Employers' support & payroll
Dispute advisory & investigations
Governance, risk & assurance
IT consulting services
Private client tax
R&D and grants
Restructuring & insolvency
Trust & estates
Culture, entertainment & media
Energy, mining & renewables
Food & agriculture
High net worth & family offices
Hotels & hospitality
Manufacturing & engineering
Membership organisations & trade unions
Owner managed businesses
Real estate & construction
Retail & wholesale
Shipping & transport
Sports & leisure
News & Views
Areas of focus
Applications and permissions
Comprehensive compliance support
Projects and ad hoc services
Regulatory review services
Remediation support and Skilled Persons reviews
Risks & opportunities
Insights & events
Conduct & culture
Conduct and culture have become key tenets of undertaking regulated activity and delivering fairness and value to clients. Consistent messages from the UK financial services regulator, the Financial Conduct Authority, suggest that many firms are not yet giving sufficient prominence and importance to conduct and culture in the ways that they do business.
Good conduct and culture is not is simply an iteration of the Treating Customers Fairly (TCF) principles, but is instead a much more encompassing evolution of the Principles and we believe that both aspects are the bedrock of operating a safe, sustainable and profitable financial services business in 2017 and beyond.
Through our unique approach towards conduct and culture, we can help you ensure that you are able to embed and measure how well your firm is able to meet regulatory expectations and consider the Key Conduct Indicators and metrics to be able to measure and manage these vital and often intangible aspects of your business.
Our holistic approach considers:
Good Conduct and Culture
The regulatory expectations in respect of good Conduct and Culture are ever growing and evolving and in the last few years we have seen the introduction of a range of new requirements for firms to manage their conduct risk and challenge themselves about their culture.
Conduct Risk is often defined as risk to the delivery of fair customers, or to market integrity. Conduct risk touches every part of a business operation and requires management in the same way as operational risk.
The Financial Conduct Authority (“FCA”) has articulated four drivers behind conduct risk:
Inherit factors, for example inadequate financial capability;
Structures and behaviours, for example conflicts of interest and culture;
Environmental change, for example regulatory change; and
Forward looking cross market risks, for example, misalignment of market performance expectations and underlying fundamentals.
Culture is about what is at the heart of a business; it’s values - how it thinks and how it operates, the organisational beliefs and those of senior management and employees; it’s about ‘how things are done around here’. The volume and velocity of regulatory change can make embedding a risk culture even more challenging. Organisations with good risk cultures are finding significant benefits in the form of enhanced business performance, as well as improved relationships with supervisory authorities.
Senior Managers and Certification Regime
The FCA introduced new rules on Conduct risk in March 2016 under the Senior Managers and Certification Regime (“SMCR”). The Senior Managers regime imposes increased scrutiny over the conduct of senior management. Senior managers will be required to demonstrate that they have taken all reasonable steps, for example, through governance and control frameworks, to ensure that the decisions made by individuals in their area are appropriate.
The Certification regime requires firms to clarify that employees are fit and proper to perform their role. PRA believes that only individuals who are classified as “material risk takers should fall under the Certification regime. However, the FCA believe that the Certification regime should apply to a wider population of individuals. The following will fall within the FCA Certification regime:
those individuals performing functions that would have formerly been classified as Significant influence function (“SIF”), but would not fall within the senior management function;
individuals in customer facing roles who are subject to qualification requirements; and
anyone who manages a certified person (if they do not fall under the senior management function category).
The FCA and PRA are proposing to extend the Conduct rules requirement to all Non-Executive Directors (“NED’s”), regardless of their regulatory status.
By the end of 2018 and starting in , the Senior Managers and Certification Regime will fully replace the current Approved Persons regime and so this will affect every authorised firm.
We can provide:
Senior Managers Control and Responsibility Mapping
Advice on organisational responsibilities
Senior Management application drafting and support
Interview preparation for FCA Senior Management interviews
T&C and HR policy review and update
General Data Protection Regulation (GDPR)
Data Protection is often an area that gets overlooked, both personally and in business despite some recent high profile leaks and fines.
Data Protection (DP) requirements are set to change during 2017, with the launch of an updated EU Data Protection Directive resulting in new Regulation which will immediately become law across each of the 28 (presently) countries in Europe, when the changes to the Directive are passed. The revised Directive will take account of how our behaviours towards personal data usage have changed over the last 22 years, since the launch of the last EU Directive in 1995.
GDPR is not just applicable to client data. It’s applies to any personal data held about any Data Subject.
There are around a 12 headline changes which firms should be aware of in terms of size and impact. Below we take a brief look at six of the key areas of regulatory change:
Changes for Data Processors – they were not previously subject to the full extent of DP requirements, but they will be under the new Directive;
Permission requirements - If you hold any personal data in any electronic system you will need explicit permission to do so; it will no longer be possible to rely on implied consent with individual's having the option to opt-out. Data Subjects will have had to affirmatively opt-in for their data to be held in any kind electronic system;
Evidencing DP Compliance - as well as needing to evidence consent, Data Controllers will need provide Data Subjects with their DP rights. Another increase to this burden of proof will mean that Controllers will also need to evidence that they have provided each Subject with their rights;
Data Erasure - another consideration will be the introduction of the right of every Data Subject to have their data erased. But how exactly would you go about this and ensure that information is deleted from every piece of IT equipment, portable devises, or from server back-ups and Cloud facilities?
Global Impact – although European in origin, the updated Directive will have implications globally; every entity world-wide that handles the data of any EU resident or citizen will be subject to some or all of the changes. Brexit may not have any impact on the compliance requirements of your business or Family Office;
Sanctions and Reporting - perhaps the most significant change is the punitive impact of non-compliance or data breaches; Potential fines will increase exponentially. In Britain, under the Information Commissioner's Office (ICO)current DP fines are capped an a not insignificant £500,000. However, penalties are set to rise with a proposed upper limit of the greater of €100m, or 5% of global revenue.
We offer a host of regulatory and cyber related technology services in respect of GDPR. Please contact us for further advice or to discuss your needs.
We provide a wide range of services that will be tailored specifically to firms needs and activities.
Conduct and Culture Health check
We can Key provide a holistic review of the Conduct risk framework within the business to give you comfort about the overall levels of compliance with the FCA requirements.
Deep dive reviews
The targeted review will focus on just one or few key areas identified by you and will enable you to ascertain specific insight , or address a specific regulatory concern. A good starting point terns to be a review of the Treating Customers Fairly (TCF) principles to determine whether these are embedded within Firms and can be evidenced.
Conduct and Culture Framework Design and Review
It is essential that the Conduct risk framework you have in place at your firm is appropriate, effective and tailored to your business. We can assist in a designing and reviewing a number of aspects that should make up your Conduct framework, across all areas of the business, from the first point of contact with customers to the human resources policies which guide employee behaviour. Our work on frameworks considers areas including:
Policies and Procedures;
Senior managers responsibilities map (SMR)
Certification guidelines and evidence
The Board, its composition and evaluation of performance is central to corporate governance. There is now more scrutiny focussing on the activities of the Board and its committees. Post banking crises has proved that a successful Board is not guaranteed by just bringing together successful people. We can assist by conducting a Board evaluation, looking at how the Board make decisions, how the Board interacts with NED’s and how well do Board members know the business.
Product lifecycle and Governance evaluation
We can help by evaluating product lifecycle to assess where the firm may be exposed to maximum risk. We will look into whether conduct risks are considered at the new product development stage and beyond, into sales initiative programs, staff education on product suitability and whether products perform as customers are led to expect.
Suitability and Appropriateness Reviews
During the course of 2016, we saw a number of fines and skilled person’s reviews commissioned specifically in these areas and we know that they will continue to be a focus for the FCA in 2017 and beyond.
In terms of Suitability, after verifying the identity of a potential customer, the firm is required to take steps to confirm a range of additional factors to provide sufficient understanding of their circumstances, need and objectives relative to ensure that a personal recommendation, or decision to trade, is suitable for its clients.
For appropriateness firms must assess whether the Investment service or product is appropriate for the client.
We can help by assessing the customer suitability and appropriateness framework
Process for assessing suitability
Process for assessing appropriateness
Effectiveness of mechanisms for assessing suitability and appropriateness
Customer suitability and appropriateness policies and procedures
Record keeping arrangements for appropriateness assessments
Conduct and Culture Training
It is essential that everyone in your firm is aware of what good conduct means and their obligations under to achieve good outcomes for customers. Our training modules can incorporate:
Training to first and second line of defence;
Senior Management training; and
Board members training
Conduct and Culture Gap Analysis
We can assist you in completing a GAP analysis in regard to the areas of good conduct that you should be considering within your organisation and help provide a measure as to where improvement may be needed. We can also map your firm’s arrangements in respect of the current regulatory requirements to help you identify any issues or deficiencies to achieve a good conduct framework and have demonstrable evidence about your culture.
© Moore Stephens UK