Sarah Wilson

 

Speech by Sarah Wilson, Director Retail Firms Division, FSA
FSA Retail Firms Division Conference, London
27 February, 2007

Introduction

Good morning. I am delighted to see so many of you here today at the first FSA conference aimed exclusively at firms supervised in Retail Firms Division. In this division we supervise around 450 firms (some with many separate businesses). The firms are extremely diverse – in terms of size and sector. They include 58 building societies and almost as many wholesale funded mortgage lenders and administrators. We supervise around 50 banks, and 30 stockbrokers. Insurance companies (including friendly societies) account for a further 80 groups. Taking advisors from the investment, mortgage and general insurance sectors together contributes a further 120. There are 36 asset managers and – just to complete this rich picture – we supervise 9 e-money issuers and 12 firms offering spreadbetting services.

Collectively, as contributors to the retail market place, you are very significant – accounting, for example, for nearly 20% of UK total residential mortgage balances; 18% of life sector liabilities; around 30% of assets under management; and a very significant proportion of financial advisers.

Consumers also stand to benefit from the innovations that you bring, where these are well thought through and managed – the division includes recently created bulk purchase annuity specialist providers; advisory businesses offering fee based, more educative advice; e-money issuers with new consumer offerings and products; and much more besides.

And consumers need your products and services more than ever – the transfer of responsibility from state to individual, and general increase in life expectancy make consumers’ reliance on retail financial markets greater. At the same time, financial capability in the UK is poor and – notwithstanding the FSA’s on-going work in this area – changes in people’s behaviours will take a while to emerge. In these circumstances there is a premium on firms such as yourselves delivering appropriate products and services in a fair way.

In this respect, you will be aware that we think there is more for you to do. Notwithstanding the excellent performance of some, we think the retail markets in the UK frequently do not work well for consumers. On your own assessment, firms supervised by Retail Firms Division lagged larger ones last summer on progress in implementing Treating Customers Fairly programmes – only 51% thought they were implementing or embedding as opposed to 80% of larger firms. Firms in this Division also accounted for half of those in the worst quartile for quality and speed of mortgage endowment complaint handling. They were also extensively represented in the thematic work we did last year that found that controls over investment advice quality were poor in half of cases, and (more recently) work on mortgage advice quality that found that controls were poor in two thirds of cases. Recent work on the quality of investment business post sale communications (as yet unpublished) found that, while there were good examples, firms from this division produced notably poor quality annual statements in terms of clarity of information and explanation. We published a report pointing to inadequacies in general insurance advertising last month. We have recently fined three firms in Retail Firms Division for poor sales practices in respect of PPI. And a stockbroker has recently been fined for using unacceptable sales practices and failing to treat its customers fairly when selling shares to private customers.

With this as background, my agenda today is to explain how the Retail Firms Division aims to play its part in raising standards in firms (where necessary) - so that you can deliver improved outcomes for retail consumers. In particular, my remarks focus on how we put risk and more principle based regulation into practice. And I will finish with an outline of our regulatory priorities for the year ahead.

Risk based supervision

At the level of theory, I hope I do not need to tell you much about our risk based approach to supervision. It is well established. We take a risk based approach for two reasons:

  • a belief that market-mechanisms play an important role in providing incentives for firms' senior management to improve consumer outcomes – so a non-zero failure regime is in fact desirable, accompanied as it is by safety nets for consumers in the form of Ombudsman and Compensation Scheme; and
  • the need to prioritise our work given our rightly constrained resources.

So to be specific for a moment, in the course of the last twelve months two groups supervised in the division have actually failed. And others have of course faced some pretty unpalatable choices as poor leadership or management led to losses and perhaps to merger or takeover.

There are however also many instances where we have intervened to improve consumer outcomes. This happens through design of a risk mitigation plan following an Arrow visit; communication and follow-up of our findings from thematic work; or the handling of particular firm events or crises. For example:

  • a risk assessment in 2005 uncovered widespread failure of control in a firm that had moved into markets with which it was unfamiliar – we immediately requested that the firm ceased to take on new business until systems and controls were sound; and the resulting risk mitigation plan required the appointment of independent experts to review those controls;
  • after thematic work led us to express strong concerns about protection of client money by general insurance brokers in 2005 and again in 2006, we were pleased to see in work conducted later last year that firms were able to demonstrate much better appreciation of the rules using new explanatory material published by us in the meantime; and
  • we recently acted swiftly to protect client records from risk of identity theft when we discovered that a firm had set up an outsourcing contract with an overseas provider without proper due diligence or on-going oversight – at our request the firm terminated key aspects of the contract.

However, faced with approximately 450 firms (many with several businesses) and 120 supervision staff, we need - subject to meeting our service standards - constantly to make decisions about how to direct our resource in a risk based way so that we intervene in the areas of highest priority.

How do we do this?

First, it is important to note that the Arrow framework, with which you will be familiar, gives all supervisors within the division a common risk language and framework – within which it is possible to make comparisons across the many sectors that we regulate. So, although a single team may well supervise firms from several sectors (eg insurance companies and their distributor subsidiaries; asset managers and stockbrokers; building societies and e-money issuers), they have a means through the discussion of impact and probability to make comparisons and consider relative priorities.

More particularly, by looking at the spectrum of impact/probability amongst firms, a team or department or the whole division can understand which of the firms they supervise pose the greater risks and therefore where resource might best be devoted. And as a senior management team, we can use such analysis to understand where the riskiest sectors are and therefore where we might need to divert resources to.

One of the key decisions we actually take in terms of resource use is on the frequency of the risk assessment itself for each firm. Within RFD, 6% of risk assessments are currently carried out at intervals of less than two years; in 34% of assessments the frequency is at least two years and less than three; and in the remainder the frequency is three years or more.

But there are also choices supervisors need to make where the data I have just described may be unavailable or out of date, or where resources are sufficiently constrained for the Arrow information not to provide the whole answer. (For some firms in this division, there are in any case no Arrow scores as they are relationship managed but too small to qualify for an Arrow assessment.) In these circumstances, supervisors need a sense of the regulatory risk appetite – what it is we care about most. The short form expression of this is that, when supervisors are faced with choices, we have least appetite for outcomes with the most risk of detriment for consumers. That risk may of course arise from many directions – threats to market stability, to consumer protection, to consumer understanding or from financial crime. The important point is that, whatever the source, supervisors make a high level judgement about potential consumer detriment and focus resource accordingly.

Finally, once the highest priority tasks are identified, supervisors take a view on the most effective response. In particular, they choose a way forward that minimises the cost of changing the behaviour of the firm. This clearly depends on the issue and on the reliability of senior management in that firm.

Perhaps I can bring this to life with some examples:

A visit to a firm raised concerns about potential mis-selling of regular savings plans and whole of life policies as alternatives to personal pensions. We had little confidence in the firm’s senior management after discovering that they had failed to respond to several reports from the compliance department and to complaints from three independent professional firms about the sales strategy. Amongst our responses, we took enforcement action and required a skilled person to be appointed.

By contrast, we identified problems with arrears management and underwriting processes in a mortgage lender. Because we had confidence in senior management, we asked for a review of internal procedures and processes by the firm’s own compliance and internal audit departments, and for senior management to act on the findings so that in future there would be compliance with our Principles and rules.

(I should comment in passing that a review of our Arrow letters shows that we rely on senior management to resolve issues – as in the second example - in a high proportion of cases.)

More principle based supervision

Let me turn then to more principles based supervision. Unlike risk based supervision, this is a relatively recent and unfamiliar approach. Of course, we have a well established set of Principles for Business which all regulated firms are expected to comply with. And in this sense, more principles based regulation is not a change of direction. Rather, it is about changing the balance between principles and more detailed rules. And far from this being a de-regulatory measure, we think this rebalancing is necessary to improve outcomes for consumers.

Why?

First, the past focus on prescriptive standards rather than on the Principles has not prevented misconduct, as seen in the widespread mis-selling of personal pensions and more recently mortgage endowments, split capital investment trusts and SCARPS.

Second, the current volume and complexity of our standards risks creating a barrier to compliance. Firms unable to devote sufficient resources to understanding what is required of them will deliver poorer outcomes for consumers.

Third, overly prescriptive rules divert industry attention towards complying with the letter rather than the spirit of the standard, making it less rather than more likely to achieve its goal.

And finally, a prescriptive approach to achieving desired outcomes prevents firms from finding the most cost effective and innovative approaches available to them – with a detrimental impact on the costs borne by consumers or the extent of choice they face.

So we are taking a more outcomes based approach. To be more specific:

  • we are focusing on the outcomes we want to achieve;
  • over time we are simplifying our Handbook so that as far as possible (subject to legislative constraints) it contains only Principles and those more detailed rules we think are necessary for delivery of outcomes;
  • we are focusing on the responsibility of senior management to meet the requirements set out in our Principles and other rules; and
  • we are giving firms the opportunity to meet those requirements in a more flexible, innovative and competitive manner.

We recognise that this approach to regulation is a challenge.
Our impression from feedback is that the senior management in many firms supports a more principles based approach but that you (and most particularly compliance staff) would also like more detail on what this will mean in practice. We do understand that a fundamental requirement for the application of a Principle is predictability. In order for consequences legitimately to be attached to the breach of a principle, it must be possible to predict, at the time of the action concerned, whether or not it would be in breach of a principle.
Predictability can of course be improved by guidance. We recognise that more principles based regulation may require a greater readiness to issue guidance. And we have also recently consulted on the future role of guidance issued by the industry. Equally, we have experimented with a range of means of promoting discussion of what the Principles mean in practice – case studies setting out hypothetical situations, cluster reports giving examples of good and poor practice encountered by supervisors; and most recently a discussion paper setting out for comment our interpretation of the Principles in a particular area (the respective roles and responsibilities of product providers and distributors). It is important to stress though that the overall intention is less prescription.

The move to more principles based regulation and publication of material to stimulate debate on what the Principles mean has provoked some in the industry and elsewhere to ask us to specify the ‘minimum standards’. We think to suggest this is to miss the point - the standards which we are asking the industry to meet as a minimum are those described in the Principles.

Much of our work is already principles based

But we are aware of the challenge that more principles based regulation poses for our staff as well as staff in the firms we supervise. Equally however we take some comfort from the fact that much of what we do in RFD is already rooted in a principles based approach. There are a number of areas where this should be very much in evidence to you already.

Many of you will have found that we take a strong interest in your corporate governance – whether it is in the relatively complex structures and chains of accountability necessary in a larger firm, or the simpler but no less important controls exercised in smaller businesses. Our approach here has in fact always been largely principles based – we take a strong interest in how firms govern and organise their affairs because we take the view that if you get this right, much else follows. In doing this, our approach is generally to ask for explanations as to why the structure put in place offers the necessary challenge and level of control, and where such explanations are unconvincing, to seek change that achieves a better outcome.

For example, we identified risks in a firm's corporate governance arrangements, systems and controls and arrangements for managing conflicts of interest in the course of an Arrow visit. We were concerned that the CEO/Chairman was able to exert a dominant influence within the firm as a result of a lack of balance on the board and insufficiently strong control functions. The firm responded positively to the resulting risk mitigation programme.

Our new capital regime for insurers – ICAS – is of course principles based. Here we specify that firms must hold capital that is sufficient over a one year time horizon at a 99.5% confidence level and individual firms have developed models and frameworks to establish the level of capital that this implies in their case. A number of firms, at all points on the size spectrum, have commented on the positive impact that ICAS has had on improving the understanding of a firm’s risk profile in the boardroom. Some firms are now beginning to consider how risk based capital considerations can be integrated into wider decision taking, not least for capital management and pricing of products.

We recently carried out an Arrow assessment of an insurer and aligned our capital assessment with that. We found that the Board had not maintained effective oversight of the business, and that this had led to significant deficiencies in systems and controls. These included an under resourced compliance department, and a failure to ensure that the firm was treating its customers fairly or was managing its conflicts of interest. There were also deficiencies in the modelling assumptions, and these had not been reviewed by the Board. Amongst other requirements, we applied a capital add-on and told the firm what they would need to do to reduce the capital charge in future.

A third example is FSA’s Treating Customers Fairly initiative. Here we ask firms in all sectors whose actions affect the retail market to reflect on the meaning of the Principles in so far as they apply to the treatment of customers, to consider whether there are gaps in their approach, and where gaps are found to implement change. We have defined the outcomes for consumers we are seeking in asking firms to conduct this work.

For example, a firm wanted to withdraw three of eight constituent investment choices from the investment panel of a structured product. We were concerned that customers who had made choices with the help of an advisor would be given little time to make new choices before being defaulted into other investments with different risk profiles. We discussed with the firm its judgements in relation to the Principles and, as a result, the withdrawal of funds was delayed and, in fact, new funds with similar risk profiles but lower costs were found.

What can you expect from RFD in 2007?

Finally, I would like to turn to our divisional agenda for 2007. Adopting a risk and more principles based approach, our focus will be in four areas.

Governance

First, as mentioned above, the assessment of governance in firms remains a key priority for us – as we recognise that sound governance and systems is an essential pre-requisite to improved consumer outcomes. As a part of this, we are likely to take an increasing interest in firm ‘culture’ as evidenced in its approach to training, to remuneration etc – as these are key levers for senior management in getting their good intentions translated into appropriate action at the coalface with consumers.

Capital

We will remain intolerant of capital deficiencies – firms with insufficient capital run the risk of delivering very poor outcomes for consumers.

On insurance, we remain committed to completing all first ICA reviews for insurers in RFD by June this year. To date, of the 78 firms within the division subject to the ICAS regime, we have provided ICG to 60 and the 18 remaining are well on track.

We will aim for the second round of reviews to integrate the ARROW and ICA assessments. As already seen in the example given earlier, we have begun to do that already. This will assist understanding of the risk profile of firms. Second round reviews will also place greater emphasis on the more important risks identified in the initial reviews and focus on material changes to the original ICA, together with the effects of any events such as acquisitions. There will be greater emphasis on how ICAS is being used within the business and the extent to which ICAS calculation results are used to influence risk management and to prioritise risk management activity.

On banks, building societies and investment firms, our focus will be implementation of the new capital requirements emanating from the European Capital Requirements Directive (CRD). This is a transitional year, as firms may elect to remain on the current rules for some or all of 2007. But all firms subject to CRD must have adopted the new regime by 1 January 2008, and we have found that some have under estimated the time it would take them to develop their Individual Capital Adequacy Assessment Process. Firms in these sectors do need to have an Individual Capital Adequacy Assessment completed and processes embedded within the business by no later than the date that you adopt the new regime.

Treating Customers Fairly

This will continue to be a supervisory priority throughout 2007 across FSA, including RFD. We expect all firms to be implementing TCF in a substantial part of their business by the end of March 2007. We will publish our assessment of the extent to which the deadline has been met across the industry and set out our approach to firms who are making less progress than we expect. It is salutary to remember that all a firm meeting this deadline is able to say is that it is implementing a plan to enable it to comply with a Principle that it should anyway have been complying with since authorisation by the FSA. We recognise the huge amount of work going on of course and the commitment of many, but we will continue to challenge senior management on the management information they use to satisfy themselves that their customers are being treated fairly and to carry out further work to measure how far progress is being made towards the outcomes for consumers we are seeking to achieve.

This year also sees the introduction of the Markets in Financial Instruments Directive or MiFID. It will affect you whether you provide execution only business as a stockbroker, whether you advise clients on investments or publish advertisements. Firms making best progress on treating customers fairly will be well placed to manage these changes as they are incorporated in our new more principles based conduct of business rules for investment business.

Financial Crime

And finally, financial crime. The risk of financial crime is increasing. Methods of carrying out financial crime are currently evolving more rapidly than firms’ and authorities’ responses. The risk of financial fraud continues to increase. Organised criminals have been quick to react to changes in firms’ anti-fraud systems. This has involved seeking to exploit ‘weak links’, for example by recruiting insiders.

On a risk assessment visit recently we questioned whether a firm’s controls were adequate but the senior management maintained that they were proportionate to the risk. A week later the firm called us to say that the police had been on site to arrest an employee who was known to be a member of a gang involved in identity theft. None of us can afford to underestimate the risks or be complacent.

We will this year give greater priority to financial crime issues within the division. We are intending to pilot and, if successful, roll out a principles based approach based on our experience of TCF. This would take a holistic approach to assessing firms’ strategy for reducing the effect of financial crime on their business, the level of engagement and control exercised by senior management and how firms set targets and measure success. This takes us away from assessing compliance with specific rules and guidance and towards engaging with senior management in firms to assess how they identify and manage financial crime risks. Separately, we also plan to conduct a survey to gauge how successful implementation of the new anti money laundering regime has been.

Conclusion

A few words of conclusion. As you would expect, our objectives as a division reflect those of the FSA for retail markets – namely to improve consumer outcomes through achievement of the four pillars for an effective retail market place. But as a division, our large portfolio of varied firms means that we need to reflect carefully on resource allocation over time – so as to devote resource to higher risk areas; and we place particular reliance on Arrow risk assessments to identify risk. Our most immediate priority in 2007 is to stimulate you to move as fast as possible in implementing Treating Customers Fairly (so that we and consumers see improved outcomes in practice), but we continue to focus on sound governance, and on capital adequacy, and will increase our proactive work on financial crime.

And finally, we think it is essential for effective supervision that we have contact with our firms at a range of different levels – with the supervisory team, with divisional senior management; and at events like these. Effective dialogue is particularly important as we move to a more principle based approach, and we very much welcome your feedback.

More Press releases: