In today’s world the financial and reputational importance of managing conduct and culture cannot be underestimated. According to Reuters by 2015 misconduct had already cost UK's banks £53bn over 15 years and the world’s top banks £200bn. The Financial Services market remains plagued by high profile incidents and declining public perception, leading to increased scrutiny and reform. Corporate culture and conduct continues to be a significant focus for regulators globally, with many seeing individual accountability as a key instrument for control with regimes such as the Manager in Charge (MIC) in Asia and Senior Manager & Certification Regime (SM&CR) in UK.
But regulation and legislation alone cannot control an individual’s behaviour and decisions. What role does culture have to play, who is responsible for managing culture and conduct, and how can we embed and measure progress against such an intangible concept? This blog explores the role of SM&CR in managing culture and conduct.
The role of the Boards and Senior Managers in shaping Corporate Culture
“There has not been a case of a major prudential or conduct failing in a firm which did not have among its root causes a failure of culture as manifested in governance, remuneration, risk management or tone from the top” Andrew Bailey, CEO FCA.
As defined by John McLaughlin culture is a system of shared assumptions, values, and beliefs, which governs how people behave in organisations. Whilst conduct is the way culture manifests itself in people’s day to day intentional and unintentional behaviour and decisions.
There is a growing understanding across the industry that leadership drives culture which in turn will drive performance. Culture can ultimately be a competitive advantage or an organisation’s Achilles heel. Demonstrating the right behaviours is not only paramount to institutions which have lost trust in the eyes of the regulator, the public, and their stakeholders, but also to candidates, particularly millennials, when choosing their employer for whom brand, reputation and ethical behaviour is a key deciding factor.
The FCA, PRA and FRC in the UK believe culture starts with leadership. “Boards must have a responsibility for culture and must exercise oversight” FRC. The Board themselves must also lead by example, behaving in accordance to the culture they wish to instil. There is a prescribed responsibility under SM&CR for Culture, which often resides with the Chairman, but who is responsible for the conduct of an organisation, managing and overseeing Conduct Risk on a daily basis? Many organisations have struggled with this question as we see responsibility for Conduct Risk moving between CEO, CRO, CCO and COO.
The essence of SM&CR is personal accountability requiring Senior Managers to be comfortable that they are taking reasonable steps in discharging their responsibilities. In order to satisfy these requirements, Senior Managers must ensure that their strategy, governance, business model and underlying culture are aligned and can adapt to regulatory changes. Thus ‘culture, conduct and accountability’ go hand in hand, yet still we see many organisations tackling SM&CR, Conduct Risk and Culture in different projects/teams with little alignment or ownership.
A failure to meet the standards imposed will render an employee liable to enforcement action. In addition, "any employee will be liable to disciplinary action by the PRA or FCA if they are found to have been “knowingly concerned” in a breach" Berwin Leighton Paisner. As in the recent case of Charles Palmer, CEO Standard Financial Group Ltd. The regime is a step change for the industry, but how many institutions are set up to manage this? Do Senior Managers really understand the implications of the regime?
Creating an environment for success
As SM&CR extends to all FCA-regulated firms, bringing an extra 47,000 firms within the scope of the regime, are institutions creating sustainable change or just seeing it as a tick box exercise? How many institutions are embedding the management of conduct, culture and accountability across their organisations or are they just updating job descriptions and responsibility maps to get them over the line?
SM&CR is a key instrument to manage culture, but it can’t be implemented simply through an updated governance structure. An organisation’s operating model needs to align to ensure the full employee lifecycle considers SM&CR from recruitment to exit. The most challenging aspect of the SM&CR is facilitating a culture of risk management and compliance. A number of financial institutions have embarked upon cultural change programmes. Not a surprise after the number of fines that have been issued since the crisis - it’s a lot cheaper investing in good practice, than being subject to another long investigation by the regulator. Yet many organisations will struggle to demonstrate that the SM&CR requirements are properly embedded, so what still needs to change?
Create the environment to ‘speak up’ – Many leaders of organisations talk about having an ‘open door policy’ and capturing ‘the voice of the people’ but are they truly listening to what is being said or do they think they know better? John Higgins’ work on speaking truth to power, emphasises the importance of open and transparent communications and explores the concept of being silenced and silencing others. We believe it is the responsibility of people in a position of power to create the environment for people to speak freely, only then will they be aware of the conduct of the organisation and how to manage it.
- Define what good looks like and focus on desired critical behaviours –many organisations take a scattergun approach to addressing challenges in their culture without identifying those elements that have disproportionate impact on business outcomes. It is more effective to prioritise a handful of behaviours and embed them across the operating model, starting with defining what they look like at their best. This focused effort can help to prevent the organisation from reverting back to established norms.
- Build robust processes underpinning the employee lifecycle – it is essential that the introduction and ongoing management of the SM&CR is built on a foundation of robust processes across the employee lifecycle, ensuring that the business can focus on addressing the cultural behaviours which need to be adopted and embedded. Many organisations are just considering the new HR processes and not enhancing the end to end lifecycle and implications across all areas of the organisation.
- Measure and govern Culture, Conduct and Accountability – bringing culture, conduct and accountability together and using the right metrics to measure behaviour is paramount. Many organisations pull together a list of metrics they have to their disposal rather than thinking through what outcomes they are looking to measure and therefore what metrics can directionally impact the behaviour. It is also important to consider trends not just incidents, in order to identify a ‘dripping tap’ before it becomes an issue. Creating a governance structure that presents a voice from all levels of the organisation is key to bring qualitative and quantitative data together.
Final thoughts – what’s next?
It’s been a long, winding road since 2008 for the entire Financial Services industry and distrust is still prevalent throughout. Financial institutions appreciate the importance of implementing and complying with SM&CR and are taking steps to change culture. Nonetheless, there is still a way to go before trust is restored and with the onset of further regulation and scrutiny, leadership and sustainable change are the key to long term survival.