Last December the FCA issued a second Consultation Paper (CP) on the Consumer Duty of Care (CDOC) – CP21/36. This CP provided feedback from the earlier consultation on the same subject (CP21/13), together with further views on what the regulator is concerned about and what they are seeking to change.
The key points that the FCA consulted on previously were whether there was indeed a need for a new CDOC, and whether additional Principles, Cross Cutting Rules and Conduct Rules were required in support of this.
This latest CP provides feedback on industry views from the first CP and this feedback has enabled the FCA to provide more detail about the changes they are seeking to implement. Whilst the FCA noted they had received feedback, (235 responses in all) around whether there was really a need for an additional CDOC, their view is that they feel there is a need for additional regulation to help drive cultural change and ensure that consumers are put at the centre of a firm’s business model and operation. They also noted in the CP that “many industry respondents agreed with their approach.”
I hate to say it but are firms holding back on starting the detailed stages of their CDOC projects and waiting for that policy statement to drop in the summer of 2022? If so, it could be a very stressful 9 months for firms if they squeeze their project preparation and delivery into such a small timeframe.
Why, given the FCA have fully implemented SM&CR which has, as part of it, Prescribed Responsibilities for Culture (i) and Business Model (t) is it necessary to also have additional regulation in the form of CDOC many industry participants are asking? Well, one obvious answer is that these Prescribed Responsibilities are only applicable to Dual Regulated firms, i.e., banks and insurers. No Solo Regulated firms have a Senior Management Responsibility for culture and only Enhanced firms have a Senior Management Responsibility for Business Model. So, the FCA cannot rely on SM&CR to encompass the focus on consumer and culture that CDOC is seeking to achieve for huge swathes of the financial services sector.
To put into context why the FCA has focused so heavily on this new proposed regulation, I undertook some analysis to categorise a wide range of most recent FCA fines. The table below lists the major fines in the retail sector in the last 3 years. As you will see I have assessed whether the reason for the fine is SM&CR related and/or CDOC related, and the results make for quite interesting reading.
When you review these fines, it is clear that significant CDOC failings remain despite the regulatory focus for many years from the FCA, and previously the FSA around Treating Customers Fairly and the management of Conduct Risk. Based on that view, it is easy to see why the FCA might have just run out of patience with regulated firms, hence its intention to ‘beef up’ regulatory requirements in this area. Make no mistake, the new CDOC promises to be a landmark piece of regulation, one that is arguably on a par with SM&CR. It is all encompassing and expects firms to leave no stone unturned as they consider everything that they do in the context of the end consumer outcome. Some may say that already exists now, but whether it does or does not through existing regulation, it is clear that what is there is not delivering what is expected.
Part of the intended new CDOC is the requirement for firms to collect data, at least annually in order to re-assure themselves that customers continue to be at the centre of their business models. Interestingly it will not drive greater swathes of new regulatory reporting, but it does drive the requirement for an annual assessment of the effectiveness of the regime at board level. Senior Managers ignore that at your peril as the FCA made it very clear in this most recent CP that they will look to you with regards to the governance and the oversight of this regime. In the CP the FCA commented as follows in this respect. “Under the Consumer Duty, the firm’s board or equivalent management body, will be responsible for assessing whether it is delivering good outcomes for its customers which are consistent with the Consumer Duty. This will be supported by the interaction between the Consumer Duty and the SM&CR. The SM&CR establishes clear senior management responsibility for compliance with the requirements and standards of the regulatory system. The Consumer Duty raises this standard.” So, I think it is fair to say that the FCA have clearly explained what they expect from Senior Managers in this respect.
Although the final rules aren’t due until sometime this summer, if confirmed, firms will need to produce or amalgamate existing data to evidence these customer outcomes. And, from experience, given the time it takes firms to deliver on this likely new expectation from the regulator, it begs the questions about the preparations firms are making now.
At Worksmart, we run regular webinars on a range of regulatory priorities. These webinars are invariably well attended by individuals from different sectors in the financial services industry representing a range of functions in firms, e.g., compliance, HR, risk, governance and legal. Because of this range, we have taken to asking them questions about their own firm in relation to the webinar topic. On a recent webinar, attended by over 200 people, we asked several questions that, in the context of the incoming new CDOC regulation, were quite revealing.
The first question we asked attendees – “What the key regulatory issues were within their organisation?” The answers were as follows.
The attendees rated Consumer Duty of Care below Culture & Accountability, Governance and Operational Resilience. For me, this indicates that firms are still focusing on embedding live regulatory requirements. Whilst understandable, it begs questions about their preparedness for the new CDOC.
A second question focused on the FCA publishing the fact that they have increased their “Tech” budget for 21/22 by approx. 25% and asked what changes firm are planning for their 21/22 Tech budgets?
The results showed that over 75% of attendees indicated that they either had to rely on their internal IT departments to build new or adapt existing systems or ‘pitch’ for IT budget on a case-by-case basis.
In the October 2021 issue of T-CNews, I identified the FCA’s intention to set aside an IT budget of £120m over the next 3 years so it can invest in big data and analytics to understand how firms in each market sector are behaving and identify ‘the outliers’ (Rathi’s word). In the article, I suggested that we may well be moving to a situation where the FCA knows more about a firm’s behaviour than those responsible within that firm themselves. Controversial I know, but this certainly could be how things play out if the regulator is more RegTech enabled than the firms it oversees.
So, whilst the CDOC promises to increase the expectation on firms to collect a rounded set of data on how their own firms perform, if the survey answers from our recent webinar are representative, the industry are neither giving the incoming new CDOC the attention it merits nor are they making the investments in their IT that will enable them to more effectively manage and demonstrate good consumer outcomes.
The consultation period for this CP closed on the 15th February 2022 and, in this CP, the FCA states its intention that firms should have the final rules fully implemented by 30th April 2023; little more than a year away.
I hate to say it but are firms holding back on starting the detailed stages of their CDOC projects and waiting for that policy statement to drop in the summer of 2022? If so, it could be a very stressful 9 months for firms if they squeeze their project preparation and delivery into such a small timeframe.
I find myself asking how many of the FCA’s fines in 2023 and beyond will be for firms not providing good outcomes for consumers because their compliance, risk and oversight teams weren’t ready for a) the more focused requirements of the regime and b) the compressed timelines for compliance.
And on a final note, any implementation of new regulatory requirements will succeed or fail based on the individuals within a firm, how the requirements are approached and whether sufficient time, resource and funding are made available. With many organisations too often the communication and input mechanisms for bringing staff up to speed with changing regulatory requirements is one that is often missed. Organisations might want to consider that within this CP, there was clear focus on a firms Training & Competence arrangements and what firms might want to consider in respect of managing the competence of their people. If that’s not a clue to what the FCA will be interested in going forward, then I for one would be very surprised if firms don’t look to review their T & C arrangements in this respect to ensure that they are fit for purpose by the time the new regime becomes a requirement.