What does good governance look like for financial

Back in 2018 the FCA published a discussion paper on transforming culture in financial services.

What does good governance look like for financial

13 Jan 2020

Graeme Stewart

The paper contained several articles written by prominent industry figures around the themes of:

  • Is there a 'right' culture
  • Managing culture and the role of regulation
  • The role of reward, capabilities and environment in driving behaviours
  • Leading cultural change
The FCA stated that “culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent years, causing harm to both consumers and markets.

"To make sense of 'culture' from an FCA perspective, we start by defining it as the habitual behaviours and mindsets that characterise an organisation.”

Under the senior managers and certification regime (SM&CR), the regulator will be focusing on what it calls the four main drivers of behaviour:

1) A firm’s purpose
2) Leadership
3) Approach to rewarding and managing people
4) Governance arrangements

The cynics among us may notice there are some default, oft-quoted lines when talking about culture and governance.

These are that culture is “what happens when no one is looking” and that no one can define what good governance looks like “but we know it when we see it”.

For the less cynical, I want to approach this issue in as pragmatic a way as possible, particularly while we are in the very early days of the SM&CR.

So just what does good governance look like, and how can senior managers be confident they are making good business decisions?

What good governance means in practice

While it might not feel like it, the SM&CR isn't about more compliance rules. 

FCA director of life insurance and financial advice Debbie Gupta has said: “Advisers and advice firms should prioritise learning to make ‘acting in the customer’s best interest’ a meaningful cultural driver of ‘what good looks like.’

"The key test for culture is that people do the right thing even when there is no rule or guidance to help them."

Creating an ethical boardroom, and good governance generally, isn't about codes or rules. 

It involves:

  • strong leadership
  • a positive culture
  • robust systems and controls
  • effective risk management
Let's take each of these in turn. 

Strong leadership

This is where the business is led from the top.

Senior managers don't have the luxury of planting the seeds and standing back to watch as good culture grows.

They must lead by example, following the procedures (or changing them), not just adhering to the code of conduct but also creating a 'speak up', open and transparent place to work.

Positive culture

I've previously predicted that more team meetings would be held under the SM&CR.

This is one way where a positive culture can be nurtured and grown.

Regular meetings, where the purpose is to share best practice, discuss what's going well and talk openly and positively about what isn’t, can only be an advantage when it comes to achieving great client outcomes.

Leaders can drive forward with their vision of what the firm is about, its purpose and demonstrate that clients are at the very centre of the business.

By constantly reviewing actual results against what is desired, you can then build an action plan to address any gaps in skills, knowledge, systems and controls or processes.

Team meetings are also a great platform to carry out staff training, not just on the code of conduct rules but as a way of updating staff on the firm's policies on things like complaints, whistleblowing or the advice process.

Robust systems and controls

These may relate to the advice process, the service proposition, the way the firm deals with vulnerable clients or the threat of cybercrime.

Regardless of the subject, all staff need to be fully aware of what the policy is, and what their part in that process is.

Only in an open and positive culture can people then identify any gaps in their skills or knowledge to complete their role effectively.

These policies should be reviewed at least annually, but their effectiveness will be tested daily and discussed regularly at team meetings and senior manager meetings. 
Effective risk management 

Every business will have slightly different risks and a slightly different risk tolerance attitude towards them.

The key is to recognise what these specific risks are, and what the appetite is to address them.

For example, for smaller firms the risk of losing key staff is generally higher risk than if the firm has 10 full-time administrators and 10 advisers.

As a result, smaller firms are more likely to need a plan for temporary cover. 

At the very least, each firm needs to have a robust business continuity plan (BCP) which is tailored to the firm’s individual needs.

This is not about rules, but because it makes good business sense and is part of a good firm's culture.
Other examples might be tackling an over-reliance on a small, local IT firm, or having a training plan that reflects the nature of the business written rather generic performance indicators. 

Good decision making

For the FCA, good decision making comes down to good management information, or MI. 

It also says MI should be:

  • accurate, seen and challenged
  • analysed and monitored in a timely way
  • Relevant and acted upon
  • Consistently recorded
The good news is all businesses are awash with MI.

The bad news is there's often so much of it, that it is difficult to see the stuff you need.

Firms will get their data from a range of sources, including their advice register, compliance reports, their training and competence scheme or their internal key performance indicators. 

Other data might come from file review outcomes, complaint registers, third parties or clients surveys, plus many other sources besides these. 

To make sense of it all, senior managers need to have this information to hand in order to make decisions, both day-to-day decisions and those for the long term.

Continuing professional development now applies to non-advising staff so it’s not just senior managers or advisers that need to be on top of their CPD plan.

It may be worth having someone in your business, such as your head paraplanner, take responsibility for reviewing FCA standards and the latest software developments, so that staff can be trained accordingly.  

Putting the MI to work

To make sure your firm acts on its MI, it's worth having regular meetings with the senior managers where an agenda is set, decent minutes are taken and action plans are set to address any issues.

These meetings will become more valuable and productive where more time and effort is put into setting the agenda and with the relevant MI to hand.

Smaller firms may want to consider inviting their locum to attend if they have one, or any third-party business support. 

A good agenda will include:

  • The key business KPIs
  • The client proposition and delivery of the ongoing service
  • Output from training and competence activity, such as file review outcomes