Compliance teams in most firms will have processes and tools in place for monitoring their firm’s performance against each of the major pieces of regulation that have come into place in the recent years. Of course, teams in private moments may be critical of the quality or timeliness of the data they gather and point to the challenges such funding or senior manager support as the cause. However, they will have oversight of key regulatory processes, e.g., SM&CR, DISP, KYC, Anti-Money Laundering, T&C etc. And that puts them and their firms in a good place right? Well, the latest Business Plan issued in April was accompanied for the first time by a Strategy that challenges firms and their compliance teams to reconsider their whole approach.
However, before I focus on the broader implications, a quick synopsis of what’s in the Strategy and supporting Business Plan will help explain why these documents indicate such change for the industry.
The FCA’s publishing of their Strategy is important for a number of reasons. Firstly, it provides a three-year view of their intentions. Secondly, it provides the context into which the annual Business Plans, with their more granular focus, can slot into. Thirdly, and most critically, it commits the FCA to “using our improved data and digital capabilities to be a more forward-looking, proactive regulator.”
In my view, the future compliance teams need to aspire to is one where a far broader set of data is collected, and that data is used to create a rounded view of the firm’s performance.
This Strategy pledges the FCA to have three key areas of focus:-
- Reducing and preventing serious harm
- Setting and testing higher standards
- Promoting competition and positive change.
Supporting these focus areas are thirteen commitments*;
Against each commitment are statements of how the FCA intend to measure progress, both at firm and industry levels. Let me take one example;
The two metrics the FCA will use to measure just one of the thirteen commitments, illustrates how the FCA are broadening their expectations of both themselves and the firms they regulate. Through their complaints processes, every firm should have a clear and up to date understanding of upheld FOS complaints and many will have categorised these by product and service. However, what about consumer satisfaction? Does that feature in there too? I strongly suspect, this is far patchier, both in terms of whether this data is gathered and how it is integrated into a firm’s understanding of its overall performance.
Coming back to the Strategy, there are a few more telling statements worthy of consideration:-
- “We are shifting our approach to focus more on outcomes.”
- “We expect firms and individuals to follow the spirit, not just the letter, of our rules and guidance.”
- “We will give firms greater flexibility on how they deliver good outcomes and focus more on testing, and requiring firms to test, what their decisions mean for customers”.
These telling commitments were supported by the Business Plan which states, “Our Data Strategy will be published in the coming months. It aims to make us more effective by harnessing data, converting it into actionable intelligence and improving our real time understanding of what’s currently happening and, crucially, of emerging risks.”
What this means for most compliance teams is that their oversight of adherence to specific regulation, e.g., KYC, whilst still important, will no longer be sufficient. Therefore, in addition to keeping close eye on adherence to specific pieces of regulation, firms will also need to develop a wider ‘data set’ to demonstrate that the firm is delivering against the FCA’s outcomes and use that data set in a more coordinated and informed way to influence how the firm interacts with its customers. And most important of all, it is clear that the FCA is using its enhanced data analytics capability to spot emerging risks in the firm’s behaviour and correct them before they become real world problems, and they are expecting that firms do likewise.
So, what do compliance teams need to do and how do they start on the journey?
I’m in the fortuitus position that through our relationships with the major trade bodies and our regular webinars, I get to understand the approach many compliance teams are taking. In my experience most compliance teams have processes in place for each of the major regulatory processes affecting their firm. These processes are traditionally managed using a combination of paper and/or a Microsoft Office program, e.g. Excel, dedicated software, or RegTech that has been designed for that piece of regulation. As such, the MI or analytics provide insight into adherence to that piece of regulation only, in other words, helpful but ‘siloed’. The other thing is that this MI often relies on manual intervention by compliance teams, e.g. extracting data from one system and manually importing it into another. Using the example in the table above about the metrics used by the FCA to measure ‘’Putting customer needs first’, MI from the firm’s complaints system should provide information on upheld FOS complaints but what about customer satisfaction? Also, how is the data you have, i.e. upheld FOS complaints, being used to improve the firm’s products and services but undertaking root cause analysis against each and every complaint? In short, compliance teams’ focus in the real world is a very far cry from what the FCA is hoping the future will look like.
In my view, the future compliance teams need to aspire to is one where a far broader set of data is collected, and that data is used to create a rounded view of the firm’s performance. This MI should then be used to proactively inform commercial decisions aimed to improve how the firm operates for its customers, the market and society as a whole. To achieve this it will require major investment in RegTech and deep dive data analytics to provide these dashboards. And for these dashboards to be relevant, they will need to integrate, and be automatically generated. In this new way of working, compliance teams will be supported by behavioural and data science professionals – change indeed!
If that appears daunting, perhaps a more manageable way to look at it is consider the transition as a journey, see below;
My vision is that compliance functions will use the emerging power of a dedicated RegTech solution to collect and analyse a wide range of data, both internal and external to the firm. That the dataset is presented in a unified and balanced way that enables the inevitable trade off decisions about product and service to be made in a predictive way. In other words, by pulling all the different datasets together in content-rich dashboards, firms’ executive teams can make considered commercial decisions today that foresee emerging customer and regulatory risks before they turn into major problems tomorrow, and in doing so, make the firm more attractive to customers, existing and new.
This may sound daunting, indeed for some it will be, however it is the journey the FCA has set itself on and expects firms to do the same. What will be your first step?
