15 Nov 2021
After a raft of significant regulatory and legislative changes swept across the financial services sector in 2021, many organisations have entered this year with a sense of optimism and availability – and prepared to tidy up management of conduct risk.
Back in 2017, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry found entities had failed to provide adequate attention to issues of regulatory, compliance and conduct risk. These widespread failures were typified by practices of insider trading and market manipulation, non-compliance with disclosure obligations, misleading and deceptive conduct, and breaches of customer promises.
"With increased expectations from customers, the community and regulators, uplifting product and service design is considered foundational to sustained growth and rebuilding trust for the financial services sector.”
In order to better support organisations with the management of conduct risk, including product and service design, significant reform was brought about. This included changes to the existing Hawking prohibitions, updates to Industry Codes to elevate consideration of Vulnerable Customers, and the introduction of the Design and Distribution Obligations.
While organisations were forced to focus on the implementation of these specific pieces of reform, sight was often lost over the broader management of product and service design. As the post-Royal Commission pendulum continues to swing, organisations are left wondering where they are better off focusing - to get their house in order - while dealing with the impacts of the pandemic on consumers.
With increased expectations from customers, the community and regulators, uplifting product and service design is considered foundational to sustained growth and rebuilding trust for the financial services sector.
There has been a varied approach across the industry and jurisdictions that can broadly be organised into three categories. While these are three distinct approaches to managing conduct risk in product and service design, they can also be seen as a continuum of maturing practice, shifting from minimum standards into a broader conduct risk mindset and then towards better practice as demonstrated in other jurisdictions.
While the regulatory regimes have been comprehensive in nature, they were not intended to replace good governance or business practices supporting product and service design.
For example, where organisations have been required to implement the Design and Distribution Obligations, this has often resulted in:
Notably, the scope of these regimes is often limited to specific products and services or customer cohorts. While some organisations are choosing to extend the application, or the principles found within, this narrow approach often leaves unidentified and/or unaddressed conduct risk in product and service design practices.
With the forming of the Australian Securities and Investment Commission’s (ASIC) Corporate Governance Taskforce and release of its report on non-financial risk, many organisations have reviewed existing practices on operational risk, compliance risk and conduct risk. The deficiencies in process and governance highlighted as part of that report acted as a stark reminder for directors and executives – effective oversight and appropriate behaviours will drive the adequacy of managing non-financial risk.
While the focus on non-financial risk is significantly broader than just product and service design, organisations that have actively focused on, and appropriately invested in, the management of conduct risk have benefited in how products and services are being managed.
For example, some organisations have reviewed existing conduct risk frameworks to ensure:
Deloitte expects the focus on non-financial risk will continue to be on the regulator’s agenda for years to come. As such, organisations will benefit from reciprocating this focus at both an operational and strategic level – with a commitment across board and management.
In the UK, the Financial Conduct Authority (FCA) continues its heightened attention on conduct risk which may result in consumer harm, shaped by the economic and social impacts of the pandemic.
Overall, the FCA’s Consumer Duty requirements intend to achieve a similar outcome as the introduction of the Design and Distribution Obligations in Australia. In particular, an outcome where products and services are designed to meet the needs of consumers and sold to those whose needs they meet.
A post-implementation review of the Design and Distributions Obligations to ensure they are effectively embedded is a crucial step for organisations in their execution of product and service design. Proactive and holistic management of conduct risk is required to progressively monitor, identify and address poor conduct. Isolation or remoteness will no longer be accepted as an excuse for instances of misconduct.
As organisations continue to advance conduct risk practices in product and service design there has, unsurprisingly, been a focus on the use of data and metrics to accelerate the identification of any potential conduct risk issues.
Product and service design conduct risk metrics range from product specific metrics, such as expected profit versus actual, to broader metrics that connect a number of separate data points, such as analysis of customer product mix or sales volumes/growth in a branch or region to identify outliers or unexpected patterns.
Importantly, more mature organisations have recognised data and metrics may only provide one part of the picture and so they balance metrics with outcome-focused testing. Outcome testing is the holistic review of a customer’s journey to determine whether, based on their individual circumstances, they received a fair outcome.
Outcome testing goes well beyond traditional quality assurance methods which test mainly whether policies and processes have been followed. Undertaking robust and accurate outcome testing plays an important role in ensuring that organisations have appropriate oversight of how customers are treated.
So while the management of products and services may not always excite organisations in the short-term, those committed to tidying up will be well-placed and appropriately aligned to the expectations of customers, the community and regulators.
By shifting the organisation sustainably from minimum standards into a broader conduct risk mindset, and then towards better practice as demonstrated in other jurisdictions, the industry as a whole can expect to experience improved outcomes.
Rosalyn Teskey is a Partner at Deloitte
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organisation”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.
15 Nov 2021
13 Nov 2020