Written by inCOMPLIANCE® on Tuesday July 31, 2018
Many will be familiar with the adage ‘what you measure is what you get’. It is generally cited as a warning to everyone in risk and compliance that by selecting certain indicators (in any business) you are in danger of steering corporate behaviour towards fulfilling those measures, often to the exclusion of everything else. The indicators and measures selected soon become ‘targets’, and other desirable behaviours that happen not to be measured get ignored and are probably not rewarded. This is the basis of target-driven selling, which has underpinned misselling in many sections of the industry.
The trend in compliance for many years has been to avoid or mitigate such problems by widening the basis of measurement using balanced scorecards, which are intended to offset productivity measures with a basket of quality-of-business and compliance measures (such as the number of complaints, breaches, or levels of persistence as proxies for suitability). These may or may not connect to remuneration.
This perfectly logical methodology is a regulatory requirement in some jurisdictions, such as in Singapore, where a balanced scorecard approach is required for measuring and setting compensation for financial advisers. This approach is given greater force by coupling measures directly to claw-back. It is worth mentioning that there is a risk of unintended consequences here too in that, by requiring certain compliance behaviours, lower overall standards may emerge as practitioners settle for the regulatory minimum standards rather than working towards a more aspirational level.
As we turn our attention to the UK Financial Conduct Authority’s (FCA) Senior Management & Certification Regime (SM&CR) (and related initiatives emerging in other jurisdictions) any compliance dashboard or data gathering exercise must consider:
(i) What are the (combination of) possible measures that could provide sufficient comfort to the board that the necessary SM&CR conduct and culture is (becoming) embedded?
(ii) How should the firm demonstrate suitable systems and controls to their regulators?
Some of these measures could be displayed in an integrated SM&CR dashboard reviewed at each board meeting or may form extensions to existing dashboards, and some will need to be verified by internal audit.
Clearly, some of these measures may emerge as being more important for certain sectors and types of firm, but I suggest that measures around statements of responsibility/duty of responsibility and the code of conduct will emerge as most significant for the board and for the regulator.
Many will recall the introduction of Treating Customers Fairly (TCF) by the UK Financial Services Authority (FSA) in 2006-7. There was much discussion about appropriate management information, and, over time, TCF dashboards have become an established part of the way in which compliance reports to the board. SM&CR is a cultural initiative of similar import and appropriate practice will undoubtedly emerge. Part of the TCF approach taken by the FSA was to suggest qualitative indicators rather than prescribe precise measures. The FSA published a paper on indicators of good TCF culture that can still be accessed here.
Following the structure and style of this publication, it should be possible to start to elucidate indicators of a positive or negative SM&CR culture.
A challenge to compliance
SM&CR preparation and implementation is a matter of consistently building a values-led internal culture in the organisation and, as it forms a major component of the 2018-19 FCA Business Plan, we can expect a good deal of regulatory focus on our preparations this year. It represents a challenge to compliance to position its role firmly as part of the overall governance and risk framework. It also is an opportunity to strengthen connections with the board, and the non-executive directors (NEDs) especially, ensuring that a coherent and resilient culture is developed.
Finally, it is worth noting that SM&CR also puts Training and Competence (and fitness and properness) firmly back on the map, so you will need to be sure that all senior management functions and staff in the certification regime are appropriately trained and qualified. This will be important for recruitment and as part of an annual review process. Since compliance is specifically mentioned in the prescribed responsibilities of SM&CR, it is also of paramount importance that compliance and all elements of anti-money laundering and countering financial crime are adequately resourced and individually and collectively fully trained and qualified to the highest level.
This article was written by David Jackman for inCOMPLIANCE® magazine.
David Jackman is Strategic Adviser to ICA, Chair of three regulated financial services firms, and was previously head of FSA Training and Competence and Business Ethics. He is the author of The Compliance Revolution (2015) and Corporate Maturity and the Authentic Company (2018)
The original version of this article was published in inCOMPLIANCE®, ICA's exclusive member-only magazine. To find out more about membership and inCOMPLIANCE®, take a look here.
Are you aware of a problem but unsure as to the cause? ICA Audit helps you drill down to the heart of the issue and highlight the key areas which require attention.
Find out more about ICA Audit: Company certification for your firm
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.