The UK’s decision to adopt a principles-based regulatory system almost 40 years ago, with the introduction of the Securities & Investments Board’s Principles for Business, rather than a more legal based system, permitted regulators to set similar standards for the industry, no matter which sector. It allowed regulators flexibility in deciding whether ethical standards were met, given the nature, scale and complexity of the business (the “proportionality” clause now found in the FCA’s Rule SYSC 3.1), rather than relying on overly complex legal definitions which might allow clever, well-funded, or unscrupulous firms to find loopholes in the rules. This has led to disciplinary action against firms and individuals tending to be based on breaches of Principles, rather than specific rules; although you can argue the pros and cons of principles-based regulation both ways.
What is clear is that perception of adherence to the spirit of the Principles matters a great deal and the gap between how we see ourselves complying and how others see us can be far wider than we suppose. This gap in perception can have massive consequences, especially in regulatory terms.
Most individuals working in finance view themselves as providing a service, often working long hours or putting personal capital at risk in the hopes of a just reward; while the popular press portrays the City as crooked or privileged money barons looking to profit from widows and orphans. Quite a perception gap. The FCA and its predecessors have spent recent decades issuing guidance and policy statements, tweaking rules, sending CEOs letters, giving speeches, offering webinars, etc, trying to get the message across that compliance and the culture within a firm matter to the resilience of the financial markets, to the protection of customers and to their decision regarding regulatory priorities and disciplinary matters.
Many firms approach compliance in a similar way. Governing bodies set compliance policies, set out standards in compliance manuals and procedures; they provide training to staff on their obligations under the rules and the consequences of getting it wrong. They require attestations from staff on their adherence to the rules. Governing bodies meet regularly and digest management information where they try to identify trends on a range of performance indicators which may be signs of problems. Some firms invest in sophisticated systems to track behaviour, keep records, and calculate risks. Maybe they hire large compliance, risk, internal audit, and anti-financial crime departments to monitor the firm’s activities and prevent transactions which are suspicious. Possibly they engage financial analysts to undertake risk assessments and to stress test for the business failing in multiple scenarios or expose poor outcomes for clients from poorly designed products. They see themselves as having established and maintained systems and controls in the business in line with the proportionality rule. But will the FCA? Their customers? The press?
Certainly, smaller firms struggle at times with the size and scale of the rules. Many of the FCA obligations are the same for regulated firms, no matter what their size, regardless of proportionality. Small firms can perceive that their business is not a risk to the stability of the financial markets and would maintain that they do their best by their customers. They may not have sufficient resource to have dedicated staffing for compliance, risk or financial crime. They may believe that businesses can be run on spreadsheets and do not believe dedicated systems pass cost-benefit analysis. They use external consultants to assist with keeping up with the rules and complete their FCA financial returns on time and do not have client complaints. They perceive themselves as having established and maintained systems and controls in the business in line with the proportionality rule.
Are these firms wrong to see themselves as compliant (or trying their best to be, allowing for their resources) given their compliance arrangements? The answer to that lies not in how much money they have spent on systems or controls, but the compliance culture that they have maintained. It is hard to defend a case against you, if you cannot be seen as challenging yourself as to the perception of your actions meeting the Principles or whether you are getting the cultural results you should. The FCA has provided guidance on what they are looking for and what constitutes good practice. Firms can check.
Minimal spend on compliance resources is a cultural statement, but throwing money at compliance isn’t the answer either. For all their systems and compliance controls and spend on compliance, larger firms still end up in breach of the Principles. Former Chief Executive of Barclays Group James Staley ended up fined for failing to act with due skill, care and diligence in the way he acted in response to Whistleblowing. Odey Asset Management is currently under FCA investigation for failing to conduct its affairs with propriety in relation to the non-financial misconduct of its founder, although the outcome of that investigation is not determined yet. Coutts’ and NatWest’s behaviour towards closing clients’ accounts for political beliefs is now being investigated and speculated on across the media. Other large banks have been fined for failing to maintain adequate risk systems or anti-money laundering controls. Smaller firms should not be complacent and must consider whether they are able to keep up with a constantly changing regulatory landscape and the sophistication of financial crime, in all its various guises, aimed at them and their clients, without specialised systems and dedicated staff.
Without a doubt, everyone can make mistakes, no matter what controls are in place. The perception of whether a mistake is a matter of hubris, incompetence, or human error is important to both customers and regulators, as is how mistakes are dealt with and learned from. Simply put, regulated firms must continually examine and challenge themselves as to how their behaviours, customer outcomes, risk management and controls are perceived by outsiders as an indication of their true culture and their adherence to the Principles.