Conduct of Financial Institutions
There is a lot that’s changing in the regulatory landscape, a new language is being spoken; that of conduct regulation. It brings with it a move away from rules to outcomes and speaks to how financial services players conduct themselves vis-a-vie customers.
The regulators themselves are getting to grips with the new reality and the truth is there is no certainty, only questions. How will they supervise and regulate the industry? Anecdotally they still appear to be engaging from a rules-based perspective. This is likely to change though, given the strong commitment they have evidenced in the FSCA 2021-2025 strategy document and the more recently published FSCA regulatory plan 2022 – 2025. The move to outcomes-based supervision is definitely happening and we will need to change too. It is a paradigm shift and requires us to look at our behaviors in relation to customers and the broader market.
As with most significant junctures, it bears a quick review of where we’ve come from:
The FSCA was established on 1 April 2018 as a dedicated market conduct regulator in South Africa’s Twin Peaks regulatory model and aims to:
- Protect financial customers by promoting their fair treatment by financial institutions
- Enhance and support the efficiency and integrity of financial markets
- Provide financial education and promote financial literacy; and
- Assist in maintaining financial stability.
The FSCA’s mandate includes all financial institutions that provide a financial product and/or a financial service as defined in the FSR Act. The Conduct of Financial Institutions (CoFI) Bill provides the legislative framework to enable the FSCA to identify conduct weaknesses within the sector. It's aim is to “strengthen customer protection by putting in place a single comprehensive market conduct law, resulting in the consistent application of consumer protection principles across the sector.” Under CoFI, the FSCA will have extensive powers to investigate and take decisive action to address conduct risks emanating out of both the product development lifecycle and the advice process.
This begs yet another question – what is the role of compliance in all this? I would argue that it falls to us to advise and guide business along the journey and to do so requires of us to understand the concept of conduct risk. It is defined as the threat of financial loss to an organization caused by the poor judgment of managers and employees. Conduct risk management gained more attention after it became evident that unethical behaviour was a primary cause of the 2007 financial crisis. According to the Financial Stability Board, a major learning from the 2007 recession is that reputational risk should not be underestimated, and more attention must be paid to improving the quality of financial products sold to consumers.
Conduct risk is NOT merely an extension of TCF, rather it speaks to:
- How employees interact with customers.
- The product development lifecycle & approval process
- How regulatory requirements are managed
- Decision making
- Mechanisms for employees to report dishonest or illegal business activities without repercussions (whistleblowing)
Firms would need to review remuneration structures, recruitment, performance management, promotion policies to ensure the right values and behaviors are being embedded.
To ensure transparency, conduct risks should be factored into the business strategy, while risk appetites and key performance indicators should be aligned with the decision-making processes and corresponding controls. The focus will shift to customer satisfaction scores, tracking transparency and the advice process, post-sales servicing, and complaint resolution. Conduct risk management should NOT stop at product development as it could be prevalent in almost any aspect of business operations that involves customer interactions. It does not fall under other risk categories (credit, liquidity, market or operational).
In the UK the FCA emphasized that, in line with its Conduct Risk agenda, it expects firms to move away from prioritizing profits over ethics and commercial interests over consumer interests and a tick-box and overly legalistic approach to compliance. We must move away from the idea that disclosure at the point of sale absolves the seller from responsibility for ensuring that a product or service represents a good outcome for the customer. The FCA poses five key questions to firms to gauge the effectiveness of their conduct risk management approach:
- What proactive steps does the firm take to identify conduct risks in its business?
- How does the firm encourage people in front, middle, back office, control, and support functions to feel responsible for managing conduct?
- What support does the firm put in place to help its people improve the conduct of their business or function?
- How does the firm’s board and executive committee get oversight of conduct in the organization? And how do people bring it in to their discussions?
- Has the firm looked at where there are any business activities it is engaged in that undermine its work to improve conduct?
As we’ve seen with TCF, our regulator is predisposed to following the FCA’s lead so best we as the compliance fraternity adopt a similar approach and prepare our firms for this line of questioning. Another very important aspect is the availability of data and the fact that regulators will expect firms to have analized customer data to identify potential conduct risks and implement appropriate mitigation.