The Consumer Duty: Harm, Intolerable Harm, Foreseeable Harm

By Simon Tweddle

“The Consumer Duty will set higher and clearer standards of consumer protection across financial services and require firms to act to deliver good outcomes for customers. We set out here the findings from our review of firms’ plans to embed the Duty within their businesses.” What the Financial Conduct Authority in the UK opened with in their latest communication on the subject.

They have conducted a review of the implementation plans from a selection of larger fixed firms. Fixed firms are those with a dedicated FCA supervision team. Keep reading even if you’re not a fixed firm. Why? Because this is an opportunity to take some action, and like the Dear CEO letter earlier this month there are some clear messages and expectations albeit with a slightly softer tone. If you haven’t read our overview, it’s available here - The Consumer Duty: is this a paradigm shift in consumer protection?

Foreseeable Harm

It’s an interesting choice of words, and very much in keeping with a regulatory agenda that has spawned the basis for an ICARA, Wind Down Plans, Operational Resilience and now Consumer Duty. If you search the word ‘harm’ on Google (other search engines are available) you will see numerous definitions and synonyms. I’m going to choose a few. I recommend you do the search too, you’ll see a common theme even if you don’t agree with the definition and synonyms I’ve chosen.

What is Harm?

“Harm is defined within the Act, as all harmful conduct and/or: behaviour that causes physical or psychological harm for example harassment and intimidation, causing fear, alarm, or distress. unlawful conduct which adversely affects property, rights or interests such as theft, fraud or extortion.” [Source unknown]

What are some other words for Harm?

Word Cloud. Synonyms for Harm.

That creates a different emotional response doesn’t it? I deliberately kept the word mischief in there. A euphemistic label if ever I heard one.

Reasonableness

The Duty is underpinned by the idea of “reasonableness”. Under the Duty firms are required to take proactive steps to avoid harm. Proactive steps, this is key. If you are proactive there is an expectation that harm can be avoided and therefore was foreseeable. Perhaps this is why the FCA wanted to look at the implementation plans. If it’s not obvious from the plan, it probably won’t get done. The FCA make a public statement – the harm is now foreseeable. An oversimplification perhaps, but like the Dear CEO letter there is unlikely to be any respite for firms that fall foul of what the FCA are working so hard at to communicate. There’s even a podcast series - FCA Media Library

What did the FCA observe from the plans they reviewed?

They have effectively made a start on a “Consumer Duty Planning Good Practice Guide”. Here are some of our thoughts on what they said:

  1. Don’t assume you’re not in scope because you don’t face retail customers, look carefully at the definition of a retail customer: some business customers may fall into scope.

  2. Don’t do what some firms did for Operational Resilience and assume that what you’ve already got is good enough, and on that subject…

  3. If you’ve implemented Operational Resilience properly you will already understand where you rely on third parties for the manufacture or distribution of your products and services: leverage that work to ensure you share information with other firms in sufficient time.

In discussing embedding the substantive requirements, the FCA said: “Firms should ensure that, when they are reviewing their products and services, communications and customer journeys, they identify and make the changes needed to meet the new standards.”

The FCA went on to describe their key findings across the following categories

  • Governance and oversight

  • Deliverability

  • Third Parties

  • The four outcomes

  • Data Strategies

I’m not going to repeat everything here. I am going to highlight a few good practices and areas for improvement that the FCA put out there alongside my own thoughts.

Governance and Oversight

Assign executive accountability for delivery and board oversight. Involve risk, compliance, and audit teams in a timely manner. While the FCA did not say this exactly – we don’t recommend leaving it all to risk, compliance and/or audit. Be honest in your assessments of what actually needs to be done. If there is a big gap between where you are now and where you need to be, embrace it and understand it. Don’t hide from it. You’ll get found out. Have a plan for business-as-usual (BAU). Over the year I’m sure we’ve all seen project investments wither on the vine. Assign an appropriately senior Champion.

The FCA specifically said of firms that “…suggested that the role be shared across the entire board or executive.”: “While we have not been prescriptive on the champion role, as we want firms to implement this in a way that is effective for their business, this is not what we intended and our view is this will not be an effective approach given the extent it is likely to dilute the role.”

Deliverability

Be realistic about resourcing. If you have a plan that is, to use the FCA’s words: “superficial” and “over-confident”, you haven’t got the resourcing right and you will under invest now and get a surprise later.

Breaking down the implementation plan into workstreams that specifically target each of the four outcomes can be a good approach. Don’t approach things in siloes though and keep an eye on workstreams that the FCA describe as “enablers”. Workstreams, or sub-workstreams that focus on policies, standards, consumer journeys, processes, data and monitoring and cultural embedding. Data and embedding, don’t lose sight of those two words. If you don’t have good data, you won’t be able to produce information for monitoring and this lack of information may lead to issues with embedment.

Third Parties

I’m not going to dwell on this. How many firms have got their third party risk management frameworks in order? If left fallow, eventually this catches you out.

The Four Outcomes

This was an interesting read. “Some firms had identified where they will need to build on existing product governance and assessment frameworks”. “We identified plans where clearer consideration is being given to whether products and services offer fair value to different groups of customers, including those with characteristics of vulnerability or with protected characteristics.” Overall, the FCA seemed to paint a picture of good progress. However, “other plans seemed rather complacent…” and linked to what I highlighted above:” If firms are behind in their thinking about how exactly to conduct these reviews and gap exercises effectively, they risk being behind in their planning of how long such exercises will likely take.”. Resources, resources, resources.

Data Strategies

Do you have a data strategy (full stop)? I’ll just leave that out there. I’m sure some of you are reading this and thinking yes, we do, and we’re working towards it (I’m guessing it’s the minority). You can’t boil the ocean, eat the elephant or whatever the latest phrase for taking on too much is. The FCA observed that not all plans clearly explained the data requirements to monitor compliance with the Duty. If you haven’t thought about how you are going to measure the outcomes yet, get cracking. These sorts of projects have timeframes that are measured in at least weeks, if not months.

What else did the FCA say?

“We will soon be sending a survey to a sample of firms to help us understand the progress they are making in implementing the Duty and will carry out targeted engagement with smaller firms.

“We will shortly be issuing letters to firms, highlighting our key expectations on implementing the Duty and some of the key risks and consumer harms we are concerned about in their sectors.”

And bear in mind, that if you are engaging with the FCA on other matters that may have had an impact or may have an impact in the future on retail customers you should be prepared to answer a few detailed questions about what you’re doing about Consumer Duty. Whether you’re a fixed or flexible firm the FCA might just ask to see your plan. We recommend you read the FCA’s publication too. Link to their website here

What’s next for you?

Be ready, talk to us. Get in touch info@shapesfirst.com

If you’re an AFEP member we look forward to seeing you on February 22nd at the Consumer Duty Conference.

Previous
Previous

Preparing for DORA Step 2 - ICT Related Incident Reporting

Next
Next

Preparing for DORA Step 1 - Enhancing Governance and Risk Management Frameworks