Regulatory focus on behaviour & outcomes. Are you ready?

0

“A significant part of this debate (Responsibility to act in the public interest) turns on the issue of outcomes versus rules. Rules are a crucial mechanism for delivering outcomes, but can also be interpreted so rigidly as to become a box-ticking exercise”.

“This is the lesson we want to see reflected in a firm’s behaviour…. Any organisation that prioritises being within the rules over doing the right thing, will not stand up to (Regulatory) scrutiny for long.”

Andrew Bailey’s, CEO of the FCA, July 2019’s FCA Annual Public Meeting

This poses several questions:

  • How do firm’s evidence that they are doing the right thing across the whole piste?
  • How does Compliance and Audit need to change to meet this focus on the right outcomes?
  • What will the Compliance and Audit evidence look like if there are no documented and predetermined rules to subsequently audit against?
  • How do you assess the Risks if you have nothing to assess it against?
  • What does ‘firm’ behaviour mean?

Perhaps there hasn’t been enough pain yet or in the case of the FCA it is just waiting for SM&CR to be fully implemented

Perhaps it is better to focus on the last question.  What is the regulator expecting from organisations?  Well the first thing will be the focus to reduce the tick box mentality i.e. ask a question; look for the evidence that the pre-determined rules, procedures and processes have been followed.  If they have ‘tick the box’, if they haven’t raised a non-conformance, a backward looking approach and one that is focused on mechanistic outputs not outcomes which is the true deliverable, experienced by stakeholders.

In addition, this rule-based approach assumes that everything can be pre-determined and that human beings will always follow these rules in every circumstance.  It assumes that people are robots, which they are not, and have to react to situations that cannot always be predicted.  The other factor is that rules are often someone’s mental construct.  It may be a picture of reality, but it isn’t reality.  These enduring failings of existing approaches is what, I believe, Andrew Bailey is targeting and by firm behaviour he means an expectation of change or at least a re-positioning of the balance between what can and cannot be predetermined and audited accordingly. A regulatory focus on behaviour and outcomes.

“We view incidents like the Woodford affair as an example of this – where firms are following the letter, but not the spirit, of the rules. It raises questions about the rules themselves.”

Andrew Bailey’s, CEO of the FCA, July 2019’s FCA Annual Public Meeting

Is the FCA alone in the change of focus?

Definitely not. Whilst International Standards, including Corporate Reporting, have changed to be more risk and outcome based there is little evidence that certification, accreditation bodies and suppliers of audit & compliance services have changed or at least none that I have seen.  Perhaps there hasn’t been enough pain yet or in the case of the FCA it is just waiting for SM&CR to be fully implemented

Avoiding the ‘will not stand up to scrutiny for long category’ trap?

No doubt some will say they have already made the change or in part which is good.  Others may well be in denial believing what they currently do and have been doing for years is enough. There may not be a complete list of factors to consider in terms of making this change but the following are offered as some thoughts and suggestions to meet this regulatory focus on behaviour and outcomes:

  • Is this change increasing the cost of compliance?  If it is or there is pressure to do so then this may be an indicator for a review of audit, compliance and risk activity.
  • Do the compliance team and auditors know the difference between a mechanistic system focused on outputs and an organic system (reality) focused on outcomes and how to review and audit each?
  • Do compliance and audit techniques gather evidence of what people achieve, the impact or outcome of how people behave, not just what they say they do or write down?
  • Do compliance officers and auditors have the capability to consistently analyse the outcome of how people behave (the real evidence) and report this against business performance and compliance outcomes? (What does the evidence mean to risk and compliance, is it this that the FCA and others are seeking to achieve).
  • Do compliance and audit reports signpost predictive risk to compliance and performance outcomes? Is this predictive analytical approach scored so that business leaders can see risk levels and thus manage individual and collective behaviour accordingly.

This business issue is not now just about compliance, it is about optimising business outcomes be that profitability, management of overheads, customer experience and other desired and undesired outcomes.

 

 

 

 

Share.

About Author

Multi award winning financial services training and consultancy firm. Working with firms across all sectors of the financial services industry.

Leave A Reply