Since its formation in 2013, the Financial Conduct Authority has made it clear that it is no longer interested in routine compliance processes. The FCA’s focus is now on how the Compliance team, training and competence (T&C) programmes and the firm’s broader compliance culture deliver the ultimate customer experience, writes Neil Herbert, director of HRComply.

Neil Herbert, Director, HRComply www.hrcomply.co.uk

To effectively regulate the industry the FCA has adopted a new supervisory model, which rather than being reactive is pre-emptive and judgement-based. This means dealing with underlying causes rather than just symptoms and is focused more on firms doing the right thing, rather than just complying with specific rules. Where firms go wrong, the FCA says that the cause is usually not a failure to comply with specific rules but rather there is a fundamental flaw in the firms’ business models, culture or business practices.

At a practical level then, the FCA has made it clear that the focus will be on the outputs not the inputs. What are those outputs? They include achieving appropriate customer outcomes and the highest ethical performance of all customer-facing staff. This means that they are technically competent to advise and provide the most suitable advice in any given scenario and with regard to each individual client.

Subjective judgements

The FCA indicates that achieving appropriate customer outcomes is heavily dependent on firms having a culture that views the interests of the customer as paramount. This needs to be led from the top, instilled in clear business practices that can be easily understood and guide all levels of management when judgements need to be made about what is acceptable and what is not.

The problem with all of this is that it is relatively arbitrary. Without clear rules or benchmarks, how can firms ensure that they are satisfying the expectations of the regulator? Increasingly it seems, the FCA is exercising powers to enforce against both firms and individuals that are driven by its own subjective judgements and agenda rather than by black and white regulatory rules or guidelines.

For example in recent enforcements against ‘market abuse’ the FCA has relied upon Section 118(5) of the Financial Services Act, dealing with trading activity that gives a false impression of the supply, demand and price of investments. The FCA does not, however, impose comparative quantum caps concerning how much of a bond or stock can be held. This leaves the whole process of pricing bonds (particularly in relatively narrowly traded markets) open to claims of market abuse. It seems the FCA will be the judge of what is or isn’t appropriate. With careers and reputations at stake, who would be a market maker in these circumstances?

 Given the consequences that such enforcements can have on businesses and on individuals (not to mention reputational damage and the damage to the industry as a whole) this situation would at best appear to be worrying.

 Addressing conduct risk at its root

The greatest challenge facing Compliance and Risk professionals is trying to determine the acceptable levels of conduct in the multiple market, investment and client sectors that the FCA regulates. There have been many recent references in FCA speeches or press releases about the need for senior management or Compliance professionals to be aware of everything that happens on their watch. Much rhetoric and recent legislation has been directed at holding these senior individuals accountable for any of their staff’s misconduct and shifting the burden of evidence to being one of ‘unless you can prove you did something to stop it, you are as guilty as the perpetrators themselves’. Realistically in large organisations with huge trading floors and wealth management desks, this is simply impossible.

The recent industry response has been to recruit more and more Compliance staff, and this has driven up both demand and salaries. There continues, however, to be little evidence that the issue of conduct risk is being addressed at its root. Neither is conduct risk being put at the top of the agenda by enough boards, with the resultant absence of conduct and compliance strategies being embedded from the top down.

Conclusion

Regulators around the world are giving the management and mitigation of conduct risk a high priority, yet no universally agreed definition of conduct risk exists. In response therefore, compliance officers, risk managers, senior management – and, crucially in my view, HR – need to establish what ‘good’ looks like for their organisation. They then need to put in place the systems, controls and infrastructure to effectively manage and attain that standard.