Authorisation is only the start of the journey for consumer credit firms

Posted: 29th January 2016

If you’re in consumer credit, you’ll be well aware of the changes and challenges in your sector over the past couple of years. So now you’ve completed the journey to FCA authorisation, what’s the next step?

The answer: Your firm must embed an ongoing approach to regulation, just as articulated in your initial application.

Remember, too, that any emerging FCA changes must also be incorporated into your plans, both operationally and in your governance and oversight, often against tight timescales.

Your firm may also choose to change or widen its range of regulated activity due to an evolving business strategy. This would mean completing a variation of permissions (VOPs) process, and means again assessing your current practice against the regulator’s expectations.

In short, authorised consumer credit firms could be at very different stages of their regulatory lifecycle at any given time, and will therefore have various different compliance pressures to consider.

With this in mind, how does a consumer credit firm ensure their ongoing oversight matches up to the plan they articulated in their authorisation application, and is in step with other business changes being made as a result of gaining authorisation?

ACHIEVING ONGOING COMPLIANCE

Whether your firm is newly regulated or has recently varied its permissions, the FCA’s requirement for you to have embedded a ‘three lines of defence’ approach to your oversight is the starting point for ongoing compliance.

A dedicated compliance monitoring function is part of the second line. It should oversee operational activity and periodically assess and report on the state of compliance to the business, recommending interventions to mitigate risk (both to the business and its customers).

In order to assist ongoing compliance and ensure the effectiveness of your team, consider your compliance function’s approach in the following areas:

1. Risk

It’s imperative that your compliance monitoring function’s activity is aligned to the general appetite for risk in your firm and its customer base. Finding the right balance between commercial and regulatory drivers is crucial. If your team is too stringent, you run the risk of impacting business performance. If it’s too accepting of risk, then you run the risk of not meeting regulatory standards. Ensuring your team is armed with the requisite subject matter expertise and experience will also be important here.

Ensure your compliance monitoring programme is risk-based, and gives the appropriate amount of time and effort to analysing key areas of risk. Some suggested categories of high priority within consumer credit firms include: complaints handling, collections, recoveries and arrears, anti-money laundering and financial crime, vulnerable customers, outsourcing, responsible lending, advice/risk warning standards and financial promotions.

2. Methodology

In order to get an accurate ongoing view of compliance in your firm, you must establish by what method your team will assess risk and its implications; what exactly will the ‘inputs’ into the compliance function be? – i.e. what will be analysed and reported on?

This could be the key risk indicators as identified by the business, regulatory hot topics, findings from internal audits, results of past dealings with the regulator, specific complaints made by customers or the performance of the business.

Consider – and be realistic about! – the capacity and competency of your team. Compliance monitoring is not a static set of requirements. Factors such as upcoming regulation, current complaints levels or whether the customer base of a product contains a high number of vulnerable customers can affect the amount of analysis that needs to be done.

3. Regularity

How regularly do you engage your compliance team for updates on the risks inherent in your business’s activity?

A clear escalation route for ad-hoc concerns is advisable, however, periodically ‘taking the temperature’ of your firm’s standard of compliance will allow you to establish a clear view of what could be on the horizon – new rules are introduced frequently, and they are likely to affect one or more of the areas that your business considers ‘high risk’.

Try to ensure that you take advantage of the expertise of your team by being proactive in preparing for upcoming change.

4. ‘Tone from the Top’

Endorsement of the work of your compliance team is imperative to its effectiveness. Business leaders must be aware of the potential operational benefits compliance brings, especially its potential to create advocacy within your customer base and produce a naturally lower frequency of complaints.

Firstly, the setup within which your compliance team operates must be conducive to their activity, i.e. should the team have concerns, escalation routes need to be clear, potential issues should be sufficiently studied and the implications made clear to a set of engaged decision makers.

Secondly, the MI produced by your compliance monitoring team should be practical, actionable and aligned to customer outcomes while still being business enabling.

5. Culture and staff incentives

Does your compliance team have a view on the way your firm’s internal culture promotes or detracts from good compliance? Would your team feel empowered to pass comment on whether your sales processes promote good customer outcomes? If they felt compelled to report that the way you incentivise your staff was driving customer detriment and your firm’s failure to mitigate risk, would this be taken seriously within your firm?

The answers to most of these questions for most firms will be ‘yes’, but it’s worth bearing in mind that this is the kind of consideration that the FCA wants firms to make as it pursues a customer outcomes-based approach across financial services.

6. Articulate and evidence

The regulator’s number one priority is ensuring good conduct for customers, and therefore being able to evidence a customer-centric approach to the design of products, processes and controls is imperative. Activities such as root cause analysis and outcomes testing can complement regulatory training for frontline staff.

Your compliance monitoring team should have clear sight of this activity, as being able to articulate the work you undertook to ensure good customer outcomes will help inform your compliance monitoring activity.

THE MESSAGE TO FIRMS

Many of these points serve to illustrate the benefits of ensuring your compliance monitoring team’s prominence within your business. In short: compliance can help you achieve your business goals.

Quite apart from the fact your team can help to satisfy regulatory scrutiny; aligning with the regulator, focusing on good outcomes for customers and getting a view of your performance in this area will help prevent future complaints and suitability issues. This can lead to fewer losses in the form of reviewing past business and remediating customers, and will ensure that issues are prevented from crystallising in your customer base.