Building a Consumer Focused Culture – What the Central Bank Expects of Leaders - Gráinne McEvoy, Director of Consumer Protection

10 October 2018 Speech

Grainne McEvoy

Address by Gráinne McEvoy, Director of Consumer Protection, to Chartered Accountants Ireland Risk Management and Internal Audit Conference

Good afternoon Chair, I am delighted to be here at your Risk Management and Internal Audit Conference. I particularly welcome your focus on the subject of Leadership and Culture which is very timely from the Central Bank’s point of view.

I would like to talk to you today about our supervisory work on Behaviour and Culture, and its wider implications for risk managers and internal auditors such as yourselves. While the most recent work we have done in this area relates to banks, in the first instance, it will likely resonate more widely as the role of culture in delivering organizational transformation is relevant to all leaders – in both the public and private sectors, in financial services and beyond.


In the decade since the financial crisis, global banks’ misconduct costs have reached over $320 billion with the result that public trust in financial institutions remains very low. This lack of trust is particularly evident in Ireland. Of 28 markets surveyed, Ireland is the least trusting of the financial services sector, according to the 2018 Edelman Trust Barometer. This is hardly surprising given that, in the years since the financial crisis, the lenders have paid c. €580m in redress and compensation to customers denied a tracker mortgage or put on the wrong rate.

Given that misconduct can cause consumer detriment and even threaten the safety of financial institutions, regulators are increasingly focusing on how firms identify and manage conduct risk, which has many drivers, including inappropriate, unethical or unlawful behaviour. Additional rules, regulations and codes have been introduced to force improvements in corporate governance structures and practices (e.g. CRD IV, MiFID II, and Corporate Codes for Banks). Serious governance failures are driving these changes; however, the root cause of a great deal of these failures is an underlying poor culture. Regulators have recognised these cultural flaws and have begun to turn their attention to focus on culture and behaviours in regulated firms.

The former head of the then UK Financial Services Authority contends that “the crisis exposed significant shortcomings in the governance and risk management of firms and the culture and ethics which underpin them.”. The President and CEO of the Federal Reserve Bank expands on this further with noting that “culture shapes every conversation, every decision, and every action; it is at the root of whether an organization performs in a manner consistent with its mission, or not.”


An organisation’s culture can either be one of its biggest strengths or its most harmful liability.

Consequently, it is important to gain an understanding of culture and how it influences a firm or group’s or organisation’s behaviour. While culture is somewhat difficult to define (and even harder to measure), we can deduce that culture is a learned and accepted set of shared beliefs and values that influence behaviour in an organisation. Hence, it is crucial that organisations are aware of the important role that culture plays in shaping behaviour or “programming” the mind far more so than written rules. Culture guides people when there are no rules or no one is there to enforce those rules, “it is the way we do things around here’’.

During the course of the Central Bank’s Tracker Mortgage Examination, we identified a number of cultural issues that were standing in the way of fair outcomes for consumers. For example, we found banks taking a legalistic approach rather than doing the right thing by customers, and offering initial compensation proposals that fell well short of our expectations.


While such issues were addressed through the Examination, they raised serious questions in our minds and in the minds of the wider public about the current - and not just the historic - culture in the banks. So much so that the Minister for Finance requested us to prepare a report on the current cultures and behaviours in the retail banks today and any actions that may be taken to ensure banks prioritise customer interests in the future. In July of this year, we published a detailed report assessing the current culture at AIB, Bank of Ireland, permanent tsb, Ulster Bank and KBC.

We worked with our Dutch counterparts in De Nederlandsche Bank (‘DNB’), recognised leaders in this field of behaviour and culture, and used a model combining the best of our respective culture and consumer protection frameworks. The aim was to provide a snapshot of the current culture in the five retail banks.


The review team comprised conduct and prudential supervisors, governance risk experts and behavioural psychologists. The reviews were broad and deep, including both on-site and off-site assessments. We conducted 1,400 hours of desk-based review, more than 500 surveys and 75 interviews, observed meetings and assessed decisions in each bank.
Our assessment focused on the executive committee of each bank – because the tone from top is a fundamental driver of the behaviour and culture in an organisation.


In summary, we found that Irish banks have a distance to travel to embed a truly consumer-focused culture.

The reviews found that while all five banks are working to embed a consumer-focused culture - one in which consumer needs are identified, discussed and taken into account - some banks are more advanced than others. The reviews also revealed behavioural patterns in leadership, strategic decision-making and mindset that could jeopardise the successful transition to a consumer-focused culture. For example, we saw executives continuing to operate in a “firefighting” mode remnant of the crisis. We saw too much focus on short-term and legacy issues rather than consumer interests. We discovered some reversal to “command and control” leadership styles. And we sensed over-optimism – banks believing that because they had weathered the crisis, they could deliver on the change agenda, effectively under-estimating the scale of the task ahead. Additionally, the banks have much more work to do to ensure their organisations are sufficiently diverse and inclusive, particularly at senior level, to prevent group-think, and to guard against over-confidence and promote internal challenge.

The outcomes of this work are naturally confidential on an individual bank basis. But we have sent the individual bank findings to the supervisory boards of each bank and have required them to create an action plan to address the concerns we identified and to mitigate the associated risks. We are in the process of presenting our observations in person to the boards of the retail banks to ensure we drive the conduct and culture message home and impress upon them the high priority we are attaching to this issue.


It is globally recognised that regulators cannot prescribe culture for individual firms. However, regulators monitor, assess and influence culture within firms in order to guard against conduct risk and drive fair outcomes for customers.

In addition, we believe that organisations that have an effective culture share a commitment to high standards and values such as honesty, integrity and reliability. Like other regulators worldwide, the Central Bank is increasingly insisting that firms comply not only with our regulations and codes, but also that the people who lead the firms we regulate and supervise set the right tone from the top and create a culture that minimises the risk of misconduct.

In business, of course, shareholder value and the bottom line are important. But it is also important that financial institutions operate within the regulatory framework and that their leaders build a culture that also serves their customers and the wider economy.
Christine Lagarde, Managing Director of the International Monetary Fund, put it well when she visited Dublin earlier this year - saying that “those working in the financial sector must be as serious about values as they are about valuation, and just as passionate about culture as they are about capital.’’


As Director of Consumer Protection, my objective is to ensure that the best interests of
consumers are protected and that confidence and trust in the financial system is enhanced through effective regulation.

The Central Bank expects the firms we regulate to understand the risks faced by their customers and to manage those risks effectively.

  • We expect firms to focus on delivering fair outcomes for consumers and not just on maximising shareholder return.
  • We expect firms to ensure all consumers are treated equitably, honestly and fairly at all stages of their relationship with the firm.
  • Treating customers fairly should be an integral part of the good governance and corporate culture of all firms.

To establish this culture, we expect firms to understand the sources of risks to consumers, to enable them to identify and proactively manage these risks.

Our supervisory tools are evolving to help supervisors assess how firms’ consumer protection risk management frameworks are designed and governed and, importantly, how effective they are in practice at delivering fair consumer outcomes.

As you are aware, the Central Bank generally adopts a risk-based approach to supervising firms’ conduct at a sectoral, rather than firm-specific level. We are now moving towards more intrusive firm-specific supervision to complement our existing sectoral thematic engagements. We are developing a new consumer impact model to help us determine which firms pose the greatest potential harm should conduct issues arise. We are increasing our supervisory intensity in the area of conduct and consumer protection risk to ensure that Boards truly understand the importance of embedding a consumer focussed culture.

We will undertake more frequent, targeted use of our Consumer Protection Risk Assessment (CPRA) tool. As you are aware, this tool assesses the design and effectiveness of a firm’s governance and control measures to enable it to identify, manage and effectively mitigate the risks it poses to consumers. We expect firms to fully recognise their responsibilities in relation to the governance and management of Consumer Protection Risks and to place these responsibilities among their top priorities.

We want to see evidence of a clear understanding at board, board committee and management committee levels of key Consumer Protection Risks. Boards must be able to demonstrate not only that there are controls and policies in place, but also provide concrete evidence that they understand the risks that their culture, operating environment, strategy, business model, internal structures and behaviours pose to consumer protection and what mitigations and actions firms put in place to address these.
Whether you are engaged in product development, changes to your services or changes to your strategy, you must be able to show that you have considered the impact on the customer. This is not about tick-box compliance with our regulations and codes, but rather about being pro-active and pre-emptive and putting the consumer at the heart of the business.

Our view is that if banks wish to restore trust, they must earn it – this cannot be achieved solely through rules and processes, but also in the way they are interpreted and practiced.
In May this year, Thomson Reuters published its fifth annual survey on how firms around the world are managing the challenges presented by the regulatory focus on culture and conduct risk. Over the past five years of the survey, firms have reported persistent challenges in creating a separate working definition of conduct risk, with just over half of the firms in the UK and Europe (54%) reporting having a separate working definition of conduct risk in 2018.

I can’t stress enough that the starting point for every firm is to understand and define conduct and consumer risk in the context of its individual strategy, business model, culture, systems and controls. Our recent targeted CPRAs found that more needs to be done by regulated firms in Ireland in terms of devising working definitions of conduct risk. It should go without saying, but if you don’t define the risk, then how can you possibly manage it?


It is generally recognised that, in the aftermath of the financial crisis and more recent misconduct issues, most financial institutions need to rebuild trust with their customers, shareholders and the public at large. But what they sometimes fail to see is that they must first earn that trust by demonstrating that they are in fact trustworthy. And that is where culture comes in.

Culture is important from both a prudential and conduct perspective. It should be driven by institutional standards such as fairness, respect, integrity and honesty. Internationally, it is recognised that culture must be continually managed and monitored at a senior level within firms.


As recently as April 2018, the Financial Stability Board identified lack of accountability for misconduct as a key cultural driver of misconduct and recommended that national authorities identify and assign key responsibilities, hold individuals accountable and assess the suitability of individuals assigned key responsibilities.

Against that background, the Central Bank is recommending individual accountability measures to drive better behaviour. These include proposed Conduct Standards for all staff in regulated firms, such as acting honestly, ethically and with integrity; additional conduct standards for senior management; and standards for businesses.

We are also recommending to government that a Senior Executive Accountability Regime (SEAR) be implemented through legislation which would place obligations on firms and senior individuals to set out clearly where responsibility and decision-making lies for their business. These requirements would assist in assigning responsibility to individuals in a regulatory context and decrease the ability of individuals to claim that the blame for wrongdoing lay elsewhere.

The primary purpose of the Central Bank’s reform proposals is to act as a driver for positive behaviours and recognition of responsibilities by individuals.


It is important to stress that no system of regulation can prevent all conduct risk, or indeed other risks, before they materialise. It is inevitable that consumer protection issues will arise that could not have reasonably been foreseen or may be the result of fraud, criminal conduct or human error. The Central Bank works to ensure that our system of supervision is kept under continuous review; that consumers are sold suitable products and services; that where systemic issues arise, we take corrective action swiftly to ensure detriment to consumers is redressed; and that enforcement actions are taken against firms and individuals where appropriate.


Schein contends that the only thing of real importance that leaders do is to create and manage culture. The boards and senior managements are custodians of the cultures of the banks that they lead. It is their job to set the tone from the top, to ensure it is echoed from the bottom up and visible throughout the organisation. It is your job as risk managers and internal auditors to help them identify and manage conduct and consumer protection risks to ensure that the consumer-focused culture to which they all aspire is actually delivered on the ground.