Series 5 Episode 1: Piecing the governance puzzle together

Transcript

Tessa Norman: Hi everyone and welcome to a new series of Risk & Regulation Rundown, the podcast where we share our views and insights on hot topics in financial services, risk and regulation. I'm Tessa Norman. I'm part of PwC's financial services regulatory insights team and I'm your new regular host for this podcast. I'd like to take this opportunity to thank Andrew Strange for his great work in hosting previous series of the podcast, and I expect we'll have him back on as a guest in some future episodes, so we'll continue to benefit from his expertise. For the first episode of this series, we're going to be talking about the topic of governance, which is particularly pertinent at the moment for a number of reasons. So whilst governance has long been an important pillar of the regulatory regime, it's becoming increasingly pervasive to the FCA's approach in the current economic and risk environment, and it's also an area where we're seeing various strands of policy change. So the regulators are currently reviewing potential changes to the senior managers and certification regime, known as SM&CR. There's of course, a very busy ESG agenda, and as part of that the FCA is looking at some potential changes to sustainability-related governance, and we've also got the incoming Consumer Duty, which is going to have a major impact on firms which serve retail customers and there's a significant focus on governance as part of that.

So to help us navigate all of this, I'm delighted to be joined by two guests who are expertly placed to help us and to understand how these various pieces of the puzzle fit together and how firms should be responding. So I'm joined by David Croker, who's the leader of our asset and wealth management risk and regulatory business and a partner in our sustainability practice, and Harry Howe, who's a director in our banking team. Welcome to the podcast.

David Croker: Thanks very much Tessa, really pleased to be here.

Harry Howe: Thanks Tessa.

Tessa: David, do you want to kick us off by giving a bit of context as to why we're seeing such a focus on governance at the moment, thinking about this both from a policy and a supervisory perspective?

David: Yes of course, thanks, Tessa, and I think what's really important to flag, and that you mentioned it in your opening remarks there, is that governance has always been a focus of regulators. I think even if I think back to my time at the FCA as was, which goes back twelve, thirteen years, all of the supervisory work we were doing at the time had an element of looking at the governance arrangements that firms had in place. So whilst it isn't new, I think things like the introduction of the SM&CR in 2016 have, sort of, almost shone more of a light on personal accountability and almost tried to improve standards further and further. The other interesting angle I think, is the growth of ESG. So clearly we're seeing an awful lot of focus on ESG amongst financial institutions at the moment, and we're starting to see regulators catch up with that, and thinking about, 'Actually what does that mean in terms of how organisations run and govern themselves and what does it mean from an accountability perspective?' I think that's, for them, at a corporate level but also thinking about how they then translate what they do for their clients, what they do with their investee companies for example, and how that then reflects on what they're doing at an organisational level as well. You mentioned some in-train policy initiatives from the FCA. I think probably the most important one at the moment is the FCA's discussion paper on governance around sustainability and what that means for financial services organisations going forward. Certainly, the feedback we've had from the FCA is that's designed to be the starting point of a conversation, to get financial services organisations to think about what ESG means in terms of how they need to do things slightly differently, be that from a product perspective, be it from how the board oversees the challenge that sustainability brings. One of the key ones being data, reporting on MI which is something that those organisations will really need to focus on thinking about, but also if you think about some of those broader concepts around remuneration, diversity of thought and challenge, actually they're not ESG-specific topics. They're all topics that the FCA is thinking about, that actually you could point towards that had a governance lens and they would just play to better quality information to drive better quality decision-making for organisations. The other piece I'd perhaps highlight is if you think about the section 166 and the skilled person reviews that the FCA and the PRA both undertake, if you look at those requirement notices over a number of years, there's almost a standing agenda item on all of them, that is to consider how governance has driven the failure or the issue that the FCA or the PRA would like us to consider.

I think that chimes through with what we continually hear from regulators, is that when they look at failings of firms or operational incidents or risks that crystallise, they always look to the governance failings that play to that point. You're seeing letters come through from regulators explicitly asking firms, 'Who's the senior manager responsible for that failure or that part of the business where we've seen an issue?' Then wanting to explore what's gone wrong, and often actually, it comes down to the oversight arrangements that the organisation has in place.

Tessa: Great, thank you, it's a really helpful overview and just shows how many different strands there are to this, and one of the other in-train policy initiatives that we wanted to cover is the ongoing view of the SM&CR, which was announced as part of the government's Edinburgh reforms and the government and regulators recently kicked off that review. Harry, do you want to talk us through that review and why this is something government and regulators are looking at and where we think that review might end up?

Harry: Yes, great, thanks, Tessa, and as you said, you're referring to the 30-plus measures that came out of the December '22 Edinburgh reforms. So currently there's a call for evidence that's been published by HMT and a discussion paper 1/23, due to close at the end of June 2023. I think the first thing to say off that is that I don't think the suggestion is necessarily that SM&CR hasn't worked. I think there's a view that everyone is bought into and aligned to the principles, given everything we went through in the last financial crisis. I think there's an acknowledgment that it's gone a long way towards sharpening focus on outcomes, conduct and behaviours as part of that, and so it has been effective to some extent. This is being badged as an opportunity to review the scope, proportionality and effectiveness of the regime and possible areas in which it might be improved, and so I'd summarise and I probably wouldn't do it justice, the drivers to the call for evidence in the discussion paper were just set out as delays in approvals, so approval of SMFs, so senior manager functions, in their roles. Possibly the bigger issue is scope creep and proliferation in terms of expectations of SMFs, particularly in light of emerging risks and interaction with other regulatory regimes. So if we haven't mentioned it already, we'll talk about new Consumer Duty, operational resilience, diversity and inclusion. I'll come on to some other specifics shortly, but also questions around the breadth of the certification regime and information frequency of information to be provided under that. So that's just a flavour of a few of the drivers behind that, and in terms of the changes that might come out of that, I might reserve the right to comment on that, so the devil will be in the detail, as and when that date comes and goes at the end of June 2023. What I would say is I'd caution, so I'd expect evolution rather than revolution on that front, so I would expect to see some tweaks and changes to that as part of those potential reforms.

Tessa: Yes, and I'd agree with you there, I think we're unlikely to see a wholesale change to the regime but there are likely to be some tweaks, and I think that scope piece and how it's gradually changed over time especially as the regulators have expanded their remit is a really interesting angle to this. You mention Consumer Duty as part of that. David, it would be great to get your thoughts on, the Consumer Duty and how we're seeing that impact firms' approaches to governance. The Duty's coming into force in July 2023. So how are firms starting to think about governance in relation to that?

David: I think first, the Consumer Duty represents a significant shift in the way that the FCA particularly is looking to regulate financial services organisations. I think, given it's the first big piece of post-Brexit, FCA-created regulation, actually it's going to be something that they're going to look at with a level of scrutiny, I think, that we haven't seen for some of the other major regulatory regimes that have been introduced. I think, when you think about what it actually means for firms and that shift away from not necessarily just having to evidence that you're not delivering poor outcomes to your clients, but actually needing to be able to evidence that you're delivering good outcomes for investors is a monumental shift in terms of what those firms are going to need to be able to pull together to evidence that’s the case. I think that probably the key challenge that we're seeing our clients face is the data and the MI that's going to need to be created and produced internally to allow you on an ongoing basis to evidence that and to get a board and relevant committees comfortable that that's the case. We've heard from regulators they're expecting the Duty to be embedded across all of the governance, the culture of an organisation, and again, I think we're starting to see firms recognise the level of work that's needed, not just to, meet the July deadline, but to embed this on an ongoing basis. I think one of the things that will be interesting is there will be organisations that perhaps place too much confidence in legacy processes to get them over the line. They haven't naturally thought about how you future-proof this and how you ensure that your organisation is ready, on an ongoing basis to demonstrate compliance. So, I think that the over-arching message is it's a significant shift and I think it will require our clients to think quite differently around how they govern themselves.

Tessa: Yes, absolutely, and I think those issues around MI and data definitely go beyond Consumer Duty and into lots of other areas that firms are grappling with as well. So, what are some of other challenges and issues that firms are facing and that the regulator is trying to address with some of the governance plans that it's looking at?

David: Yes, I mean, if you look at, again, sort of, pulling together some of those themes that we've seen come through both section 166 notices, some of the challenge that we know that firms have been given by the regulator and some of the conversations that we're having directly with the regulator, I guess you can point to a few key themes that continually flow through the FCA's concerns around governance. I think one of those is around actually overseas parents and actually ensuring that those overseas parents, when thinking about how to structure UK operations, are fully cognisant of UK regulatory expectations and also UK governance standards, which isn't always the case. I think, in a lot of cases, firms do that really well but there are instances there where actually there's watered-down governance in the UK because a lot of the decision-making happens overseas, which we know regulators here in the UK aren't big fans of. I think increasingly we're seeing challenge around the quality of debate that occurs at UK board level, so looking at whether dominant characters that sit on board, whether all topics are getting equal air-time for discussion. Again, I think, we continue to see firms rightly very focussed on financial performance, and especially in the current economic climate, but perhaps less focussed on some of those risk and regulatory issues that we know that regulators would like to see firms thinking about and actually can lead to better quality decision-making as you look forward. I think it's all underpinned by, 'Are the board seeing the right information?' We continue to see boards being given board packs that are 700, 800, 900 pages long three days before a board meeting, where they can't possibly digest the information within that pack to have a meaningful debate, meaningful discussion and to make well-informed, educated decisions. So we continue to see that as being a key challenge coming through the regulator, in terms of challenging firms on 'What are you showing people and why are you showing that, and actually, what are the key decisions that you want to see coming out of that?' So, quality of debate, quality of MI, I think, are really important as you think about some of the governance issues the regulator is trying to address.

Tessa: Yes, absolutely, and Harry I know that you support many firms with the authorisation process. Are there any challenges that you see, particularly thinking about those prospective and newly-authorised firms, that you'd add to the points that’s David's made?

Harry: Thanks Tessa, and I think it's fair to say you could probably write a long paper or book on this subject, I think. I see David nodding there, and before we actually even talk about the prospective and applicant firms, it's worth just considering the challenges in the governance and senior-manager space for existing firms and just remembering that there were 47,000 firms added to the senior managers' regime in December 2019. So, they're all still very much bedding down with just what it's like to be an SM&CR firm, as part of that, so that's a very recent change. I touched earlier upon the way they're trying to grapple with the interaction between the senior managers' regime and different regulatory regimes that have come in, including consumer duty, operational resilience, climate change, the themes that David spoke to. I'd also note in supervisory statement 5/21, just as an example, the interaction between governance and booking model, just, again, as an example of actually how does that work in terms of responsibilities? So how can one individual in the UK be responsible for a multifaceted booking network? David touched upon the interaction of group and overseas parents and how does that work in terms of touchpoints not just in terms of the senior managers' regime, but also from a governance perspective, and I think the final point on that note is actually really perhaps historically governance meant let's just set up a committee, and similarly that almost slipped into a case of let's allocate an SMF or a senior manager to do that. And actually we all know that the real thrust of it goes beyond that.

Obviously that's a starting point and a first step but actually how do you go about embedding that? Actually what's the split of accountability between that individual and the contract with the other senior managers and key employees within the firm? So circling back to the authorisation process, obviously those challenges still exist for prospective firms in terms of trying to get the balance right with those regulatory expectations. I think the greatest challenge we certainly see in the firms we work with is around just recruiting the right individuals, given regulatory expectations. Again, if you look at recent market events, we can see the importance of having the right individuals in place to challenge the business model, the risk management framework and the funding models, etc., that sit under that. I mean as I move through my thoughts I think it's also key to have a proportionate and effective governance framework. Again, it's not just about having a committee to cover everything off, otherwise people's diaries are just formed of committees as part of that. And I think two other points of note just to bring it to life are around the FCA recently published their business plan, end of Q1 2023, correct me if I'm wrong, I might be out by a month or two. You'll see in there that there's a real key focus on for prospective firms' financial resilience and financial forecasting. Which, again, obviously that is a key part of the governance framework and actually the overlay and oversight of that. And also a focus on the monitoring high-risk business models, again, for prospective applicant firms. So, that's obviously a key part in terms of senior management and governance oversight of business models and strategy going forwards. And, again, you'll see that's carried out and played out in the fastest-growing firms’ FCA-thematic, around the importance of governance, particularly in the capital adequacy, capital management ICAPS, well, what was ICAP, now ICARA SREP process is part of that. Look, jumping across sectors, if you look at the PRA's supervisory statement 3/21, expectations of new banks, you can really see how their expectations evolve in terms of even from composition of the board, but in terms of how you go about what their expectations are of risk management, stress testing, capital management, so on and so on. You can see the various themes that underpin and sit under governance there, so there's a lot to grapple with for prospective firms, as well as ongoing firms.

David: Harry, just to pick on your point there about the right individuals on the board, I think that's a really important point, and I think increasingly our clients are finding it difficult to find the right individuals with the right skills, recognising the need for diversity of thought, diversity of challenge, but equally a regulator that's very focused on solo entity governance and wanting to make sure that the people overseeing those activities have the right skills in place to deliver those. I think particularly, when you think about the non-executive aspects and the independence of the challenge there is a finite pool of skilled people to fill those roles for a very large population of regulated firms as you highlighted. So a really interesting challenge, I think, for our clients.

Harry: It's a question that comes up from our clients all the time, does this individual need to have this experience to do it and there's an element of chicken and egg, so it's a really interesting one to grapple with.

Tessa: Absolutely, and you also touch on really well there, Harry, all the different aspects of this and how that fits together. David, what are your reflections on how the related policy and supervisory initiatives that we've covered fit together and how should firms be thinking about that and making the right links between them?

David: Yes, I mean I think with all these things, and it's a message that I continually give to my clients is not to think about individual supervisory processes or individual pieces of regulation in isolation. I think with all of these things we've touched a lot around how governance permeates everything that a firm might do. Actually taking a step back and thinking strategically around how do you put in place the governance that works for your organisation, that addresses those various supervisory-focused areas I think is the most important thing for our clients to do. There's various aspects of that, we spent a lot of time talking about data MI reporting, but actually governance can be hugely improved by getting the right decision-oriented, actionable management information that really quickly brings key data points to the board or the committee's attention, to allow them to make educated decisions. And that's not ESG-specific, it's not risk-specific, actually that happens across the board. I think if you then think about, I put my ESG hat on, my sustainability hat, there are so many new regulatory regimes coming through, so many new pieces of regulation, so many reporting requirements. Again, you need to get the data, the MI, the reporting in a place that the board can quite quickly look at it, can quite quickly understand it, but have got comfort in the underlying processes that you know that there's some integrity behind what the board is being presented, because they can't possibly look at absolutely everything, but they need to know that processes are in place, controls are in place, those controls are working to mitigate the risks that the business has identified for itself. So, lots of challenge, but I think what's been perhaps most pleasing is you start to , interact with the FCA on some of these topics, they recognise some of those challenges and I think they're encouraging firms to think slightly more strategically around how they want to govern themselves, to deliver the right outcomes for their investors, their customers, so bringing it back to that consumer duty lens of almost how do you do this? We're not going to be prescriptive, we're not going to tell you this is what good governance looks like, but actually a firm can determine what good governance looks like in the context of its own operations.

Tessa: Yes, absolutely, which is all part of that shift towards more outcomes-based approach regulation which I think gives firms that greater flexibility, but there's challenges that come with that as well, keeping on top of that fast-moving regulatory agenda we're also, of course, seeing lots of market changes in terms of tech changes and elsewhere. How are we seeing firms adapt their governance practices to changing business models? How can firms make sure that their governance practices and processes are fit for the future?

David: Yes, I think, to be honest, firms probably haven't evolved their practices quite as quickly as they might have done given the nature of the interchanging environment, but I think if I put my asset management hat on and the recent FCA discussion paper on the future of asset management, there's a number of things that are proposed there as opportunities or options for the sector to drive doing things differently. They include completely different approaches to products. So thinking about utilising blockchain and tokenising asset management products. Clearly the skill set, the nature of oversight, needs to look very different in a world where you're leveraging new technologies, you're moving away from that traditional fund structure. It will need different skills, it will need the board to get more engaged in some of those pieces, it'll need a much bigger focus on product governance, product development, ongoing product suitability, those types of aspects that happen today but perhaps not quite as a granular level. You've got different ways to deliver information to customers, some of that will be picked up in a consumer duty piece, but again there's a huge tech data automation angle to all of that and I think a lot of financial services boards have some aspect of IT and technology sitting on them. I think increasingly it's going to become a really important skill for all board members to really get their heads around digital automation technology to enable them to demonstrate really effective oversight of the business.

Tessa: Harry, is there anything that you'd add to that in terms of what you see among your clients and how their business models are changing?

Harry: Thanks Tessa, yes, and I think just to echo everything that David said, but really I think the point that-, one point I scribbled down is this word comes up and you see it in various aspects of regulatory documentation publication, which is the fact your governance arrangements have to be commensurate to the business and you have to scale up accordingly. So in some ways it's beyond even just fighting the last decade's battles, it's a case of actually your business has grown, the risk profile has evolved and you haven't scaled up or recognised that as part of that. So that's the first thing I'd say, I think the other point I'd make and this is linked to that is, again, looking forwards, so there's a need for you as a board and executive to regularly assess your business model, your strategy and the associated risk profile that comes with that, and assessing the skill set required at board and ExCo level. So that's something that would sit very much with the chair in terms of what we'd see. So really just thinking about what's the skill set you're going to need to manage the risks coming through the pipeline? Obviously we all talk about horizon-scanning, but it's almost horizon-scanning plus, actually what do we need from a governance perspective? David touched upon the digital and tech angle, and I know that was an area that a lot of firms were looking to recruit for, again, at board and executive level, and that's a skill set that's in demand but hard to come by. So really just making that regular assessment and not taking a static approach to the way your governance framework is composed, and I think it would be remiss of me not to talk about new consumer duty as part of that. Again, a lot of our clients, if you speak to anyone they would say of course our customer's at the heart and centre of our business model but actually the burden of proof is on you to prove that to the FCA as part of that under the new regime. So, whilst it may be obvious to you and everyone may be brought in from the firm's side, it's actually a case of ensuring that you can articulate that fully to the FCA. So just ensuring they really genuinely are at the heart and centre of the business model and strategy and that you're able to clearly demonstrate that.

Tessa: Great, thank you very much, both of you, that's been a really fascinating discussion. It's been great to hear how pervasive this issue is and also how all of those challenges are evolving, from skills to technology to consumer outcomes, it's been brilliant, thank you very much. To our listeners I hope you've enjoyed this conversation and thank you for listening. As always please subscribe to future episodes and rate and review this series, as it helps other listeners to find us. If you'd like to hear more from us on risk and regulation please look out for our regular publications on our website, which we'll link to in the show notes, and we'll be back next month with our next episode.