Back in 2017, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry found entities had failed to provide adequate attention to issues of regulatory, compliance and conduct risk. These widespread failures were typified by practices of insider trading and market manipulation, non-compliance with disclosure obligations, misleading and deceptive conduct, and breaches of customer promises.
"With increased expectations from customers, the community and regulators, uplifting product and service design is considered foundational to sustained growth and rebuilding trust for the financial services sector.”
In order to better support organisations with the management of conduct risk, including product and service design, significant reform was brought about. This included changes to the existing Hawking prohibitions, updates to Industry Codes to elevate consideration of Vulnerable Customers, and the introduction of the Design and Distribution Obligations.
While organisations were forced to focus on the implementation of these specific pieces of reform, sight was often lost over the broader management of product and service design. As the post-Royal Commission pendulum continues to swing, organisations are left wondering where they are better off focusing - to get their house in order - while dealing with the impacts of the pandemic on consumers.
How the industry responded
With increased expectations from customers, the community and regulators, uplifting product and service design is considered foundational to sustained growth and rebuilding trust for the financial services sector.
There has been a varied approach across the industry and jurisdictions that can broadly be organised into three categories. While these are three distinct approaches to managing conduct risk in product and service design, they can also be seen as a continuum of maturing practice, shifting from minimum standards into a broader conduct risk mindset and then towards better practice as demonstrated in other jurisdictions.
While the regulatory regimes have been comprehensive in nature, they were not intended to replace good governance or business practices supporting product and service design.
For example, where organisations have been required to implement the Design and Distribution Obligations, this has often resulted in:
- Detailed expectations in product and service governance frameworks, policies and procedures;
- Increased frequency and robustness of review cycles for products and services; and
- Greater transparency over the distribution of products and services through reporting.
Notably, the scope of these regimes is often limited to specific products and services or customer cohorts. While some organisations are choosing to extend the application, or the principles found within, this narrow approach often leaves unidentified and/or unaddressed conduct risk in product and service design practices.
Non-financial risk update
With the forming of the Australian Securities and Investment Commission’s (ASIC) Corporate Governance Taskforce and release of its report on non-financial risk, many organisations have reviewed existing practices on operational risk, compliance risk and conduct risk. The deficiencies in process and governance highlighted as part of that report acted as a stark reminder for directors and executives – effective oversight and appropriate behaviours will drive the adequacy of managing non-financial risk.
While the focus on non-financial risk is significantly broader than just product and service design, organisations that have actively focused on, and appropriately invested in, the management of conduct risk have benefited in how products and services are being managed.
For example, some organisations have reviewed existing conduct risk frameworks to ensure:
- Conduct risk is defined and understood;
- Conduct principles are established and embedded;
- Conduct reviews are undertaken and actioned;
- Conduct processes are simplified, rationalised and optimised; and
- Conduct stories are shared to bring conduct principles to life.
Deloitte expects the focus on non-financial risk will continue to be on the regulator’s agenda for years to come. As such, organisations will benefit from reciprocating this focus at both an operational and strategic level – with a commitment across board and management.
Higher consumer duties
In the UK, the Financial Conduct Authority (FCA) continues its heightened attention on conduct risk which may result in consumer harm, shaped by the economic and social impacts of the pandemic.
Overall, the FCA’s Consumer Duty requirements intend to achieve a similar outcome as the introduction of the Design and Distribution Obligations in Australia. In particular, an outcome where products and services are designed to meet the needs of consumers and sold to those whose needs they meet.
A post-implementation review of the Design and Distributions Obligations to ensure they are effectively embedded is a crucial step for organisations in their execution of product and service design. Proactive and holistic management of conduct risk is required to progressively monitor, identify and address poor conduct. Isolation or remoteness will no longer be accepted as an excuse for instances of misconduct.
As organisations continue to advance conduct risk practices in product and service design there has, unsurprisingly, been a focus on the use of data and metrics to accelerate the identification of any potential conduct risk issues.
Product and service design conduct risk metrics range from product specific metrics, such as expected profit versus actual, to broader metrics that connect a number of separate data points, such as analysis of customer product mix or sales volumes/growth in a branch or region to identify outliers or unexpected patterns.
Importantly, more mature organisations have recognised data and metrics may only provide one part of the picture and so they balance metrics with outcome-focused testing. Outcome testing is the holistic review of a customer’s journey to determine whether, based on their individual circumstances, they received a fair outcome.
Outcome testing goes well beyond traditional quality assurance methods which test mainly whether policies and processes have been followed. Undertaking robust and accurate outcome testing plays an important role in ensuring that organisations have appropriate oversight of how customers are treated.
So while the management of products and services may not always excite organisations in the short-term, those committed to tidying up will be well-placed and appropriately aligned to the expectations of customers, the community and regulators.
By shifting the organisation sustainably from minimum standards into a broader conduct risk mindset, and then towards better practice as demonstrated in other jurisdictions, the industry as a whole can expect to experience improved outcomes.
Rosalyn Teskey is a Partner at Deloitte