Beyond Covid-19: Conduct risk and the regulatory reckoning awaiting the UK’s financial institutions
28 September 2020
The economic impact of the Covid-19 crisis is resonating across the UK’s financial institutions and their employees. It has already resulted in dramatic changes to the financial risk profiles of banks and other financial institutions.
In the aftermath of the pandemic, boards and senior managers will be held accountable for failures and regulatory breaches, and Senior Managers and Certification Regime (SMCR) requirements will be enforced notwithstanding the working environment being virtual. Firms and senior leaders need to ensure that the decisions, judgments and actions they take through this crisis can withstand close scrutiny in the years to come.
The lessons that emerged from the global financial crisis of 2008 provide a practical insight into the challenges that lie ahead. In its wake, UK regulators reviewed the decisions of firms and senior leadership during the crisis, ordered detailed remediation programmes in relation to regulatory failures and levied record fines in relation to the worst conduct such as rogue traders, market manipulation, and market abuse. The total bill for the financial sector globally from regulatory findings after the event ran to billions of dollars and the SMCR rose from the ashes.
The legacy of misconduct following the last crisis means that, in the current crisis, regulators’ focus is firmly on conduct. In our view, three areas of conduct risk are likely to come under particular scrutiny from regulators as to how financial services firms handle the difficult and conflicting pressures generated by the Covid-19 crisis:
- market conduct risks
- retail conduct risks
- conduct issues in relation to small and medium-sized enterprise (SME) lending decisions.
Market conduct risks
Banks need to be vigilant for the heightened risks of market abuse and must ensure that the expectations of the company in relation to culture and conduct are clearly and frequently communicated. Management information and frequency of reporting must be adapted for the Covid-19 environment and the market abuse risk assessment should be updated to consider increased risks, such as risk of misleading statements by corporates and insider dealing.
Ironically, the relaxation of corporate reporting timelines designed to ease the supervisory burden on firms may have heightened the risk of insider dealing as material nonpublic information (MNPI) has to be protected for much longer periods. Front office controls, monitoring and surveillance of conduct may need to be adjusted to take account of market conditions and changes in working practices.
The crisis has undoubtedly increased the pressure on some firms and individuals to perform financially and this can create an incentive towards misconduct. In parallel, the remote working arrangements that firms have put in place can make misconduct more difficult to identify and control.
Banks, for example, have faced challenges meeting minimum requirements in relation to recording voice communications and relating to the lack of physical oversight of e-communications channels such as social media. There has been a huge spike in the use of the encrypted messaging app WhatsApp as thousands of finance workers have been relying on personal devices more in their home-working setups. Some of the biggest global banks are testing technology that would allow them to record and monitor employees' WhatsApp messages1. Firms are also using trading limit controls, more frequent supervisor check-ins and daily attestations to bridge the controls gap created by the lack of physical oversight.
Retail conduct risks
On the retail side, the customer treatment approach needs to be reassessed for the Covid-19 environment, taking into account regulatory encouragement towards forbearance, but balancing this with existing contractual obligations and the possible longer-term adverse impacts of the crisis on a customer's financial position.
The position of vulnerable customers is also likely to remain a priority of the Financial Conduct Authority (FCA) in the context of Covid-19. Communication with customers is essential, and senior managers must be fully informed as to how frontline staff have been trained in revised customer treatment policies.
Management information should include data monitoring as to whether customer treatment policies including customer complaints information are being applied correctly. All actions and decisions should be thoroughly documented, in a manner that demonstrates the reasoning and not just the outcomes of the decision-making process. Clear records will be critical in the aftermath.
Conduct issues in relation to SME lending decisions
The FCA’s “Dear CEO” letter concerning banks’ lending to SMEs encouraged banks to pass through to businesses and consumers, as soon as possible by way of loans, the benefit of the measures such as The Coronavirus Business Interruption Loan Scheme (CBILS ) announced by the government. SMEs can borrow up to £5million under CBILS with the government guaranteeing 80% on each loan and covering the first 12 months of interest payments. The Scheme has now been extended to 30 November 2020.
In practice, banks are being encouraged by the FCA and indeed the Treasury and MPs to adopt a higher credit risk tolerance than they would have adopted before the pandemic in order to support SMEs. While the activity of business lending to SMEs is not directly regulated in the UK, the SMCR will apply to senior managers in banks, and each bank should have at least one senior manager with clear responsibility for the activity of lending to SMEs and fair treatment in relation to them2.
When considering an application under the CBILS scheme, banks are therefore in a difficult position. They must take a view as to how the loan will be repaid, relying on judgment as to credit risk in the absence of reliable financial forecast information. If they do lend to companies that subsequently cannot afford the repayments and are forced into liquidation as a result of the banks pursuing them before claiming under any guarantee, then the lending departments of these banks may come in for regulatory criticism on the basis that they failed to apply prudent lending and affordability requirements.
On the other hand, if they do not lend, businesses that do collapse during the pandemic might turn to the courts to blame banks for failing to lend through the government loan scheme that was expressly designed to keep them afloat.
Banks can only act reasonably on the information they have available about credit risk, in the knowledge that their judgment will be under scrutiny in the aftermath of the crisis. However, banks need to consider carefully how their lending schemes under CBILS are administered, and what conduct risk frameworks are in place to minimise the risk that subsequent inquiries into banks' decisions conclude that banks acted unreasonably. Moreover, banks' lending decisions must be fair as between different cohorts, with differences in outcomes objectively justifiable and reasoned – and recorded in writing.
There is no doubt that in the aftermath of the crisis, the FCA will follow up with enforcement action where there is evidence of firm-wide or sector-wide failures to act reasonably, fairly and consistently in relation to SME lending.
The road ahead
Senior-level decision-making and oversight during the Covid-19 crisis are undoubtedly challenging and complex. However, if firms do not navigate the challenges in these conduct risk areas to maximise the chances of fair and reasonable outcomes for their stakeholders, then there is likely to be a serious regulatory reckoning when the dust settles.
Investigations Insight blog: FCA enforcement priorities during and after the pandemic
- Bankers beware: Financial giants to monitor staff WhatsApp messages, Financial News, 18 May 2020
- The FCA will take into account the Lending Standards Board's (“LSB”) Standards of Lending Practice for business customers (as amended for Covid-19) when considering how senior managers and other bank employees discharge their duties in relation to SME lending, and bank CEOs and boards must take reasonable steps to ensure that the designated SME-lending senior manager is discharging their duties suitably and effectively. LSB has made a statement to the effect that it would consider participating firms’ compliance with the requirements of the government’s schemes to be compliance with the relevant provisions of the Standards of Lending Practice.