So the proposed details of the Accountability 2 regime are out there and firms now at least have some answers regarding proportionality and the levels of requirement that will apply to them. As before the Consultation Papers’ publication – many firms still appear to be focusing on the ‘least case scenario’ i.e. what is the least they can do to get away with it.
This has to be a worrying attitude and one that just doesn’t cut it with the cultural principles changes that the FCA is looking to achieve across the industry. Instead firms should be focusing on what does good look like and applying the highest practical standards that they can achieve based on the budgets and resources available. Whilst the proportionality issue differences apply primarily to the requirements surrounding the SMF’s responsibilities and governance structures the certification needs are much as expected. Which is to say – not much different to those of Accountability 1. The principles are the same and it is principles that should guide firms’ broader responses to the regime changes – not individual specific rules or requirements. Indeed the conduct rules changes are arguably exactly the same and are the most profound culturally.
is in the area of costs that I think the CP most fails to deliver. The Cost Benefit Analysis presented – and the levels of costs suggested in the CP are frankly – pitifully low.
With regard to the majority of firms – who are captured under the Core regime – the certification and conduct requirements are extensive and are a profound shift from the APER requirements. In that they will be required to prove (at the least – annually) that staff captured at whatever level are variously – competent to perform their job, are fit and proper to do the same and fully understand and also display the levels of conduct expected of them. Regardless of proportionality – this drives the same requirements in my view across the industry and requires the same levels of scrutiny, tracking monitoring and recording. Firms should be seeking to identify what is the best they can do not the least. The difference in terms of cost upfront is frankly marginal. The difference in implied and future costs – if firms get it wrong is very much wider.
It is in the area of costs that I think the CP most fails to deliver. The Cost Benefit Analysis presented – and the levels of costs suggested in the CP are frankly – pitifully low. The initial costs suggested in the CP are very much lower than those reported by respondents and the ongoing costs proposed – are probably less than most firms’ annual reception flower bills! They are in short unrealistic. In addressing the costs issue – firms must realise that the very real changes required will include the inconvenient reality that they are required to manage and maintain the competence, Fitness and Propriety of staff – and prove it – through rigorous monitoring and assessment and that where there are shortfalls in any of the above they must remediate and act, manage, and report those processes accordingly. For those firms that barely assess staff properly through thorough competency based assessment – and that is very many of them in my experience – this shift up in standards and culture represents a major investment in assessment and monitoring processes and – consequently – in technology. In addition firms should be focusing not only on the actual costs of delivering the regime but also the potential costs of not delivering it! The CP ignores the latter entirely. The costs associated with regulatory and reputational risk are intrinsically linked. In any risk/costs benefit analysis firms must consider the key risks they face i.e.
- Market misconduct – insider trading and/or misleading the markets through pricing and trading/dealing activity
- Mis-selling of advice/products – failing to Treat Customers fairly
- General failure to embed an appropriate code of conduct and compliant culture through the business to the regulators’ satisfaction
- Failing to implement proper management and safeguards against financial crime
All carry the risk of the regulator enforcing – and the costs of fines and enforcement are punitive. The SM&CR means that the firm and individual senior managers must prove that they took reasonable steps to prevent such incidents occurring. Without a complete audit trail and thorough oversight of cultural and process infrastructure – this is impossible.
The financial services industry faces ever-more intrusive regulatory scrutiny and tougher penalties. Financial Conduct Authority (FCA) fines reached £1.4bn in 2014. This compares with just over £89m in 2010 and only £7.5 million in 2002.
However, fines are not the only cost of an FCA enforcement intervention – reputational damage can be far more painful. In fact, this is a core element of the FCA’s aggressive credible deterrence strategy that sees publicity and the media as legitimate tools for enforcement.
A recent study by John Armour, Hogan Lovell’s professor of Law and Finance at the University of Oxford, compared cost of damage to reputation following publication of a Financial Services Authority (FSA) Final Notice with the size of fine imposed. Covering cases concluded up to the demise of the FSA in 2013, the study found that the cost of damage to reputation was, on average, nine times greater than financial penalties. Given that financial penalties for individuals can exceed £1m and fines against firms can be much higher – these figures are very significant.
Above and beyond the fines themselves and the reputational damage – there are the significant costs of defending against FCA/PRA investigations and delivering appropriate risk mitigation programmes to the regulators’ satisfaction and can run into the millions of pounds.
In defining a firm’s response to the extended regime therefore – these factors should be taken into account and should form a key part of setting budgets and identifying both associated technology and human resource spend.