Governance, Culture and Ethics. Simon Morris 12 June 2015

Transcription

1 Governance, Culture and Ethics Simon Morris 12 June 2015

2 Looking at 1. Culture & ethics C+E=R 2. Governance G=M+R

3 What is culture? 1. Key part of a firm s risk management strategy 2. Reflects a) Principle and Fundamental Rule 1 (integrity) b) Principle 11 and Fundamental Rule 8 (cooperation with the regulator) 3. Absence of culture drives multiple problems

4 Failure in risk culture 1. Viewed as a root cause of the global financial crisis 2. Also of headline risk and compliance events a) London whale rogue trader b) LIBOR manipulation. 3. And at an FCA level

5 What goes wrong with firms culture? 1) He was responsible for the unacceptable pressure sales culture at his previous employer and that he was actively maintaining the same culture at the firm. 2) There was a culture of helping as opposed to challenging the traders and questioning whether their explanations were correct. 3) XXXX s breaches were systemic and flow from XXXX s failure fully to embed a culture which recognised the importance of treating customers fairly. 4)... the culture of Corporate was strongly focused on revenue rather than on risk adjusted returns. 5) AAAA failed to treat its customers fairly contrary to PRIN 6 by allowing a culture to develop in the BBBB business which prioritised revenue generation over the interests of customers. 6) ZZZZ developed a profit driven culture where profit targets were met by taking advantage of existing customers in pursuit of sales. Extracts from Final Notices

6 Cultural weaknesses can be pervasive at all levels Senior management Profit driven culture Failed to embed TCF Control functions No culture of challenge Operational management Sales pressure Focus on revenue

7 Culture is centrally important to risk management 1) Culture is the firmwide expectation that business will be conducted in an ethical and legal manner with a strong risk culture 2) The right tone and standard of behaviour at the top is a necessary condition for sustained improvements in standards and culture but, for lasting change, the tone in the middle and at the bottom are also important 3) A risk culture that promotes prudent risk-taking discourages unrestrained profit maximisation supports an environment that is conducive to ensuring that emerging risks are appropriately recognised, assessed, escalated and addressed Standard of ethics + firmwide all levels => sound risk management

8 Culture supports risk management Further aspects of a positive risk culture are a) Risk is owned at business level, and that transparency and open dialogue are encouraged throughout the product, service or transaction lifecycle to ensure that risk issues are identified and escalated. b) All employees should promptly identify, manage and when appropriate escalate risk issues, should be held accountable for their actions and are made aware of the consequences of breaching the firm s risk policies.

9 The PRA agenda The PRA expects firms to have a culture that supports prudent management and that the board leads in establishing, embedding and maintaining a firm s culture. Key elements are a)management properly understand the risks that the firm faces; b)senior management i. articulates the values, ii. iii. iv. monitors the culture, rewards consistent behaviour and acts on inconsistent conduct; c)risk management and control functions have adequate authority; d)individuals act consistently with the firm s safety and soundness.

10 How do you measure culture? The FCA s view 1) Senior management sets the tone from the top a) Personally demonstrating key firm values and b) creating a culture where all staff have a responsibility for acting to high ethical standards; 2) Applying the culture as actual business practices; a) How it responds to and deals with regulatory issues; b) What customers experience when buying a product or service from front-line staff; c) How it runs its product approval process; d) Its market conduct; e) Its remuneration structures; f) How its board engages in these issues, considers the firm s strategy and ensures that products are sold to target markets.

11 3) Supporting the right behaviours through a) recruitment and promotion policies, b) performance management, and c) employee development and reinforced through programmes that incentivise and reward staff to encourage the right outcomes. Senior management should be asking not whether a product or strategy is legal, but whether it is right and in the best long-term interests of the firm s clients

12 What does FEMR say about culture? Focused on FICC markets But wider application Asking how to measure culture Is risk management valued within the organisation? Are risk issues and events proactively identified? Are risk issues and policy issues ignored, excused or downplayed? Are line managers effective role models?

13 What does bad look like? Dishonesty a) Dishonest dealing with customers firm avoided meeting investors claims by transferring assets to a third party at an undervalue; firm dishonestly purchased securities for customers accounts without their consent; b) Misleading the regulator firm dishonestly misled the regulator about the involvement of an unapproved senior manager in its business; firm deliberately withheld documentation from the regulator and provided false information; firm made false and misleading statements to the regulator, concealed documents and impersonated witnesses; c) Misleading customers firm dishonestly misled customers about its research into the securities that it promoted; firm knowingly gave misleading advice to customers; firm entered into transactions intending to mislead purchasers, participated in fraudulent transactions and created misleading documentation.

14 Recklessness a) High pressure sales firm created a high pressure sales-driven environment and recklessly exposed customers to the risk of receiving unsuitable recommendations; b) Distributing products when aware of problems firm recklessly promoted a share scheme ignoring warning signs that it was fraudulent; c) Not managing conflicts firm recklessly failed to manage conflicts of interest between itself, its associates and its clients; d) Breaching own procedures firm knowingly or recklessly breached its own procedures and also deliberately vetoed the performance of an appropriate compliance-related routine; e) Retaining unsuitable staff firm deliberately engaged an unapproved person in a senior position despite knowing of his unacceptable conduct; f) Ignoring a regulatory requirement firm continuing regulated activities in breach of regulatory requirement to cease them.

15 So the formula is C+E=R Culture plus ethics => effective risk management

16 Governance Formalising culture + ethics G=M+R Governance = management overseeing risk

17 Some elements of governance 1. The Board 2. Senior management 3. Allocation & oversight of responsibilities 4. Risk function and its attributes 5. Line management s role 6. Risk communication 7. Remuneration

18 1. The Board a) Ensures organisational structure is effective b) Monitors firm s business objectives & strategy c) Ensures risk effectively identified d) Selects and oversees senior management e) Is alert & challenging Plus f) Balance of skills, diversity & expertise g) NEDs to provide challenge h) Effective decision making by Board and Committees i) Group structure form follows function j) Oversees subsidiaries while respecting independent legal & governance responsibilities

19 2. Senior Management a) Overseen by the Board b) Oversees effective risk management c) Expertise, competence & integrity d) Clear and transparent organisation, procedures & decision making e) Maintains watch on regulatory issues f) Allocates and oversees responsibilities

20 3. Allocation & oversight of responsibilities a) Risks mapped b) Responsibilities allocated c) Clear flow of information against identified metrics & risks d) Appropriately overseen e) And actioned And the proof? a) Risk map b) Statement of responsibilities c) Job description

21 4. Risk function a) Independent of operational management b) Oversees firm s risk taking functions c) Participates in material risk decisions d) Reports to senior management i. Identify risks ii. Measure exposure iii. Assist establish risk limits iv. Monitor observance e) Risk assessment process f) Monitoring plan g) Monitoring & surveillance of key risk areas

22 Risk function attributes a) Independence b) Stature c) Line of reporting d) Resources e) Authority of approach f) Can oversee and must coordinate with legal, compliance and audit

23 5. Line management has a role The business responsibility i. Understands & manages risks ii. Responsibilities iii. Reporting lines iv. Quality of management information v. Segregation vi. Trading reconciliations

24 6. Risk communication a) Senior management keeps Risk informed of major plans b) Risk provides or ensures clear management information to decision makers c) Firm communicates risk issues & strategy i. Spreads risk awareness ii. Encourages risk dialogue iii. Promotes culture of challenge

25 7. Remuneration a) Aligned sound risk management b) Promote firm s long term interests i. Long-term performance ii. Avoid conflicts c) Incentivise appropriate risk-taking behaviour d) Overseen by Board e) General concern over sales incentives f) Ideal metrics

26 FEMR Governance & controls Firm level governance Independence of board to provide challenge & competence to scrutinise Establishes and promulgates ethical conduct strategy throughout firm. Incentivising good conduct Increased weight on non-revenue factors Embed right factors into pay, promotion & discipline Conduct issues Survey culture to establish vulnerabilities and drivers Strengthen and endorse whistleblowing Refocus risk ownership on management Clarify conflict issues

27 And what does bad look like?

28 Regulatory action for weak governance Ineffectual governance => weak decisioning A firm s governance arrangements for its with-profits business were unclear and inadequate in design and in operation so that there was an unacceptably high risk that policyholders interests would not be protected properly; Failing to put in place effective governance arrangements and controls to identify and manage the risk that its customers would be treated unfairly, and failing to take effective action when issues arose; Diversifying into a new business area without adequate controls and where senior management did not have the skills and experience to provide sufficient control and oversight;

29 Ineffectual governance => other weaknesses Failing to take adequate action in response to concerns identified internally, or brought to the firm s attention by the regulator; A firm s management failing to oversee and ensure that an outsourcing company would treat the firm s customers fairly; Failing to ensure that effective internal governance arrangements were in place to enable it to manage and monitor the risks its customers were exposed to in a number of areas;

30 In summary 1. Culture = firmwide expectation of ethical conduct 2. Culture promotes prudent risk taking 3. Governance = management oversees risk 4. Culture + governance = prudent operation + fair customer outcomes