The Financial Conduct Authority (FCA)’s Consumer Duty rules aim to ensure that customers receive good outcomes across products and services, price and value, consumer understanding, and support.
With its challenging requirements and deadlines, including implementation by 31 July 2023, it's no surprise that the Duty’s impact is being felt across entire organisations, including risk functions.
Jaywing recently hosted UK Finance’s Chief Risk Officer (CRO) network to discuss the key priorities and challenges for risk functions in implementing Consumer Duty plans. Below are some key take-aways from the group.
Scope and Definitions
The scope of the Duty’s application stirred debate amongst the CROs, particularly for firms where some parts of their business met the definition (e.g., retail deposits) and others that did not (e.g., unregulated unsecured lending). This raised questions of whether it was appropriate or even feasible to treat customers differently, and whether this could cause conflicts in strategy and culture. For larger more complex firms, the range of products in scope greatly increased this challenge, making it difficult to identify the required changes to their risk frameworks and data strategies.
Although design and implementation responsibilities appeared to fall on operational functions, risk functions' support and oversight were deemed crucial by the group. Compliance teams were also seen as key to appropriate implementation due to their existing relationships with the FCA. However, there was debate over how the FCA will define a threshold for a good and bad outcome, particularly for fair value. The CROs felt that they would need to closely monitor and refine the definitions and their applications over time, especially when managing situations where, despite a firm's best efforts, consumer behaviour still drives an adverse outcome.
Overall, despite the scope and definitions of the Duty presenting complexities, the group felt that changes inspired by the principle would benefit both their firm and their customers in the long run. Some firms were even applying parts of the principle where it was not required because it aligned with their business values.
The CROs identified the adaptation of their risk framework to define, measure, and monitor the outcomes for consumers as their main challenge. This would require significant changes to policies, procedures, and operational risk processes. Although a distinct risk appetite metric was discussed, the uncertainty in the granular assessment and measurement of risk factors made it difficult to define. Defining a headline risk appetite measure for consumer outcomes was also complex due to the diverse customer groups and products, requiring a variety of KPIs/KRIs to be appropriately weighted.
The group emphasised the importance of adapting their culture using accountability and incentives to deliver a framework with a consumer-centric strategy.
The group discussed a significant increase in data requirements, particularly in product features, customer journeys, and customer scenarios, which are unlikely to be supported by current data strategies and systems at the frequency required.
They noted that current data collection is not customer-centric enough to measure good and bad outcomes for each individual customer and instead relies on aggregate or current risk segment assessments.
An individual customer view is much more important now, particularly where customer needs/outcomes differ. Evidencing that this is happening is crucial for compliance. However, to do this effectively greatly increases the data capture and processing/analytical requirements.
Some participants raised concerns over becoming a de-facto audit/oversight to third parties. There was an eagerness to see some further guidance or case studies from the FCA to determine what is proportional in this context.