Let’s start with the top three challenges firm’s face when it comes to GRC management.
Governance, Risk and Compliance (GRC) and Technology’s Role in the ‘Three Lines of Defence’
[fa icon="calendar'] Aug 12, 2021 9:30:40 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, MiFIDII, Data, GDPR, Culture, Enforcement, supervision, audit, Conduct, auto advice, streamlined advice, AI, GRC, governance, compliance
Why RegTech data matters
[fa icon="calendar'] Jun 25, 2021 10:45:02 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk
We currently have a festival of football with the UEFA European Championship, and you can be assured that each national team coach will be using data analytics to assess their own and opposition teams and players strengths, weaknesses and winning formations.
The FCA RegData and Digital Regulatory Reporting
[fa icon="calendar'] Jun 11, 2021 10:59:11 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk
As of May 2021, RegData completely replaced Gabriel as the FCA’s platform for data collection after a lengthy roll-out to 52,000 firms and 120,000 users. Firms and their users were moved to RegData in groups, based on their reporting requirements.
The FCA Consumer Duty
[fa icon="calendar'] May 27, 2021 4:37:12 PM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk
The FCA first published their duty of care paper in July 2018. Two years on it is now consulting on introducing a new consumer duty. This consultation ties in with the new FCA ‘outcomes’ focused principles based framework and is open until 31st July 2021 and following section 29 of the financial service act 2021, should be introduced by 1st August 2022.
Fish cannot see water
[fa icon="calendar'] May 21, 2021 9:42:19 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk
With Daniel Kahneman’s co-authored latest book, ‘Noise’, we have another instalment for the case of behavioural science in decision making.
Remote working and the compliance challenge
[fa icon="calendar'] Apr 23, 2021 10:16:12 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk, levies
Enforcing regulatory compliance can be enough of a challenge when your workforce is in the office. When they are dispersed, how can you be sure that your marketing and communications collateral adheres to FCA rules?
RegTech: if not now when?
[fa icon="calendar'] Mar 26, 2021 10:46:59 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk, levies
“Business is no difference to sport, data and technology is a very powerful tool, but only if every individual in your team knows how and why they are using it” Sir Clive Woodward England Rugby world cup winning manager
At Model Office we love sports analogies and we would recommend any business who either believes in data analytics or not read or watch Moneyball, an account of Oakland Athletics baseball team’s 2002 season and their general manager’s attempts to assemble a competitive team. The story focuses on the adoption of a ‘sabermetric’ system that employs quantitative diagnostic technology to collect and summarise relevant data from game activity.
This data can measure and predict performance trends and showcase players who are most suited to influencing how a team wants or needs to play to win.
Why is this relevant to financial services I hear you ask?
Well the rule book demands a certain standard of performance as do clients and yes business stakeholders. We are witnessing a digital revolution, some call it the 4th industrial revolution and this provides retail investment advice firms, networks and support services to employ data analytics and diagnostics so they embed an evidence based practice and can assess behavioural trends such as individuals and firm competence, conduct and how this influences their culture and clients. Great for compliance with the Senior Managers and Certification Regime (SM&CR).
The results for a business who does employ such technology can be impressive. RegTech alone can offer high level and granular analysis of how firms governance, risk and compliance management processes are effecting performance. The FCA’s 5 Conduct Questions Programme showcases that firms who monitor and manage compliance risk management create a constructive culture which has a positive effect for sustainable professional performance.
How can RegTech help?
Utilising diagnostic technology can help market participants due to:
- Increased evidence to showcase good practice that can help reduce regulatory levies such as professional indemnity insurance (PII) and streamline audit practice saving time and costs
- Technology integration where application programming interfaces (APIs) can enable tech to ‘talk’ and data share and deliver streamlined regulatory reports across key areas such as:
- Client data quality
- AML/KYC/PEP sanctions
- PROD and Client Segmentation ensuring;
- Services and products are suitable for end client needs
- ESG analysis to assess client needs and objectives
- Vulnerable clients are identified and provided the correct services
- Assessing missing information from client valuations
- AI text analysis to auto-audit compliance policy documents and automat client file reviews
- Advice suitability checks identifying underinsured or underinvested clients
- Assessing adviser supervision and adviser training and competence requirements
- Ensuring Investment, Mortgage, Insurance advice is compliant with COBS, MCOBS and ICOBS
- Self-Audit and aligning business models with the regulations ensuring firms know they comply and assess and rectify blind spots and weaknesses
- Increase Management Information (MI) and cut time and costs associated with compliance
- Move away from ‘swivel chair’ compliance where disparate solutions (mainly spreadsheets) are used, to a single source SaaS or Cloud based dashboard providing heatmapping, AI algorithms to highlight trends and produce streamlined reports
One message that the FCA presents in their business plans is that both financial services providers, networks and support services plus the bodies that regulate them must act to adapt to, and enjoy the benefits of, technology and innovative approaches. This takes courage and a medium-long term view so the real benefits that RegTech can deliver more cost and time efficient practice than current strategies.
Back to sport, you only have to look at examples such as Sir Clive Woodward’s excellent speech at the PFS 2017 Festival of Financial Planning at how important it is for business to adopt and embed analytic and diagnostic technology into their everyday practice. This way they will have all the evidence as to how to ensure sustained professional practice and win!
So, with such benefits in a changing market, the question has to be asked: ‘RegTech, if not now when?’.
PRODing to ensure suitability and client best interests
[fa icon="calendar'] Feb 19, 2021 9:39:01 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk, levies
Having attended another excellent Octo-Members virtual pub event Wednesday (I also enjoyed a ‘virtual’ alcohol free beer 🍺) the topic circled the old chestnut for suitability and appropriateness of centralised investment propositions (CIP) for the business and their clients.
This is a subject that has stood the test of time in generating debate over issues such as value chains, fund managers ego’s, regulatory stance of shoe-horning or retro fitting and off course the old ‘can I use one platform or investment proposition across my client base’ question…
The truth of the matter when debating and attempting to find solutions is that there is no definite solution, it all depends on variables such as the client’s on-going needs and objectives, the firm’s business model, regulatory directives such as PROD and advice suitability, technology solutions and research tools and good old trusted professional behaviour across all relevant stakeholders such as product manufacturers, fund managers and wealth managers, advisers and planners.
What is crucial is that the trusted behaviour meets the high standards the FCA set across conduct (behaviour) and competence (skills) plus ensuring the right culture is in place for individuals to ‘do the right thing’ by their clients. Integrity is key.
It was clear (to me) from the Octo-members virtual pub debate that there are many moving parts but also each component is no silver bullet. For example technology built well is an enabler to efficiency’s across communications, operations, systems and controls but on its own is not going to solely fix the CIP or advice suitability conundrum.
What’s needed is a joined up approach with suitability being the end product of the sum of many parts coming together seamlessly.
The PROD rules can help here. They are aimed at ensuring the product manufacturers build their products with the end user’s needs in mind I.e. the client. Plus, they also need to ensure such products are distributed correctly to the end user, so the Retail Investment Advice (RIA) firms research and due diligence comes in as does, wait for it…client segmentation.
Figure 1 Product Governance Product manufacturer requirements
Dealing with increasing regulatory levies
[fa icon="calendar'] Feb 12, 2021 10:43:14 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk, levies
It's not going away any time soon is it? With IFAs reporting a 76% hike in Professional Indemnity Insurance (PII) premiums the hardened regulatory levies are really biting and squeezing firm margins at a time of economic uncertainty given the on-going pandemic.
At Model Office-MO® we continue to press that regulatory levy stakeholders such as the Financial Services Compensation Scheme (FSCS) Financial Ombudsman (FOS) and PII need to take firm’s soft data i.e. their competence, conduct and culture into account when assessing firm’s risk and potential consumer harm.
Unfortunately and presently, there is a trend to look at the market risk rather than individual firm risk, this can be seen in the recent FSCS plan and budget 2021/22 statement which sees a forecast levy of £1.04BN which represents an increase of £339M from the previous year and there is a £78m supplementary levy (£44.5m invoiced this month).
This increase is down to the fact the FSCS anticipates an ongoing increase in complex pension advice claims and additional failures of self-invested personal pension (SIPP) operators. It also expects increased firm failures due to the economic impacts of the coronavirus pandemic, as do the FCA who estimated up to 4000 firms are at risk of failure given the data received from their financial resilience questionnaires.
As we wrote in March 2020, we also have had the FOS increased limit rise from £150,000 to £350,000 and reports of 300%+ increases in PII premiums post FCA DB pension transfer directives means the industry is now facing a real dilemma. Indeed due to this rise, the FCA says nearly 300 financial advice firms reported their PII cover for claims was non-compliant. So, we have a perfect storm, increasing regulatory levies, a pandemic and increasing potential for customer harm!
What can we do I hear you ask?
The FSCS talk about the fact they are attempting to reduce levies through data analysis and sharing with the regulators , the FCA’s consumer investment data review 2020 wants to ensure customers are educated on financial scams and their 2021/22 business plan wants to ensure all firms offer suitable advice, are resilient and are cyber-secure and the FOS, well….
In relation to these points, firms who use RegTech to audit and analyse their business governance, risk and compliance (GRC) competence and conduct can increase their profile in evidencing data and culture that showcases they are a good risk for PII insurer underwriters which can then have positive influence on renewal rates.
We do remain concerned that the apparent ‘homogenous’ approach to calculating levies and monitoring risk is severely penalising the majority of firms who are doing a good job in operating compliant businesses. At the end of the day, the regulator and FSCS have created a cause and effect conundrum; the higher the levies, the higher the costs to the end user, i.e. the client which completely defeats the FCA premise of consumer protection!
What is very apparent from our work in the RegTech sector is that technology can provide evidence based practice to identify good and bad GRC practice and ensure firms evidence they are ‘walking their talk’ on regulatory GRC competence and conduct requirements.
RegTech that monitors a firms GRC can then provide hard evidence that a firm is meeting all relevant regulatory requirements at business operations, systems and controls and people management level. This can in turn, provide valuable data to PII underwriters across their risk evaluation metrics that a firm risk (rather than a market risk) is the main factor for assessing the premium levels and any necessary premium risk loading.
RegTech can also integrate with InsureTech and thus provide a powerful GRC audit process for those PII underwriters who are adopting technology in their underwriting processes.
The FSCS can also use such RegTech data to better assess the soft and hard facts across business behaviours in the market and come to an informed (evidence-based) judgement on firm levies. Such GRC conduct and competence data should allow the FSCS to class firms more realistically and thus segment the market fairly into those firms performing well, those who need more support and the rogue firms causing the most damage.
There are other potential solutions some eloquently detailed by Personal Investment Management Association (PIMFA) in their excellent 2020 paper ‘A rising tide lifts all boats; a roadmap towards better consumer outcomes and lower levies’and in their 12 recommendations to bring government, regulators and wider industry to work together.
The current ‘homogenous’ approach taken, tends to place all firms within the same class and thus we have the issue where compensation is paid by all, not just those that cause the loss (if they are still active and have not attempted ‘pheonixing’).
By using RegTech GRC data, regulatory stakeholders will be able to better segment the market and thus then identify those firms causing detriment who should pay and if found insolvent then any wind up should include terms for payment of a levy from available assets.
RegTech and Regulatory Levies
[fa icon="calendar'] Dec 11, 2020 11:13:14 AM / by Chris Davies posted in Financial regulation, Financial business development, fintech, regtech, Risk management, practice management, FCA, advice, HMT, suitability, FAWG, FAMR, MiFIDII, SMCR, Data, GDPR, Chatbot, Culture, Enforcement, supervision, audit, Conduct, AI, Risk,, Accountability, Platforms, PROD, Product governance, digital,, Regulatory, Reporting, resilience, cyberrisk
Twitter has been very active with the latest FCA call for input: Consumer Investments and the issues surrounding ensuring fair levies and identifying rogue firms who should bear the brunt of these costs.
Indeed the Model Office team have replied to Question 29 of this paper What more can we do to ensure that compensation paid for fairly by those that cause the loss? which you can read below 👇🏽It showcases how RegTech can ensure that FCA, FSCS and FOS plus PII underwriters can better assess individual firm risk rather than benchmarking the industry based on hard market risks.
Q29: What more can we do to ensure that compensation paid for fairly by those that cause the loss?
The issue the industry faces with climbing regulatory levies is unsustainable with retail investment advice firms (RIAs) expected to shoulder increasing compensation levies against their turnover and squeezing margins thus placing pressure on ability to grow business services to meet client needs and passing on levy costs to their clients.
Also, the fact that the Financial Services Compensation Scheme (FSCS), Financial Ombudsman (FOS) and Professional Indemnity Insurers (PII) all tend to assess market risk rather than individual firm risk is a problem.
In many ways (in our opinion) the FCA are tackling the answer to this question from the wrong starting point. Rather than focus on attempting to identify those rogue firms that are consistently causing consumer detriment through misselling and unsuitable advice. There is a case for adopting Regulation Technology (RegTech) tools that can help identify those firms that are consistently meeting advice suitability regulations and running their businesses in a highly compliant fashion.
RegTech has been on the rise for the last few years and has developed to meet market participants needs for identifying, managing and monitoring regulatory governance, risk and compliance (GRC). As can be seen from the below RegTech Associates regulatory change market map, there are many solutions now available for firms to engage with dependent on their business model, compliance and customer needs.
Image 1 RegTech Associates compliance management market map
What is very apparent from our work in the RegTech sector is that technology can provide evidence based practice to identifying good and bad GRC practice and ensure firms evidence they are ‘walking their talk’ on regulatory GRC competence and conduct requirements.
RegTech that monitors a firms GRC can then provide hard evidence that a firm is meeting all relevant regulatory requirements at business operations, systems and controls and people management level. This can in turn, provide valuable data to PII underwriters across their risk evaluation metrics that a firm risk (rather than a market risk) is the main factor for assessing the premium levels and any necessary premium risk loading.
The FSCS can also use such RegTech data to better assess the soft and hard facts across business behaviours in the market and come to an informed (evidence based) judgement on firm levies. Such GRC conduct and competence evidence based data should allow the FSCS to class firms more realistically and thus segment the market fairly into those firms performing well, those who need more support and the rogue firms causing the most damage.
The current ‘homogenous’ approach taken tends to place all firms within the same class and thus we have the issue where compensation is paid by all, not just those that cause the loss (if they are still active and have not attempted ‘pheonixing’).
By using RegTech GRC data, regulatory stakeholders will be able to better segment the market and thus then identify those firms causing detriment who should pay and if found insolvent then any wind up should include terms for payment of a levy from available assets.
For example Model Office-MO® is able to segment GRC activities broadly into 6 keys areas: Focus (all key compliance directives include suitability) Engagement (Client and Stakeholders) Promise (Service proposition, product research and due diligence (incorporating PII risk assessment) advice strategies, tools and technology) Systems (Practice Management operations, systems and controls plus data security and management) People (Human Resource Development, Competence and Conduct) Financial Resilience (Cashflow) The system will then offer a more granular approach across these areas where firms will audit and gain risk based scores across business functions in each key. This offers a risk based approach and ‘hard and soft’ data on the GRC performance on an on-going basis.
Image 2 Model Office 6 regulatory keys
This can then produce a holistic view on a firm’s GRC strategies and gain an appropriate risk based market segmented framework and facilitate a levy directly correlated to the evident firm risk.
We note a risk based approach was investigated by the FCA in CP 18/11 and we would encourage the regulator to adopt RegTech as an enabler to identifying good and bad risk management practice in firms conduct, competence and culture, acting as a benchmark to identify and segment firms by the very nature of the risk they present.
The fact that The FCA Financial Advice Market Review baseline report estimated that a firms direct and indirect compliance costs are (on average) 11% of turnover means there is a real risk that those businesses who are performing well and represent a good risk are suffering and their margins are being severely squeezed, so it is imperative that the regulator walks its talk on RegTech and applies such to ensure firm risk (not market risk) is identified and scrutinised to ensure a fair application of levies and those rogue firms are identified quickly and dealt with appropriately.
If you're interested in finding out more you can book a demo of our software please click below to see MO® in action.