Continuing 'Music' Lessons from FCA Enforcement – Even When There Isn’t

I continue my review of FCA enforcement cases to draw practical lessons about risk management.  See my previous posts here and here.  One example of a music note is a ‘rest’, which tells you not play your instrument.  I have come across a similar one in terms of FCA enforcement.  This is about an FCA announcement that explains a breach of FCA rules where no enforcement action in terms of a fine is mentioned.  

The case relates to charges of mortgages arrears by the Yorkshire Building Society.   The FSA handbook only allows charging cost-reflective arrears fees (MCOB 12.4R).  However, arrears is defined in the FSA glossary as missing more than two payments.    

The FCA press release (here) does not provide a lot of details about the case.  It suggests that the issue was discovered after the FCA raised concerns.  It is usually not an ideal starting point when a regulatory breach is discovered in the course of a supervisory visit.  The Yorkshire Building Society found that “some of its customers in arrears may have been charged fees incorrectly”.  So in this case, we cannot learn what the actual breach was.  Was it that the building society charged arrears too early? Were the charges “excessive”, i.e. with respect to costs?  I don’t know but we can still learn from this silence.  

The FCA press release says that the building society “will voluntary refund all administration fees for mortgage arrears since January 2009”, which means that “borrowers who were charged correctly will also receive a refund”.  The amounts involved are not trivial: £8.4m to be refunded to nearly 34 thousand customers.  Just to put this in context for the business, this represents about 5% of the societies' profits in 2013.  This would probably underestimate the total cost which will include running an operation to reach out former customers and make the refunds as agreed with the FCA.  

The FCA handbook includes a section on enforcement, which sets out the considerations that the FCA will take into account to decide whether to take action for a financial penalty or public censure.  There are two considerations for the FCA: the seriousness of the breach and the response of the regulated firm.  You read about the specific considerations in the enforcement notices as part of the decision process to set the fine.  They usually include a reference to the co-operation of the firm in the investigation of the breach.  The considerations also include “any remedial steps the person has taken in respect of the breach” and “the likelihood that the same type of breach will recur if no action is taken”.  

The lesson is rather simple.  We focus on risk management as the tools of reducing the likelihood or impact of events.  However, the unpredictable can happen and then proactive risk management is about working with the regulators to address the issue in a way that minimises legal costs and reputational costs.  Compensating customer is the ultimate form of redress.  It suggests that delivering extensive compensation (here to all customers on mortgage arrears since 2009) and, I guess, quickly can have an effect.  

The FCA has shown that it is willing to read the Handbook in the round and not take enforcement action when, in its judgement, it’s in consumers' interest.  

Solvency 2 Training

Solvency 2 implementation is approaching fast.  I am running a training course in early April organised by Euromoney.   Over three days, I will provide a solid overview of Solvency 2.

Further details about the course, including an overview and dates, can be found here.

More ‘Music’ Lessons from FCA Enforcement

I mentioned in my previous post (here) about the contrast between the inability to learn music from the noise that a grand piano would make if dropped down a staircase and the ability to learn lessons about risk management from FCA enforcement actions.   On this occasion, I am reviewing the FCA enforcement notice against ‘JLT Speciality Limited’ (JTLSL) from December 2013 (here – all references are to this document).  

JTLSL provides insurance broking, risk management and claims management.   The enforcement case concerns failures of its anti-bribery and corruption arrangements.  This is a specialised area of the FCA Handbook.  However, the lessons are quite wide and applicable to other areas of financial regulation.

The ‘relevant period’ of the breach appears relatively long: from Feb 2009 to May 2012.   The resulting fine was £1.9m. 

Interestingly, while the FCA has been emphasis outcomes as a driver of regulatory intervention (‘The FCA approach to advancing its objectives’, July 2013), in this case the FCA seems less keen on it.  The FCA acknowledges that there is no evidence that the company had permitted any illicit payment or inducement to any overseas introducer.   

As it is usually the case, there were policies and other high-level statements setting out the company’s expectations in terms of how the risk of bribery and corruption should be managed.  At different times, it appears that the shortcomings were related to the:   

(a)   lack of practical requirements to enable the appropriate activities to take place; this includes the lack of requirement on employees to take steps to establish whether the introducer was connected to the client (para 4.22); and the lack of ‘any’ guidance to enable employees to operate the high-level anti-bribery and corruption procedures in place (paras 4.11 and 4.12);

(b)    failure to follow the company policy requirements;  the FCA refers to the failure to gather the required information to assess the risk (para 4.36) and to follow up the actions required in the policy, typically, an enhanced sign-off if certain conditions were evidenced (paras 4.37 and 4.38).

These are important lessons to anyone working in the implementation of regulatory requirements.  

A slightly different, and equally interesting, remark in the enforcement notice is about the challenges of gap analyses, in particular where FCA rules and legislation (Bribery Act, 2010) cover the same area.  Typically, financial services regulators impose more onerous and comprehensive requirements than general legislation so the choice of benchmark is vital.  This means that the extent to which gaps may be identified and the reassurance provided by a gap analysis would depend heavily on the benchmark selected. 

I mentioned earlier that this enforcement case relates to a period of over 36 months. During this time supervisors visited the company three times to assess systems and controls in relation to bribery and corruption.  JTLSL also accepted a voluntary variation of permission such that it ‘was unable to enter into a new relationship with third parties without prior approval from an independent skilled person’.  

Not surprisingly, the FCA recognises the costs incurred by JTLSL, in terms of financial costs, opportunity costs and management time. 

I am therefore left with a simple question: why wasn’t this fixed in a timely manner to avoid enforcement action?  I don’t really know.  I have read and discussed the importance of the ‘tone from the top’ on regulatory issues which sets out priorities for employees.  I wonder if this could have been a factor.  

The Piano, FCA Enforcement and Lloyds TSB, Halifax and Bank of Scotland

I heard once that you can’t learn music from the noise that a grand-piano makes when you drop it down a staircase.  Alas, we should be able to learn something about risk management from the FCA’s enforcement notices.  That’s one of my ambitions for 2014. 

I am starting with the FCA’s enforcement action on Lloyds TSB, Halifax and Bank of Scotland announced on 10^th December 2013 (here – all references are from this document).  The case relates to the lack of appropriate controls around financial incentives to advisers in branches.   

The FCA clarifies at the outset that there is nothing in the rules against “[incentivising] staff to sell a particular product” provided that a firm’s “systems and controls are sufficiently robust and sophisticated to mitigate effectively the risk of any adverse impact the incentives may have on staff behaviour”.

It is therefore not entirely surprising that the FCA articulates in detail the specific features of the remuneration system that added to the risk of consumer detriment, including

1.       variable basic salaries;
2.       bonus thresholds disproportionate effects for marginal sales;

3.       uncapped bonuses; and
4.       advanced bonus payments that could result in advisers being in debt. 

The FCA makes an interesting comment about the sophistication of the performance reward and the concern that senior management did not appreciate the potential consequences.  “The root cause of these deficiencies was the collective failure of the Firms’ senior management to identify sufficiently remuneration and incentives given to advisers as a key area of risks.” 

I was puzzled as to why this could happen.  Here are my own explanation from reading the details of the case.

1.     The complexity of the system makes it challenging understanding the incentive properties.  It seems that the system involved: (a) translating premium and product features into “points” (see example in page 15); (b) checking against target “points” monthly and on a rolling three months basis; and (c) translating points into pounds.  Inferring the incentive properties and potential product bias would not have been straightforward for busy executives. 

2.      A possible misunderstanding of the incentive properties of headline bonuses.  In some cases, the incentives could be small in absolute terms, e.g. £5,000 over a year if monthly targets were consistently met.  However, I wonder if there was an appreciation of the impact on behaviour for someone on a £33k salary (mid-tier adviser, para 4.29)  Indeed, the FCA says that the relevant governance committee “only considered the [remuneration] schemes at a high level” (para 4.104(1)).

Given that, it is not surprising that these performance incentives were not backed by appropriate controls.  In particular, it is not surprising that quality controls such as file reviews focused on sales that were regarded as ‘high risk’ by reference to customer rather than the adviser profile or track record. 

There are also two interesting comments in the enforcement notice about controls. 

1.       The main failure was not the absence of controls but the lack of appropriate linkages between relevant controls.  In particular, while there were certain quality assessments of sales, advisers could receive their bonuses even if issues had been identified.

2.       “The large number of people involved in the process [of governance over the incentive schemes] and the fragmented nature of the controls.” 

This is a good illustration of the observation that the main challenge of risk management is to apply the appropriate “top down” vision and strategy.  In its absence plenty of activity and resources, leading to potential complexity, will take place as evidenced here but with limited effectiveness.  In this case, the fine was £28m which excludes remediation costs, compensation and management time.

Risk Culture in Financial Services

One of the many issues that seems to puzzle some academic researchers seems to be the multiplicity of risk management approaches and, by implication, risk cultures.  One implication is to urge caution about codifying risk management.  The hope is that over time experience will accumulate, which will help us understand the need for this variation (here). 

I recently came across an interesting research report from Michael Power, Simon Ashby and Tommaso Palermo (here).  It seeks to explain this variation based on some field work covering UK banks and insurance.  

The report doesn’t look at risk culture by identifying instincts, attitudes, habits, and behaviour.  Rather it focuses on a number of observable building blocks that are associated with the design of risk management structures and identifies the underlying trade-offs, which I have summarised in the table below.

Building block	Trade-off
Design of oversight structures	Business partner and independent advisor
Enhance the organisational structure of risk management	Informal network and formal processes
The real organisational life of risk appetite in the form of limits and tolerance	Risk and control
The openness of organisations to outsiders in progressing change	Internal change and the use of advisors
The extent of the footprint of the regulator on organisation processes	Own risk and regulatory culture
Choices in designing leverage over behaviour	Ethics and incentives

I found the section on risk appetite particularly interesting and, in particular, the articulation of the trade-off between risk and control.  The difference between the focus on the choices within the risk appetite limits and the focus on the enforcement of the limits.

The report considers the above building blocks in the context of the three lines of defence governance models.  The trade-offs also suggest that any current model would be built on tensions and that the lines of defence would be likely to be less than ‘straight’ lines.  

The report has helped me make sense of my own observations.  I am sure it will help you too.

Conduct Risk Regulation: the Global Dimension

I wrote a post not so long ago about conduct risk in the UK (here).  In the course of producing that work, I discovered an emerging global dimension to conduct risk and I have been looking into it.  There seems to be three strands to this:

1.  Work on financial consumer protection focusing on credit and coordination with other international bodies by the Financial Stability Board (here).

2.  Principles for financial consumer protection led by the OECD.    The OECD has developed 10 principles of consumer protection (here).  I have summarised them below.  They summarise neatly the extent of the challenge.  The OECD continues its work.  It has issued a draft paper (here) setting out more detail on some of the principles.  

3. Work on financial education through International Network on Financial Education (INFE) coordinated by the OECD.   There is an interesting set of principles developed by the OECD (here) and a web-site listing financial literacy programmes and related research (here). 

I find this interesting for a number of reasons. 

1.  If you believe that regulation can be improved by pooling knowledge and expertise, then there is something valuable here.  Given the domestic nature of retail financial markets, this is going to be an interesting experiment of supervisory design where the challenge will be to articulate workable approaches that can be tailored to national conditions rather than prescriptive solutions.

2.  While financial consumer protection is a good case of a market failure, in the genuine economic sense, not every policy intervention would necessarily pass a cost-benefit test.  If there was scope for an 11^th principle it would be assessing the costs and benefits of policy initiatives.  Interestingly, the principles on national strategies for financial education include impact assessment. 

3.  The explicit recognition in the OECD principles that effective competition in the relevant markets can deliver appropriate outcomes for consumers. 

4.  While the above points together with the underlying market failure add up to a reasonable case for this activity, it is interesting that policy-makers interest on this issue stems from the financial crisis – a feature of G20 summits since 2010.   

The G20 interest together with the OECD endorsement of the principles should give these initiatives momentum.  It would be interesting to see what are the national impacts of these initiatives.   

=================

OECD 10 principles for financial consumer protection

1. Financial consumer protection should be an integral part of the legal, regulatory and supervisory framework. 

2.  There should be oversight bodies explicitly responsible for financial consumer protection with the necessary authority to fulfil their mandates. 

3.  All financial consumers should be treated equitably, honestly and fairly at all stages of their relationship with financial service providers. 

4.  Consumers should be provided with key information about the fundamental benefits, risks and terms of the product, including conflicts of interest where an agent is also involved in the sale.  

5. Financial education and awareness should be promoted by all relevant stakeholders and clear information on consumer protection should be accessible. 

6.  Financial service providers and their agents should have an objective to work in the best interest of the consumer and be responsible for upholding consumer protection. 

7.  Financial service providers should put in place mechanisms to protect financial consumers’ assets from fraud, misappropriation and other misuse.

8.  Personal information should be protection through appropriate control mechanisms. 

9.  Financial consumers should have access to complaints and redress mechanisms that are affordable, independent, fair, accountable, timely and efficient. 

10. Competitive markets should be promoted to provide consumers with greater choice, create competitive pressure on providers to offer competitive products, enhance innovation and maintain service quality.

Supervisory Stress and Scenario Tests: Does It Lead to Business Benefits?

I read a good question about stress and scenario tests: whether they are just a regulatory requirement or whether they are also a useful business tool.      

It is certainly a regulatory requirement in many jurisdictions, including the UK.  In my view, the supervisory application of stress testing is really re-writing regulatory requirements by formalising a new minimum level of capital which allows a bank to meet its minimum capital requirement after experiencing stress conditions.  I have written about this more extensively in my blog (here) following the publication of a paper on this subject by the Bank of England.  

If stress testing is a regulatory requirement, the next question is how it can be done so that the activity adds value to the business.  When I think about this, two aspects come to mind.  

Firstly, there is something about 'how' stress tests are done to add value to the business.  In this sense, there is something to take from the Bank of England paper.  The paper mentions examples of shortcomings that the UK supervisor has identified in banks' practices of stress testing, including the lack of Board engagement.  See my previous posting (link above) for a full list.  Interestingly, most of the shortcomings are related to governance.  It follows then that it is unlikely that banks will wish to derive value for their business if the governance has not been appropriate.

Secondly, there is something about 'what' is the source of business value.  Is the source of value the knowledge of the actual stresses?  Knowing the actual stresses prompts a question along the lines of 'so what'.  I believe fleshing out the answer to this question and identifying the management actions, planning them and seeking board approval would be the real value to the business.  Not surprisingly the paper from the Bank of England also stresses this aspect.  In a trading environment, the action could be adjusting appropriately the portfolio.  In a banking environment, this would need to be identified below the institutional level and may not be straightforward to identify.  

My view is that there may be an aspect of a 'catch 22' here.  If there is limited appreciation of the business value of stress testing then there will be limited incentives to improve the governance of stress testing to rely on them from a business perspective.  Supervisory intervention might then challenge this situation and as a by-product generate genuine business benefits.  

Business Model Analysis: the 'C-factor'?

There is fair amount of change happening in financial services regulation in the UK with the creation of new regulators and a new legislative framework.  As Hector Sants warned in 2012, “the changes will not just be structural but involve behavioural shifts from both supervisors and firms.”

Amongst all these changes and moves, there seems to be one emerging common factor between the FCA and PRA and between them and the FSA: business model analysis (BMA).  It has a strong overlap with the underlying business strategy.  A BMA has been described as answering six questions:

1. How does the company create value?
2. Who does the company create value for?
3. What is the source of competence?
4. How does the company competitively position itself?
5. How does the company make money?
6. What is the company size ambitions?

A recent speech from Julian Adams, Deputy Head of the PRA and Director of Insurance shows that the supervisor’s interest on BMA is not simply academic: 

“where incumbent firms have suffered competitive pressure in particular business lines, it is not uncommon for such firms to be tempted to increase the level of risk they run to protect their market positions, or ‘diversify’ into other areas in which they may not have the same level of expertise.”

This represents a healthy move away from supervision based on compliance with rules to supervision focused on the business and the underlying risks that arise from the strategy.  The BMA provides then a base line that enables supervisors to understand how trends impact on risk taking or business strategy. 

Given that supervisors have been behind the application of BMA in financial services, BMA remains to a large extent a supervisory tool.  Will it remain so?  Are there potential gains to financial services businesses from undertaking a BMA, even if there is no supervisory visit in the near future? 

I would be interested on your thoughts. 

The Potential Impact of Solvency 2 Regulation on Competition

One of the challenges about financial regulation is identifying the impacts so that costs can be kept to a minimum and benefits maximised.  Targeting regulation to address identified ‘market failures’ helps but it also require an analysis of the costs and benefits.  

Some impacts can easily be measured, like the cost of changes to IT systems.  Others are not so easily measured like the impact on how firms compete in the market place.  For example, regulation can create barriers to entry that can undermine the efficiency of competition. 

The potentially negative impact on competition because of market consolidation was one of the concerns at the time of the publication of the Solvency 2 directive.  There were two aspects to this concern:

(i) reducing capital requirements by taking into account the pooling of un-correlated risks could benefit disproportionally large and well-diversified insurers.

(ii) the fixed costs of risk management and compliance aspects of Solvency 2 could bear more heavily on small and medium insurers.

Relevant extracts from the Commission’s impact assessment of the Solvency 2 directive published in 2007 are below:

"The recognition of diversification effects implies that well diversified entities, or those which are part of an insurance group will, in practice have lower capital requirements than single solo entities which are less well diversified. Although this is fully in line with the basic economic principles underpinning the proposal, and does not entail lower protection for policyholders, it may nevertheless act as a catalyst to the already existing trend of consolidation in the EU insurance market and increase already existing competitive pressures on small and medium-sized insurers. This however does not mean that small and medium sized insurers would be expected to quit the market in a disorderly way following the introduction of Solvency II, but rather that they would be incentivised to look for new partnerships and alliances. Moreover, many small and medium sized insurers are specialised insurers that carefully monitor and manage their risks, and benefit greatly from being close to their customers. Where this is the case, these natural competitive advantages will be fully recognised and will result in lower capital requirements for those companies." (Commission’s Impact Analysis of the Solvency 2 directive, page 49)

"Insurers may also have incentives to consolidate further, as the implementation of Solvency II could require substantial investment in data collection, IT and risk management systems and expertise. Similarly, strengthening risk management will give rise to fixed compliance costs which are likely to fall more heavily on small firms. While this effect should be smoothed by applying the roportionality principle (limited reporting requirements for small firms), the higher weight of compliance costs for small firms could be a further driver of consolidation.  Moreover, the use of relatively sophisticated internal models for risk management could ensure lower regulatory capital requirements - and a consequent pricing advantage – for bigger insurers."  (DG ECFIN Report - Section 3.4.1)

As noted in the assessment, an important point to bear in mind is that the underlying effects mentioned above exist anyway.  So the question is really about the extent to which Solvency 2 exacerbates these trends significantly.

A few years have now gone through and I would be keen to hear your thoughts about a number of aspects of the impact of Solvency 2 on competition:

• You may have observed negative effects on competition in the product space as a result of Solvency 2.  If so, could you share details about your observations?

• If you have not observed a negative effect on competition, do you believe that it’s just a matter of time until we do?  For example, you could take the view that the reason we have not observed a negative impact is that Solvency 2 has not yet been implemented.  

• You may take the view that the absence of negative effects on competition is the result of changes in the industry landscape.  For example, a recent CSFI survey ‘Insurance Banana Skins 2013’ suggests that there is a significant amount of capital in the insurance industry (‘capital availability’ goes from the second highest concern in 2012 to number 16 in the 2013 survey).  If so, do you believe that the increased availability of capital has muted the potential impact on competition?  Are there any other relevant changes in the industry landscape that have a similar effect? 

• Finally, you may take the view that we are unlikely to see a negative effect on competition.  This could be because regulation’s marginal impact on existing trends is unlikely to be material.

I would be grateful for your thoughts.  If you want to share your thoughts privately, email me at isaacalfonblog "at" gmail.com.  

This is not intended to be a scientific poll but if there are sufficient answers I will summarise the emerging views (without attribution) in a future post. 

Conduct risk: old wine in a new bottle?

The establishment of the Financial Conduct Authority (FCA) as the new conduct of business regulator in the UK has brought a new focus to 'conduct risk'.  I have been working with BaxterBruce, a management consultancy, on this issue.  We have written a paper (here) summarising the recent changes in financial regulation that are relevant to conduct risk and identifying what steps businesses may consider to meet this challenge.  

There is also an emerging international dimension to conduct risk that I will cover in a future post.