The old Financial Services Authority’s fabled ‘thematic review’ of private banking took place in 2011 and has never been replicated in the UK since. If it were to happen again, would it prove that regulatory compliance in the wealth management sector was of high quality?

City regulation has come a long way since the ‘Big Bang’ of October 1986. Trading staff hung up their hats long ago and moved from the exchanges to their firms’ vast trading floors, swapping open outcry for handsets attached to desktop telephone exchanges with direct-dial buttons that connected them to their counterparts at other banks and brokerages.

Since then, a procession of financial service regulators has marched past. When customer categorisation (the classification of customers as retail, wholesale, etc.) was once shiny and new and being promulgated by the Securities Association (which the Securities and Futures Authority later replaced), traders could avoid having to do categorise their customers by marking them as ‘foreign’, with no questions asked. British regulators went through growing pains while various scandals unfolded. Robert Maxwell used Mirror Group employees’ pension funds to prop up the group’s share prices and was found out. Nick Leeson, unforgettably, bankrupted Barings, the Queen’s bank, with his derivatives trading. As a result of these and other scandals, the old Financial Services Authority – now replaced by the Financial Conduct Authority and the Prudential Regulation Authority – introduced the concept of ‘Treating Customers Fairly’ or TCF in the ‘noughties, stating that this ought to make consumers more confident when dealing with the financial services industry.

A decade or more of ‘conduct’ regulation

Here is a quick recap of the key regulatory changes in the field of ‘conduct’ (the way in which firms deal with their customers, each other and the market) since those days.

2007: The European Union introduced its own ‘conduct’ regulation in the shape of its first Markets in Financial Instruments Directive or MiFID. The aim was to standardise (or ‘harmonise’) regulations on the subject all over the EU, protecting consumers from both sharp practice and, potentially, their own folly, and increasing competition between firms that performed financial services. The EU also thought that MiFID would help the public and regulators to know more about firms’ operations. This was the moment when the EU first made rules to govern ‘suitability’ and the continent caught the client-categorisation bug.

2013: The newly-formed FCA took over the supervision of consumer protection. “Conduct risk,” broadly defined as “any action of a financial institution or individual that leads to customer detriment or has an adverse effect on market stability or effective competition,” moved to the top of the agenda. By making this definition broad, the regulator hoped that firms would protect their customers well and be seen to be doing so.

2015: Expanding upon TCF, the FCA developed six “consumer outcomes” (drawing from its existing Principles for Business) for the retail sector and five “conduct questions” for the wholesale sector.

2016: The first instalment of the Senior Managers and Certification Regime (SM&CR) came into effect. It is now in force all over the industry, but it concentrated first on banks and wealth managers. Its aim, of course, is to reduce the harm that might happen to consumers and imbue the markets with more integrity by making individuals accountable for the conduct and competence of their firms. The FCA described the SM&CR as “an opportunity for financial institutions to establish healthy cultures and effective governance by encouraging individual accountability and setting standards for personal conduct.”

2018: MiFID II came into effect. Prompted by the banking crisis of 2008/9, its aim was to protect investors to an even higher degree than before, to continue the standardisation of practices in financial markets throughout the EU and to restore consumers’ confidence in the industry.

Enforcement highlights

Some firms did get it wrong. In 2012, Savoy Asset Management was fined £412,000 for failing to take reasonable care to ensure that its advice and portfolio management were suitable. In 2013, JP Morgan was fined £3 million for failures in its systems and controls that related to its provision of retail investment advice and portfolio investment services. These failings had persisted for two years and the firm did not correct them until the old FSA itself brought them to its attention during the course of a thematic review of wealth management firms and the suitability of their advice. This was the famous review of 2011, which the FCA has not repeated since.

However, the biggest failures that the regulators identified during this time, aside from the fixing of the London Interbank Offered Rate rate and the PPI mis-selling scandal, were related to money laundering. HSBC paid a record US$1.9-billion fine in December 2012 because of failures in its anti-money-laundering (AML) controls. The bank allegedly permitted money to be moved without appropriate oversight. In 2014, BNP Paribas agreed to pay a staggering fine of $9 billion for circumventing the sanctions that the US had imposed on Sudan, Cuba and Iran, and was banned from conducting certain dollar-denominated transactions for a whole year. Then, in April 2019, Standard Chartered wrote a cheque to the UK and US authorities for a total of $1.1 billion in fines for bad AML controls and failing to honour its obligations under the US sanctions regime.

Other money-laundering fines were issued, but many final notices included the phrase “no actual money laundering activities were identified.” This proved that a firm did not actually have to be caught washing money to be punished; it simply had to have inadequate systems and controls. Not a single senior manager was fined or censured in any of these cases.

Without question, weaknesses and failures in a firm’s standards, systems and controls, along with the circumvention of procedures developed to ensure that the global financial system itself is secure, are unacceptable and worthy of penalty and censure. However, these mind-boggling amounts are starkly different to the fines that the FCA handed out in relation to suitability during the same time.

The present day

The Financial Conduct Authority’s complaint data for the second quarter of last year shows that complaints about insurance, basic bank accounts, credit cards and regulated home finance products are far more common than complaints about discretionary fund managers (DFMs) or investment products. Does this mean that wealth managers are getting it right? Have they implemented robust standards, systems and controls to ensure that they provide suitable advice, take the right investment decisions with the clients’ needs and requirements at heart and choose and approve the right products and investments? Do they have prevention and detection mechanisms and controls that deal with errors quickly? Are the complaints fewer because the sector is smaller, or because the investors are wealthier and will therefore put up with bad service before they finally complain? Does the concept of suitability only really matter to clients in falling markets?

Since MiFID and the Money Laundering Directives came into force, we have all heard stories about general frustration in front offices regarding the weight of detailed information that they are always being asked to obtain to establish their prospective clients’ backgrounds and investment-related needs so that they can obey the FCA’s and MiFID’s investor-protection rules. We have also heard the often (over-)repeated and untrue claims from clients that the requests were “too intrusive” and that “no other banks ask for this.”

Tussles between relationship managers and compliance officers have long been common. Many a bank has been plagued by lengthy and complicated internal debates about this-or-that client and his background and assertions that the information is not required, or that the bank can use public material in place of evidence of wealth. The goal ought to be one of designing an investment service that meets the client’s needs and, as a direct result, protects him from unsuitable investments. If a bank does this well, it works. If a bank does this badly, it does not.

After the credit crunch that began in 2008, according to the British Bankers Association, the British private banking sector benefited from a significant inflow of funds between 2011 and 2017 and doubled to £226 billion in AuM. More than 2.2 million people put their money into banks of varying sizes in the UK. In view of the massive size of the British private banking/wealth management industry and the FCA’s insistence on individual accountability, it seems odd that there have been so few problems at banks that relate to conduct.

Mark Steward, the FCA’s Executive Director of Enforcement, stated in March, “By imposing personal liability, the [SM&CR] regime uses self-interest – in this case the senior manager’s self interest in avoiding liability – to avoid the bear pit of enforcement.”

Have private banks, and indeed wealth managers in general, cracked the code? Is the regime really working, or have we sleep-walked ourselves into a false sense of security? Is it only a matter of time before we experience another mis-selling scandal because there is not enough scrutiny on the part of regulators and compliance officers?

Firms have spent considerable sums on their handling of conduct-related risks and their efforts to bring about good results for customers, but recent FCA publications have expressed disappointment that firms are still not spotting the right risks and therefore are failing to develop robust regimes to deal with conduct-related ones. The FCA has been mired in, and perhaps distracted by, the effect of Brexit on the UK’s financial services. The last 15 months of enforced remote working have probably also stopped the regulator from overseeing firms intrusively and they might also have increased (and created new) conduct-related risks. If there were gaps in the scrutiny to which the FCA subjected firms before last March, what gaps exist now? It is likely that firms will use some hybridised form of working in future, with people spending more time working remotely from their offices than we had ever imagined before March 2020. With this in mind, surely firms will have to beef up their existing controls, if they have not done so already.

Nikhil Rathi, the FCA’s new CEO, has said: “Our regulation of overseas firms is aimed at achieving the same outcomes as our regulation of domestic firms and ensuring a level playing field. We want to see high standards of conduct and behaviour, with appropriate protection for markets and consumers.”

Though we are taking this statement out of context, there has been no thematic review of the SM&CR since its implementation, nor has there been a recent broad assessment of conduct in private banking/wealth management. Undoubtedly, if such a review were to happen, there would inevitably be some failures. There can be any number of reasons for a lack of success. Leaving aside the question of internal culture for a second, a firm can suffer if it has old IT systems that do not talk to each other or if it requires huge amounts of technological expenditure for any level of cohesiveness. If a firm has been able to identify its conduct-related risks successfully, how can it build a strong system of governance that can help its leaders oversee its activities in real time if it has to rely upon data that is inconsistent or is virtually impossible to extract? The solution is to make staff generate and manipulate information manually; this is inefficient and time-consuming.

Neither the FCA nor the private banking/wealth management industry that it regulates want to see another financial mis-selling scandal. If one were to happen, however, the spotlight of public scrutiny should fall not only on the act of mis-selling itself but also upon the regime that the FCA developed to make people in responsible positions accountable.

Warren Buffet has been quoted as saying that “only when the tide goes out do you discover who’s been swimming naked.” Firms that have not understood the need to develop real-time daily management information and controls that enable their senior managers to oversee things might fail to notice that their people are mis-selling products that do not do what they should.

Firms ought to develop robust processes to assess the products and services that they offer. These processes should ensure that the benefits of the recommended investment products that they offer can justify the costs and charges. The culture that underpins it all ought to encourage and reward people at those firms who do the right thing. Firms that do not do these things ought to expect reputational, regulatory and financial consequences – and so should their staff.

Not only should every firm be able to justify the suitability of the discretionary investment decisions or investment advice that its bankers and/or advisors make; its governance arrangements ought to make it crystal clear that the relevant senior manager has taken all reasonable steps to manage the conduct-related risks for which he is accountable. Effective governance ought to take account of the size, nature and complexity of the organisation in question and its activities.

Lessons from history

After the turbulence and disruption of the last year, what might the FCA’s customer-complaints data look like in 6 months? If the numbers of complaints about suitability and conduct-related topics in private banking/wealth management remain stable, will it be lulled into a false sense of security and pay attention to other topics?

Similarly, how many complaints will it uphold because the firms in question cannot prove that the advice that they gave about investments (or the investing decisions that they made at their own discretion at the times of various trades) were suitable because their staff were working at home and therefore made no records? Will the senior managers who are responsible for product governance be able to explain to their regulators why various underperforming products remained on the shelf? Will the bosses of advisors and wealth managers be able to prove that they took reasonable steps to monitor their underlings’ activities? Will they be able to prove that they were aware of – and dealing with – things that did not fit in with clients’ investment objectives or appetites for risk? How many senior managers will be able to prove that they acted on all the doubts that they had about the competence of their people?

As the saying goes, those who do not learn from history are bound to repeat it. Neither the FCA nor the private banking/wealth management industry can afford another mis-selling scandal. When the standards, systems, controls and oversight at private banks failed in the past, those failures resulted in opprobrium. The public thought of bankers as fat cats who cared only about self-enrichment at the expense of others and it thought that regulators were ineffective. We compliance officers know how hard we work to do the right thing, but has suitability truly improved? If it has not, our luck might just run out.

* Heidi Sweetman can be reached on +44 208 057 8010 or at Heidi.Sweetman@vestrata.com