Conduct Risk, Culture and RegTech - Colm Kincaid, Director of Securities and Markets Supervision

Remarks by Colm Kincaid, Director of Securities and Markets Supervision at Deloitte Ireland Breakfast Briefing 2018

Good morning Ladies and Gentlemen, it is my great pleasure to speak to you this morning.

First, I would like to thank Deloitte for the opportunity to speak to you today. Events such as these provide an important forum for industry professionals to meet and discuss topics of general interest. It is encouraging and commendable to see the topics of culture and conduct risk feature so prominently in your session this morning.

Focus on conduct

In recent years, significant misconduct identified at financial institutions has sparked a renewed intensity of regulatory focus on conduct and culture. In Ireland, this is illustrated most prominently by the Central Bank’s intervention to secure redress and compensation for customers wrongly denied tracker mortgage products or put on the wrong rate. It is also to be seen in our continuing investigations into actions within the lenders involved and our behaviour and culture assessments of each of the five main lenders (supported by our colleagues from the Netherlands Central Bank). However, the prominence of the tracker review should not take from the fact that our focus on conduct and culture spans all of our work and all of the sectors we regulate.

The Central Bank’s work on conduct and culture also needs to be viewed in its international context. As a small, open economy with a large international financial services industry, we all share a responsibility to the development of high standards at EU and international level, and their implementation here in Ireland. Mark Carney has noted that global banks’ misconduct costs could otherwise have been used to support up to US$5 trillion of lending to households and businesses.¹

The large monetary penalties in these cases reflect the seriousness of the misconduct involved. However, the true cost of misconduct lies in its impact on users of financial services and the level of trust they have in regulated financial services as a result. It also lies in the gradual erosion of standards and the stamina of those within industry who would seek to make a positive difference.

The framework of rules

When considering the regulation of conduct, a fundamental starting point is of course making sure that the right framework of rules is in place to govern the conduct of firms and individuals within them. Much necessary and worthwhile legislative reform has taken place at an EU level, from PRIIPs to PSD2, UCITS V, MiFID II, AMLD IV, EMIR, MAD II, MCD and IDD, with paragraphs of detailed requirements running into the millions. There have also been reforms in domestic legislation, from the regulation of credit servicing firms to the important protections the Central Bank introduced for mortgage holders in arrears, improvements to transparency and the underlying protections of our macroprudential lending limits.

The institutional framework of regulation has also been strengthened, directly informed by lessons from the last financial crisis and the need to be well positioned to deal with the next one. This has happened at both an EU level, with the establishment of the European Supervisory Authorities for example, and at the Central Bank of Ireland. The Central Bank’s integrated structure recognises that users of financial services are best protected in a financial system that is stable and focused on ensuring that the best interests of consumers of financial services and investors are protected. Within this, our vision is that the conduct of the entities we regulate, and the individuals within them, fosters a trusted financial system supporting the wider economy, where firms and individuals adhere to a culture of fairness and high standards.   

The conduct challenge

I do recognise that individuals within regulated firms face a challenge in ensuring that their firms comply with their detailed obligations under Irish financial services legislation. Those of you present today who work in regulated financial service providers will be working in an environment of extensive systems, controls and reporting requirements aimed at ensuring that these obligations are met. These systems, controls and monitoring mechanisms are critical to ensuring that your organisation stays on the right side of its legal obligations.

Clearly, this compliance activity comes at a cost and any firm will want to know that its efforts are worthwhile and successful. A key point emerging in this regard is the need for firms to understand day-to-day behaviours across their organisation and drive the right culture if they are to be successful in meeting their regulatory obligations, managing the risk misconduct poses and, ultimately, to be sustainably successful. The work of the Fixed Income, Currencies and Commodities Markets Standards Board is interesting in this respect.² They reviewed 400 cases of misconduct from 19 countries spanning a 200 year period. They then distilled 26 behavioural patterns linked to this misconduct, noting that the behaviours they identified were jurisdictionally and geographically neutral, and cut across asset classes. "This is rational," says their report, since "asset classes do not generate conduct risks — people do"³. They also noted that such behavioural patterns readily adapt to new market structures and technologies.

If we are to ensure the lessons of the crisis are learned in a durable fashion, therefore, compliance efforts must be underpinned by an equally systematic approach to ensuring that a culture prevails within firms that supports the objectives financial services regulations seek to achieve. This means fostering an approach that seeks the outcomes being worked towards not just because that is what the rules say, or the fear of being caught, but because it is the right approach based on acceptable outcomes and customer interests. It also means taking a careful look at how decisions affecting users of financial services are actually made within your firms and who is making them. This includes considering the diversity of your boards and other decision-making forums, given the clear evidence that diversity (including gender diversity) yields better risk-based decisions.⁴

The approach of the Central Bank

The thinking I have referred to underlies the Central Bank’s increased emphasis on culture within the firms we regulate. It can be seen in our Consumer Protection Risk Assessment model and in initiatives such as our behaviour and culture assessment of each of the five main lenders. It will also shape the architecture of our strategy for supervising wholesale market conduct in the years to come, which I will speak about in a moment.

This thinking has also influenced our consideration of the merits of a senior manager regime similar to the one in the United Kingdom.⁵ The prospect of such a regime can be daunting for the individuals who face being subject to it. However, the evidence is there that such accountability regimes encourage positive behavioural changes, improve corporate governance and foster high quality conversations within firms about who is responsible for what, and what is expected of peers.⁶

The role of technology and data

A major practical challenge lies in putting the mechanisms in place to know what culture prevails in your organisation and where outliers may be found. Technology and data play critical roles here, as can behavioural science. You can expect the Central Bank to be increasingly demanding in terms of the scale, depth and quality of the data we require. We will also expect firms to understand their data from a conduct perspective specifically, and incorporate it into an articulated conduct risk framework owned by senior management. As the nature, scale and complexity of financial services conducted in and from Ireland grows, so too will the necessity for you to invest in this technology to harness the data within your firm to monitor behaviours and ensure the right outcomes for your customers, counterparties and investors. A 2017 study by Dresner showed 53% of companies using big data analytics, up from 17% in just 2015.⁷ Some analysts see global data volumes doubling every two years. If so, by 2020 this could see financial services sectors handling tens of exabytes of data.

I cannot of course speak about technology without mentioning the extent to which firms now provide their services through technology. The range of activities spans from tools for consumers to choose a particular product to highly complex algorithmic trading models. These innovations present significant potential benefits. They also introduce new forms of conduct risk. You may not think of such technology actions as ‘conduct’ but they are, and we have had cause to take firms to task for how they have used such tools to conduct their business. Increasingly therefore, we are concerned not just with the conduct of human beings but also the conduct of machines. To take one example, algorithmic high frequency trading now accounts for a significant amount of securities market activity (over half of trading volume in certain cases). Moreover, the tradeable signals harnessed by such activity continue to grow, as information as diverse as newsfeeds, app downloads and even satellite imagery start to feature.  How knowledgeable are you about the machines at the heart of delivering the services of your firm? Who is the senior manager within your firm accountable for their performance – not just in terms of whether such technology might break down but also whether what it does is in line with your conduct obligations and stated risk appetite?

Finally, how resilient are your systems, including to cyber threats? On 13 June, the Central Bank announced its first imposition of administrative sanctions on a firm where there had been a loss of client funds from a cyber fraud as a direct result of the firm’s regulatory breaches.⁹

Wholesale Markets

Before concluding, I want to say a little on our work to develop a new strategy and framework to supervise wholesale market conduct more effectively. I mentioned at the outset the scale of misconduct costs for global banks. It is worth noting that a significant portion of such costs (some estimate as much as 80%¹⁰) have related to misconduct in wholesale markets.

As entities look to re-locate from the UK to other EU countries in anticipation of Brexit, the securities market activity to be carried on from Ireland can be expected to grow. To meet this challenge, we will be developing new, more systematic, capabilities to supervise conduct in wholesale markets. Our approach will build on existing concepts you will be familiar with, such as our assertive risk-based PRISM framework and the philosophy underlying our Consumer Protection Risk Assessments. This can be expected to sharpen the focus of the lens through which we view wholesale market conduct. This work has been accelerated by the pipeline of firms we see seeking authorisation in Ireland. However, our framework will of course apply to existing firms as well as those who choose to establish in Ireland on foot of Brexit. 

In developing our approach, we will have regard to emerging international best practice, as crafted to best suit the particular features of our current and emerging market composition. The details of our approach will be informed by our principles for a proper and effectively regulated securities market, namely one that:

• provides a high level of protection for investors and market participants;
• is transparent as to the features of products and their market price;
• is well governed (and comprises firms that are well governed);
• is trusted, by both those using the market to raise funds and those seeking to invest; and
• is resilient enough to continue to operate its core functions in stressed conditions and to innovate appropriately as markets evolve.

Concluding remarks

To conclude, firms can expect an increasingly assertive and structured challenge from regulators on their conduct, including in a wholesale market context. At the Central Bank of Ireland, we will work to be transparent, professional and even-handed in doing so, and to hold firms and individuals to account for failures to meet their obligations and the standards of their peers.  I encourage you to continue to engage with these important topics at this critical point between the last economic downturn and the next one. Quite apart from the legal responsibilities that come with your firms’ authorisation, investment in conduct risk management now will stand you and your businesses in good stead.

I would like to thank John Rowe for his assistance with this speech.

--------------------------------------------------

¹ See Carney, Mark (2017): What a Difference a Decade Makes, remarks at the Institute of International Finance’s Washington Policy Summit, the Reagan Centre, Washington DC, 20 April 2017.

² The Fixed Income, Currencies and Commodities Markets Standards Board (FMSB).

³ FICC Markets Standards Board, Annual Report 2017.

⁴ See Sibley, Ed (2017): The Importance of Diversity, remarks prepared for the ECB Inspiring Leaders Series, 15 November 2017, and Cronin Sylvia (2018) Diversity of Thought, remarks delivered to the Milliman Breakfast Briefing on 13 June 2018.

⁵ Financial Conduct Authority - Senior Managers and Certification Regime: banking

⁶ See Progress Report by HM Treasury, Bank of England and Financial Conduct Authority: Fair and Effective Markets Review (May 2018).

⁷ Dresdner Advisory Services: Big Data Analytics Market Study (2017).

⁸ Settlement Agreement between the Central Bank of Ireland and Appian Asset Management Limited, 15 June 2018.

⁹ See Yallop, Mark (2017): Rebuilding Trustworthiness in Financial Markets, FT Banking Standards Conference 27 April 2017.