Governance under the FCA - Sesame £6m fine

Posted: 23rd July 2013

Busy with daily workloads, we tend to disregard enforcement publications that appear unrelated to our day to day role. Whilst there are often lateral lessons from regulatory fines, the recent Sesame fine is of particular relevance to firms beyond networks. In fact, it provides insight into the regulator’s expectations regarding governance and measurement of culture under the new conduct regime for all firms.

The Financial Conduct Authority (FCA)’s view is clear: firms must have effective measures to test whether outcomes for customers are fair. If you were looking at your firm’s culture and controls today, how comfortable would you be with their effectiveness in testing and achieving fair customer outcomes?

Facts of the fine

426 customers were advised to invest over £6.1m into Key Data products between 2005 and 2009. The resulting fine was: £6,031,200.

Under 5% of the fine relates to Principle 9: Customers: Relationship of Trust i.e. failure of the firm to take reasonable care to ensure the suitability of its advice and discretionary decisions for customers entitled to rely upon its judgment

The remainder of the fine relates to Principle 3: Management and Controls – failure of the firm to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems.

The size of fine is also worth noting. It is almost equal to the total invested by customers and represents over 30 times the value of gross commission generated from the sales.

Previous warnings

In the same way that cooperative and proactive firms can reduce fines, those who sit on known problems can only expect the fine to increase. The scale of penalty in this case was linked to the accumulation of previous warnings:

FSA supervisory visits in 2005, 2007, 2009 and 2011

Skilled person review in 2010

Sesame Group Risk & Group Internal Audit review in 2012

Where firms have known issues it is important to ensure timely and robust action. Procrastination and inaction will only make the matter worse.

Ineffective controls and oversight

Identifying problems is one thing; creating a structured plan of action which is followed through to completion is quite another. Ensuring that internal controls are sufficiently robust – offering meaningful and independent challenge to the status quo – is a dilemma that all firms face to some extent.

In this case, Sesame operated a number of controls to oversee its 1,040 AR firms/1,637 advisers:

T&C Scheme/framework

Product research & recommended product list

Risk based file sampling/checking

Management Information (MI) such as product risk matrix based on analysis of sales data and from 2007

TCF dashboard including business split

Desk based file checking results

Sesame also produced and distributed a fact sheet highlighting key risks inherent in these products.

It is telling that Sesame still failed to detect and prevent the mis-selling of Key Data products despite the existence and application of the above controls. Again, we see how effectiveness and quality of customer outcome must be the driving force in internal controls.

Capturing product MI at the right level

The risks posed by Key Data could not properly be detected by Sesame’s management information (MI). The MI captured sale of products at a wrapper level, in this case SIPP, ISA and so on. It failed to record underlying funds or asset classes, such as UCIS and Key Data.

MI continues to be a challenge with many firms unable to provide a single customer view linking disparate legacy systems. Identification of fundamental business risks is challenging and often constrained by the existing IT architecture. However, Huntswood has seen the benefits amongst our clients of aligning MI to the business model and, crucially, fair customer outcomes. It is possible and, when achieved, it puts your firm in good stead for the future.

TCF culture – internal communications

The notice had much to say on TCF culture. Most significant was the reference to language used by employees in internal emails on customer files. This might seem alarming, but internal emails chains are often included in files provided to the regulator during their investigations.

As the regulator and industry looks for evidence and measures of culture (good or bad), email messages and internal communications are a simple indication of your firm’s culture. The fact that internal communications are cited in this fine is an immediately applicable lesson for us all.

Key Data overview

Broadly speaking, the Key Data products invested in a portfolio of U.S. life assurance policies with an amount retained in cash to cover the premiums due on the policies held. When the underlying insured deceased the sum assured was paid into the fund. The underlying asset class fundamentally differed to the typical funds available to the average retail investor. While there was no stock-market risk, there were inherent risks that were discreet to this type of investment, including: actuarial, liquidity and single specialist asset class.