, which results in poor outcomes
• Greed - excessive focus on profitability, sales, returns etc. without senior management understanding the underlying business model rationale can lead to problems later such as misselling
• “Murder on the Orient Express” and excessive complexity - some firms, sometimes deliberately, create complex structures and reporting lines which make it difficult to understand who is responsible for what. Creating a culture of collective, but vague, responsibilities (i.e. “the murder on the orient express” syndrome – everyone did it!) can lead to poor decision making and lack of an appropriate accountability culture
• Ostrich-like behaviour - burying your head in the sand, when issues or risks emerge or are apparent, but are too difficult to deal with, can of course lead to poor outcomes 
• Old School network - a culture of excessive trust and relying on (or employing) contacts from the “old school network” can lead to poor decision making, when decisions are not based on objective criteria, not subject to enough challenge or diversity of view
• Conflicts - decisions which could be influenced by a potential conflict - staff relationships, third party suppliers, entertainment etc - need to be carefully scrutinised and looked at in the widest possible context

Good cultural practices

The “7 virtues of culture” are experiences we have seen in firms where a “good” culture is apparent:

• Accountability - the introduction of the UK’s individual accountability regime for banks and insurance firms in 2016 has meant individuals are now more obviously held to account for their actions. This has created a clear understanding of who is responsible for what. This drive towards clearer senior accountability is not just a UK phenomenon. It is being seen through legislation such as MIFID II, which sets important accountabilities for the head of compliance
• Leadership - strong leadership through words and actions helps individuals at all levels see what good and not so good culture is about.
• Objectives – taking steps to ensure that all individuals (whatever their level) have a part to play in developing a “good” culture can help create a sense of ownership
• Measurement – measuring what the outcomes of good culture are and look like is difficult. But not trying to measure outcomes is worse. Good firms set out what measures they will put in place
• Value Chain - understanding how the right culture pervades all the way through a firm’s value chain is good practice and helps to demonstrates that it cuts across all activities
• Evidence – well-run firms have evidence of where they stand on culture – approach, outcomes, and measurements -  and, importantly, can demonstrate this to regulators
• Holistic stakeholders – well-run firms think broadly about how their culture impacts on all their stakeholders, to ensure that culture is not “just skin deep” but reflects all interactions 

Our final three takeaways

Pulling all this together, our three final takeaways are that:

1. Conduct risk is allpervasive – there is no room for complacency. Now that regulators have put it on the table, they can’t take it off;
2. The DNA of a firm takes time to get right. If you need to adjust it, be prepared for a multiyear programme
3. Abiding by the rules and making the right judgements is not easy – but leaders and senior managers need to constantly demonstrate a good example, day in, day out.

If you have any questions about the subject matter above, please get in touch with one of the team.