By Jacqui Hatfield, Partner, Reed Smith and Melanie Shone, Trainee, Reed Smith
What is an “attestation” and when might we be asked by the FCA to give one?
Attestations are part of the FCA supervisory toolkit used to ensure accountability from senior management in all regulated firms. They commonly require an approved individual to take responsibility for confirming that the company has, for example, delivered customer redress, or has the appropriate governance arrangements or systems and controls in place.
They are essentially a means by which the FCA can gain personal commitment from an approved person that specific action has been taken or will be taken, often without requiring ongoing regulatory involvement. The FCA’s aim is to ensure that there is clear accountability and senior management focus towards making any necessary changes.
We have seen attestations commonly used in conjunction with other FCA supervisory powers, such as following the conclusion of a Skilled Person Review under Section 166 Financial Services and Markets Act 2000.
Who should not be giving an attestation?
An attestation should be given by the most relevant significant influence function holder (for example, the significant influence function holder who is responsible for the area of the firm at which the issue has arisen or who is responsible for addressing the issue).
However, while attestations were originally intended for the most senior management, we have seen these being directed towards compliance officers for whom it may not be appropriate to take on the personal liability attestations bring without at least the CEO or a Board member attesting alongside them.
Ultimately, the question of appropriateness of the individual is for the regulator to decide, in (we would hope) dialogue with the firm, individual(s) concerned and their respective advisers. The most appropriate person (or persons) to make an attestation will very much depend on the situation of the firm, the objectives of the attestation and the particular factual circumstances surrounding the FCA’s request. There are no “right” or “wrong” individuals. However, we would generally expect most attestations that undertake to take future actions to be made by the most senior individual(s) in the firm who has/have both the necessary authority and responsibility to initiate the changes required.
What if the attestation turns out to be false or the terms of an attestation are breached?
Attestations are an enforcement tool. It is important to remember that in seeking an attestation, the FCA is trying to ensure both personal accountability and senior management focus for implementing any future action required by the regulator. The FCA’s stance on enforcement action more generally is clear; it intends to pursue more cases against individuals and hold members of senior management accountable for their actions. This of course, echoes the forthcoming introduction of the Senior Managers Regime and Senior Insurance Managers Regime, and extension of the Senior Managers and Certification Regime across the regulated financial services sector.
Ultimately those providing an attestation, and also potentially the firm itself, remain exposed to the full suite of enforcement measures open to the FCA to take for regulatory breaches (this may include, for example, public censure, financial penalties or suspension/withdrawal of permissions).
There are several key issues to consider if, after having made the attestation, it turns out to have been untrue or any of its terms not complied with.
Enforcement action under the terms of the attestation.
Firstly, the firm and individual should consider the potential for any action to be taken under the terms of the attestation itself. At a very high level, a failure to act with integrity could result in enforcement action against an individual for breach of Statement 1 of the Statement of Principles for Approved Persons. In addition, approved persons are required to act with due care, skill and diligence in performing their accountable functions and managing the business for which they are responsible (including taking reasonable steps to adequately inform him about the affairs of the business). If the individual made the attestation as to a statement of affairs without exercising such care and reasonableness, there could be a question over their compliance with Statement 2 and Statement 6 (amongst others) of the Statement of Principles for Approved Persons.
The Supervision (SUP) Manual of the FCA Handbook requires that a firm must take reasonable steps to ensure that all information it gives to the appropriate regulator is factually accurate or, in the case of estimates and judgments, fairly and properly based after appropriate enquiries have been made by the firm.
An attestation given as to a particular state of affairs or future action, combined with a failure to have (i) taken reasonable steps or (ii) carried out appropriate enquiries as to that state of affairs could leave both the attester and firm exposed to enforcement action.
Should we notify the regulator that the attestation is/may be false, misleading, inaccurate etc.?
Secondly, the firm and its approved persons have an obligation to deal openly and cooperatively with the FCA (Principle 4 of the Principles of Business and Principle 11 of the Statement of Principles for Approved Persons). Firms are also subject to rules that require them to notify the regulator in the event that any information it has provided to it is or may have been false, misleading or inaccurate or information that has changed in a material particular. Consequently, there is also a related question of whether the individual/firm should notify the regulator that the attestation turned out to be (or may be) false, misleading or inaccurate.
This is a highly sensitive area on which we would suggest that firms seek specialist advice at the earliest opportunity.
Action for underlying regulatory breaches
There will undoubtedly be an underlying question of regulatory compliance that motivates the FCA towards requesting an attestation is given. For example, consider that an attestation was given to the effect that the firm has adequate systems and controls in place in relation to a specific area of concern to the FCA, and that it then materialises that the firm’s systems and controls were in fact inadequate. Subsequent enforcement action by the FCA could be both in respect of the false attestation and also for any underlying systems and controls breaches themselves.
Points to consider when faced with a request for an attestation
We have set out some points for consideration in the rest of this article. In summary, it is of crucial importance for any individual receiving a request for an attestation to remain cautious, not rush into providing an attestation to the FCA and to carefully consider all the relevant facts and circumstances of the situation.
The scope, content and timing of the proposed attestation should be given careful consideration, alongside the objectives the FCA is thereby attempting to achieve. Independent legal advice can help individuals to evaluate and consider the potential consequences and personal risks, and to help them (and the firm) to put together a tailored strategy in order to mitigate these.
The FCA has publically stated that attestations should be clear and realistic: i.e. specific, achievable and have realistic (but demanding) timelines. Depending on the circumstances, it may also be necessary to engage in constructive dialogue and negotiation with the FCA on the proposed terms of the attestation.
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata
An octopus has nine brains: one for each tentacle and plus one at the centre. Each tentacle can react super-fast to local stimuli to grab opportunity, hide or defend itself and the wider body. Many of these reactions are instinctive. But the central brain is essential, monitoring and analysing information from across the organism, and taking crucial decisions that ensure survival. It controls the whole body, makes strategic decisions, and ensures coordinated action by all the tentacles. The octopus’ seemingly miraculous speed, shape-shifting and camouflage capabilities, controlled by its central brain, are themselves a useful analogy for the future of retail.
Retailers need to adopt a similar approach leveraging enterprise-wide data and analytics not only to react fast at the edge, sensing and responding to changing customer behaviours and local market dynamics in each individual store, whilst also constantly informing strategic and future-focused decision-making.
As we’ve seen, for too many retailers brain and body have become separate, with data informing discrete projects and engagements but not used to transform entire business processes. Disconnects, friction and manual interventions in processes have all been highlighted in the current crisis, but they have been slowing things down and constraining value delivery for decades. To survive, the retailer of the future will have to become agile and able to respond to rapid and constant change. Just like the octopus, some responses will be automated; analytically enabled, managed and executed, while the central brain co-ordinates activities, thinks ahead, constantly learning and adapting to its environment.
The octopus has evolved over millions of years to develop and adapt its highly sensitive response capability. Retailers have had a few weeks to discover the benefits of a similar approach. Siloed solutions and manual processes cannot cope with the speed and scale needed to survive. As many will have experienced over the last few weeks, simply reporting what has happened can involve huge effort for little reward. Data is an asset, but it must be leveraged to deliver business advantage if it is to be valued. In later blogs I’ll demonstrate how data adds value to specific functions within retail, but for now I’ll share one example of how data can transform a process to create value on the shop floor.
In store bakeries are popular with customers, driving traffic, sales and margin and larger customer baskets. But margin can quickly disappear if too many or too few croissants are baked. One major supermarket, with over 400 in-store bakeries, found it had over 400 different ways of deciding how many items to bake during the day! To reduce waste and increase availability the retailer’s ‘central brain’ built a predictive model using data collected from across the organisation. Running the algorithm for each bakery with local, real-time data on current trading conditions automatically calculates exactly how many croissants bakers should make in each store and when to bake them. This one algorithm has delivered over 10% in additional sales.
This is the sort of transformation that retailers must embrace – not only knowing what customers in each store want but acting on that knowledge by innovating a way to better meet their needs. Growth-orientated retailers tell us they have three strategic priorities: a hyper-personalised, frictionless customer experience across all channels; more relevant localised and personalised Customer value propositions; and agile, cost efficient operations that respond to the demands of the modern digital economy. All demand reliable, trusted and real-time data at every point. The retailer of the future will run more than 50 million queries per day. That scale of data: every product in every store, every customer through every channel, 24/7, 365 days a year, means that automation is the only way to act at the speed needed to compete.
Automating the routine, while managing exceptions and alerts, creates time and space for more strategic analysis so retailers can switch from firefighting to scenario planning and simulation. This literal mind-shift opens the door to more strategic and forward-looking analytics and the use of big data to create new added value activities. Using data to define tomorrow’s opportunities and strategise the best next steps will build an agile business capable of responding to the demands of the modern digital market.
The global pandemic has been a harsh wake-up call for many in retail. Creaking systems, siloed and hard to reach data, and intensive manual processes have all been strained to breaking point. Those that were already set up and using enterprise-wide analytics will have fared better, but even those who have not taken the first steps should now see the urgent need to use data to transform their businesses. Luckily, evolution in retail does not need millions of years, and in the next few weeks I’ll outline how individual roles and functions can rapidly use data to change the way they do business. And you don’t need nine brains to do it.
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront
During the first stage of the lockdown in the spring, almost half of Brits worked remotely, causing businesses to completely rethink their working structures. Employees too have re-examined the traditional working day and now as many as 72 per cent of UK employees want to continue working from home, at least part-time. They state that working remotely helps them increase productivity and offers a better work-life balance. This sentiment from workers coupled with strong financial motivation for companies to continue to support distributed workforces, it seems unlikely we’ll ever return to the office in exactly the same form as before Covid-19.
In fact, for many, the office nine-to-five is already in the past. Instead, the pandemic has accelerated the trend of “nomadic work”, where a healthy percentage of employees can work from absolutely anywhere. This helps workers find the balance that works for them, whether that’s sometimes in the office, a couple of days from home or even working while travelling.
Covid-19 has proved that where we work isn’t as important as we thought. Instead it is how we work, and the outcome of that work, that’s critical.
A moment of shock-change for business
The pandemic has thrown companies into a moment of shock-change, as they have had to determine nearly overnight how to support a now-remote workforce. How, when and where we work changed, making maintaining productivity on the right work in this new environment incredibly difficult.
Realigning on what it means to be productive – and how to measure that productivity – is now essential for companies. The notion of a structured, on-premisis workday where activity could be observed and continually calibrated is a thing of the past. And yet, in order to navigate the current and future state to positive business outcomes, this new distributed workforce must function as an interdependent web that consistently generates not just output, but focused and strategic outcomes.
We need more than just communication tools
For some businesses the move to remote working was a new concept, and they experienced a sudden, greater dependency on technologies they had not typically used before. Zoom, Teams and Slack have become defining tools amid the pandemic, with many individuals using them both to continue business operations and socialise with colleagues they otherwise could not see physically. It was a fast and simple way to connect colleagues who were suddenly working in isolation.
When the pandemic struck, the question most leaders focused on was simply: “how do we keep everyone talking?” And while that was an important first step, the fact that the workforce could communicate didn’t necessarily mean they had the support they needed to engage fully in the right work.
Strategic work needs more than just communication, it requires constant connection between the day-to-day work (wherever it happens), and the prioritised objectives of the business.
Keep working towards the same outcome
Present and future work requires that companies meet employees where they are, with the right processes and technologies to support them in becoming, and staying, engaged with both each other, and on work aligned to strategic objectives.
Collaboration technologies have seen a huge surge in uptake as leaders look for ways to keep their newly nomadic workforce productive. And while most collaboration tools can help teams coordinate and complete tasks and projects, without broader connectivity to systems, teams and departments across the rest of the business their impact is limited.
Tasks and projects themselves do not exist on islands. They require budget and personnel data from financial and human capital management systems to properly allocate and manage resources. Many projects require compliance oversight from legal and regulatory departments. Work also happens in specialised applications such as Jira, ServiceNow and Adobe.
Unless collaboration tools can integrate with the data, and processes happening in those and other applications, work stays siloed, and employees and leaders have limited context and visibility into why and how work is – or is not – progressing toward the right outcomes.
Work management engages your team, wherever they are
Work management practices and platforms are fundamentally different to collaboration applications. Instead of focusing solely on connecting people and teams, they are designed to connect strategy to delivery. This shift in approach absolutely requires that nomadic workers are outfitted with the right communication and collaboration support, and then goes several steps further.
Enterprise work management platforms also integrate work and data across people, systems and departments, providing context and connection for frontline workers, and visibility and navigation for leaders. Wherever they’re working, each person has what they need to do their best work, and the assurance that their work is making an essential contribution to a larger whole.
Harness the creative spark of your nomadic workforce
The pandemic meant businesses had to take a deep look at the way they work and operate to support their workforce from home. Now that we know nomadic working is here to stay, organisations must think beyond just the digital systems they need to get staff talking. It’s time to rethink the best way to build a truly nomadic working structure for your enterprise.
We’re in a time of workplace transition. ERP systems previously transformed how enterprises manage corporate resources and CRM solutions helped businesses find value in customer data. Now, work management platforms are set to transform how companies manage work — including nomadic workers — to become creative forces and give enterprises a competitive advantage.
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA
The changes that COVID-19 has caused in rapid succession make it hard to slow down and think about just how to approach the retail and payments landscape and a world that will never be the same.
But it is important for retailers and financial institutions to take a breath, think about where consumers are headed and come up with a strategy to take your enterprises there in time to meet them when they arrive. Granted, all this is going on in the midst of great disruption in the world of online payments.
First, ecommerce sales have accelerated at an unprecedented rate. When the World Health Organisation in March declared a global pandemic and government began ordering non-essential stores closed, consumers turned to online shopping for necessities and nice-to-have items.
Ecommerce sales in Europe peaked at 70% year-over-year at the height of online buying during the pandemic, according to Signifyd Ecommerce Pulse data. With non-essential stores reopening and with consumers less inclined to stockpile, online buying has cooled, but ecommerce spending in September remained at double their year-ago figures in some key verticals, according to Signifyd Ecommerce Pulse data.
That shift was unforeseen before the pandemic hit. But another disruption was long-anticipated and human-made. By the end of the year in most of Europe, merchants and banks will be required to adhere to the payment regulation known as PSD2 and it’s requirement for Strong Customer Authentication.
And while the UK has pushed enforcement of the regulations into 2021, the earlier enforcement deadline will apply to UK merchants who want to sell into the rest of Europe.
Interestingly enough, most of the worry over SCA has focused on whether merchants were ready for the change. But financial institutions also have work to do to prepare for SCA, both to serve their consumer account holders and to process transactions from their commercial customers, such as retailers. And while conventional wisdom has dictated that financial institutions are in a better position to offer SCA than are many retailers, a recent survey by Signifyd indicates that assessment might be overly sanguine.
Survey shows financial institutions need to reach out to customers
The September survey of 1,500 UK consumers found that 41% of respondents had encountered extra steps and complications while accessing their banking accounts in the past year. More than 37% said they had been unable to complete a financial transaction in the past year due to new security factors and 46.5% said they were very or somewhat likely to give up on a transaction that requires two-factor authentication.
Not very heartening results for institutions facing a requirement that customers be authenticated by two of three factors:
- Something the customer has (such as device ID).
- Something the customer knows (such as a one-time password).
- Something the customer is (such as a fingerprint or other biometric trait).
Part of the problem could be customer education and communication — or the lack of it. According to the September survey, 74.3% of consumers said they were either not entirely sure how SCA will affect them (34.3%) or that they were not at all aware of SCA and how it will change transactions (39.1%).
These worrisome findings actually point to an opportunity for financial institutions and retailers. JP Morgan notes that with ecommerce sales rising so dramatically, an increasing number of consumers are becoming familiar with two-factor authentication.
Signifyd’s own data shows a sharp increase in the number of online shoppers who had never or rarely shopped online before. The number of new customers buying from merchants on Signifyd’s Commerce Network, for instance, more than doubled in May, compared to pre-pandemic figures. (Signifyd defines a new online shopper as a customer who has not made a purchase from the more than 10,000 merchants on its global network for at least a year.)
The increase in the number of new shoppers arriving online has slowed, but it is still well above a-year-ago figures. And about half the new users trying online shopping return for multiple purchases within 30 days, indicating they are developing new digital habits.
That means banks and merchants have an opportunity to help these new consumers become accustomed to security safeguards like SCA even as they are getting used to shopping online in general. When done right, this early consumer education will ensure that these new shoppers and bank customers will be comfortable with SCA, given that it’s the way they’ve shopped and banked online since the beginning.
New online customers create new opportunities for merchants and financial institutions
So, online transactions are exploding. Consumers who eschewed ecommerce shopping before are becoming regular online shoppers. All good news. But what should retailers and financial institutions be doing to take advantage of the good news — and to make sure that those new online users become loyal customers.
Getting customers comfortable with transacting in the SCA era, of course, is just the beginning. Retailers and bankers want customers to be delighted with their online experience, a standard that is a few notches above “comfort.”
SCA requirements present an opportunity for retailers to fortify their fraud protection with state-of-the-art, machine-learning systems that will provide a better customer experience today and position them to accommodate future changes to payments regulations.
The trick will be to offer a friction-free customer experience while still protecting the enterprise — a feat that will require merchants and financial institutions to look at state-of-the-art technology to power their SCA systems. Consultancy CMSPI predicted that merchants could lose £108.1 billion in annual sales because of new SCA rules.
CMSPI says the new 3D-Secure version 2.0 that provides the infrastructure for SCA transactions will kill 35% of transactions because of technical problems, declined orders and delays that frustrate customers.
But that assumes retailers don’t turn to innovative solutions that improve the performance of 3D-Secure-powered payments systems. The tools are out there as technology companies have been developing solutions to streamline SCA and make the process far more efficient.
Long-term steps for building loyalty among existing and new customers alike
The pandemic and its disruption feel like they will never end. But they will. Retailers will want to be in a position to build on the relationships they’ve initiated with customers before and during the lockdowns and social distancing.
Some of that will be redoubling efforts they’ve made all along. They’ll want to build flawless online experiences. They’ll want to provide intuitive navigation and enhance the customer experience with engaging content, precise personalisation, invaluable customer support, seamless checkout and instant order confirmation.
Beyond that, it will be important that financial institutions and retailers to clearly communicate with their customers so that they know the rationale for SCA and understand that it protects all parties involved in a transaction.
Automated systems can help with many of the initiatives that lead to improved customer experience. AI-powered content management systems, personalization engines and automated inventory control can advance discovery and fulfillment performance. Fraud and automated order management systems that instantly determine the most efficient way to comply with SCA requirements can speed checkout and reduce the chance of cart abandonment.
No question, the COVID-induced upheaval can make planning for the future seem a little overwhelming at times. But retailers that find the mental space to plot the future step-by-step will find themselves in a strong position today and in the post-pandemic future that we all look forward to.
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA)...
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront During the first stage of the lockdown in the spring, almost half of Brits...
The value of digital identity in payments
By Vince Graziani, CEO, IDEX Biometrics ASA In ever more challenging times, the payments industry needs to maintain trust by...
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA The changes that COVID-19 has caused in rapid succession make it hard to...
How NatWest used social media to better target its communications
By DuBose Cole, Head of Strategy, VaynerMedia London For banks, it is imperative to reach their existing – and potential...
It’s time to press ‘reset’ on travel and expense processes
By Rudy Daniello, EVP of Corporations, Amadeus Travel & Expenses(T&E) is a large spend category for companies across the globe....
Covid-19 and the rise of remote payment fraud: how do we catch a digital thief?
By Evgenia Loginova, co-founder and co-CEO of Radar Payments Covid -19 is finding different ways to hurt our finances –...
Effective financial planning will secure businesses a certain future
By Simon Bittlestone, CEO of financial analytics company Metapraxis 2020 has been an unpredictable year, bringing further volatility to already...