The financial crisis in 2007/08 threw regulation of the UK’s financial services industry into sharp focus. One of the outputs was the Banking Standards Review which reported in June 2013 and whose recommendations will be applied across the whole industry, not simply to the banks and larger firms which are dual regulated by the PRA and FCA. We have seen a new Code of Conduct section in the FCA handbook: COCON. There are five individual conduct rules and a further four rules that apply to the senior managers of a business:
Individual conduct rules
- Rule 1: You must act with integrity.
- Rule 2: You must act with due skill, care and diligence.
- Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators.
- Rule 4: You must pay due regard to the interests of customers and treat them fairly.
- Rule 5: You must observe proper standards of market conduct.
Senior manager conduct rules
- SC1: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
- SC2: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
- SC3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
- SC4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
In addition, an annex to chapter 1 of COCON contains guidance for Non-Executive Directors (NEDs). This guidance should be delivered by the T & C team to ensure that NEDs fully understand the FCA’s expectations that they should provide a challenge to the Board and Senior Management, and where appropriate, this challenge should be robust.
These rules are not necessarily new and will be familiar to anyone who has worked in financial services for any length of time, indeed they are restatements of the Principles for Business and applied to individuals. No-one could really not argue that they are an articulation of best business practice. The question is, how do we embed these into the culture of our businesses. What added value can T & C professionals bring to assist embedding a culture in which these conduct rules are an integral part of business as usual.
Depending upon the size of the firm, the T & C team is in a unique position in that, through its supervisory activity, it has access to every level of management and staff within the organisation. COCON contains an obligation to ensure individuals understand how the rules apply to them and in this way training can be used as a method of embedding the culture of the firm throughout the organisation. As with all aspects of a business, culture is driven from the top. The messages from the Board and Senior Management are key, training can only be effective if it is reinforcing the ‘tone from the top’.
Application of the Code of Conduct ties in with the regulatory focus on conduct risk. Embedding a culture that addresses COCON also addresses the issue of conduct risk.
Conduct Risk was brought to the top of the FCA’s agenda in its 2013/14 Business Plan, section 2.1 being entitled ‘Conduct risks to our objectives’. When the FSA first started discussing Conduct Risk, the industry questioned as to whether it was ‘TCF on steroids or something new.’ This was probably not an altogether unfair question, the FSA had not defined TCF and then did not define Conduct Risk. In reality, Conduct Risk goes much deeper than TCF. Where TCF looked at fair outcomes for consumers, the central principle for Conduct Risk is to answer: are the interests of customers and market integrity at the heart of how the business is run? This fits in with a definition of Conduct Risk as the risk to delivery of fair customer outcomes or to market integrity. Like all risks, the firm, through its Board and Senior Management needs to define its appetite for Conduct Risk, communicate it to the firm then oversee the business is managed within it.
Conduct risk is about the culture of the firm from top to bottom. How do the Board and Senior Management lead the firm, what is ‘the tone from the top’? The effectiveness of leadership can be measured by MI: management information. There is an argument that information can be looked at and put in a drawer. To be effective MI should be Management Intelligence, i.e. acted upon and used to drive the desired culture and behaviours throughout the business.
It is said that suitability is the biggest conduct risk to the Financial Advisory community. Client files are presented as the advisory journey from factfind and identification of attitude to risk, to defining goals and objectives, through research to a personal recommendation to the client. This is completed by a suitability report that outlines why the financial solution meets the client’s needs. There is the risk, for example, that advisers may not identify the client’s real goals but fit them around their chosen solution.
For all firms, culture is a driver for the behaviour of management and staff. In 1976 Edward T Hall developed the iceberg analogy of culture, in that some aspects of culture are visible but the larger portion is hidden beneath the surface. The graphic below applies this analogy to a firm.
Above the water are the policies and procedures put in place to create a business in which the culture puts the customer at the heart of its activities and to manage and mitigate risks, including conduct risk. Below the water are the workarounds that staff use to shortcut the compliant processes. MI as Management Intelligence should alert Senior Management to these workarounds and cheats so they can be addressed through training and coaching. The supervisory regime puts the T & C team in an ideal position to identify where these shortcuts are regularly used.
Thus the principle of conduct risk is broader than the principle of TCF and serves to focus Senior Management on behaviours within the business as a whole rather than simply on staff who have a direct interface with customers. Conduct risk also impacts upon wholesale firms which can adversely affect the market and broadly saw themselves as buffered from TCF.
Conclusion
The Code of Conduct brings a personal responsibility for conduct of the firm to each individual. The culture of the firm is driven from and communicated by the Board and Senior Management. The T & C team can be the catalyst for embedding the desired culture throughout the firm.