tcf, conduct risk and complaints handling - … · baseline knowledge – tcf company...

TCF, Conduct Risk and Complaints HandlingAn Internal Audit Perspective

8 July 2013Tom Lewis, Steven Pope

Unrestrictd distribution

Part 1: Baseline KnowledgeTCF, Conduct Risk and the Financial Conduct Authority

Unrestricted distribution 2 | TCF, Conduct Risk & Complaints Handling | 8 July 2013

Baseline Knowledge – TCF

Company confidential/Internal use only/Unrestricted distribution *Delete as appropriate

By December 2008 the FSA expected firms to be able to demonstrateto that they are consistently treating their customers fairly. RegulatedFS firms need to have controls in place to achieve the six TCFoutcomes

• Outcome 1: Consumers can be confident that they are dealing with firms where the fairtreatment of customers is central to the corporate culture.

• Outcome 2: Products and services marketed and sold in the retail market are designedto meet the needs of identified consumer groups and are targeted accordingly.

• Outcome 3: Consumers are provided with clear information and are kept appropriatelyinformed before, during and after the point of sales.

• Outcome 4: Where consumers receive advice, the advice is suitable and takes accountof their circumstances.

• Outcome 5: Consumers are provided with products that perform as firms have led themto expect, and the associated service is of an acceptable standard and as they havebeen led to expect.

• Outcome 6: Consumers do not face unreasonable post-sale barriers imposed by firmsto change product, switch provider, submit a claim or make a complaint.

3 | TCF, Conduct and Complaints Handling | 8 July 2013

TCF

Out

com

es

The FCA and the advent of Conduct RiskThe FCA was created under the Financial Services Act 2012. This laid out the following statutory objectives for the FCA.

1. Delivering Consumer Protection - Securing an appropriate degree of protection for consumers.

2. Enhancing Market Integrity - Protecting and enhancing the integrity of the UK Financial System.

3. Building Competitive Markets - Promoting effective competition in the interest of consumers.

Important: A consumer is any user of financial services. It is not limited to retail customers


How the FCA will operateIn March 2013 the FCA published its 2013 Risk Outlook and its Business Plan. These documents confirm the focus on fair outcomes for customers

FCA ApproachPillar 1

Firm systemic framework

Answers the question: “does the firm have the interests of its customers and the integrity of the market at the heart of how the business is run?”

Pillar 2

Event-driven work

Deals with issues that are emerging or have happened and are unforeseen in their nature. The FCA will act faster and more decisively.

Pillar 3

Issues and products

Driven by sector risk assessments of what is currently and prospectively driving poor outcomes for consumers and market participants. Findings and remedial actions will usually be extended to all firms that might be affected by the risk in question.


When firms don’t get it rightThe FCA will be an interventionist regulator

• Intervention in products or promotions

• Greater use of skilled persons reviews

• 2013/14 enforcement priorities:§ Reinforcing expectations of wholesale markets by taking decisive action where firms fail to

manage risks effectively or observe proper standards of market conduct;

§ Removing from the industry the firms or individuals who do not meet our standards;

§ Continuing to pursue aggressively the firms or individuals who abuse UK markets by using our criminal and civil powers;

§ Taking tough action where firms fail to treat customers fairly, penalising those who are responsible and ensuring that redress is effective; and

§ Delivered quickly.


Part 2: The customer agendaRisks, Trends and Outcomes


Discussion Question:

What impacts are our firms feeling so far?


FCA Business Plan 2013/2014The FCA published its first Business Plan in March 2013, laying out its approach and priorities for the year ahead.

RiskFirms do not design products or services thatrespond to real consumer needs or are inconsumers’ long-term interests.Distribution channels do not promotetransparency for consumers on financialproducts and services.Over-reliance on, and inadequate oversight of,payment and product technologies.Shift towards more innovative, complex or riskyfunding strategies or structures that lackadequate oversight, posing risks to marketintegrity and consumer protection.Poor understanding of risk and return, combinedwith the search for yield or income, leadsconsumers to take on more risk than isappropriate.

Customers may not receive the products they need and the service they can reasonably expect


Customer OutcomesThe FCA has identified many areas where they see risk of poor customer outcomes … Examples:

3

Payments to investment platforms

Mobilepayment

innovations

ProductComplexity

Financial promotions

Retail investment

advice

Charging structures

ProductDesign

Price comparison

firms

Investment replacement

business

Retail hedging products

Mortgage arrears &

forbearance

Competition

Complaints Management

Conflicts in asset

managementProduct stress testing

Biases & heuristics

“PPI replacement”

Incentiveschemes

Payment Services

Regulations

Over-segmented distribution

chains


Good PracticeAcross the industry, firms are supplementing their existing TCF controlframeworks with Conduct governance frameworks. This will include, but mightnot be limited to:

Policy• Set firm’s own definition

of Conduct Risk

• Clear roles and responsibilities at all levels of the firm

• Identify conduct risks faced by the firm

• Determine MI needs

Roll-out• Training to front line,

second line and internal audit.

• Monitor management of TCF / Conduct risks, including complaints.

• Reassess the audit plan from a conduct perspective.

Governance• Define accountability.

• Committee structure.

• Embed conduct in strategic decision making and across the product lifecycle.

• Are escalation thresholds necessary?


Part 3: Complaints A Window into Fairness and Conduct


Discussion Question:

How can complaints help to ensure good customer outcomes?


Read Between the Lines – What do complaints tell a Firm?“Complaints are customer feedback. This is your customers telling you what you didwrong.” Natalie Ceeney, Chief Executive Financial Ombudsman Service

• Helps to measure culture• Does senior management instill a culture where complaints are treated fairly?

• The impact on customers of new products or amendments toexisting products or established products.

• Is the firm targeting the right market?• Have customers received products that meet their needs?• Are the business processes suitable to service and provide support to

customers in a post sale environment?• Which of the Firm’s product features are redundant and/or posses significant

residual risks?• Does the product literature provide all customers with clear and transparent

information?

• Validate the effectiveness of the complaints training.• Are staff following the established complaints policies and procedures?


Part 4: Complaints HandlingAn Internal Audit Approach


Internal Audit ApproachAcross the industry, internal audit functions are using various audittechniques to review Complaints Handling. The example illustratedbelow sets out an example approach to review Complaints Handling:

Scoping• Review complaints handling

process

• Define control objectives

• Define the types ofcomplaints in scope

• Identify key regulations forComplaints Handling (DISPetc.)

Testing• Controls v Outcome

based testing

• Define key data required for

the testing approach

• Automated testing (CAATTs –Computer Audit Assisted Tools &Techniques)

• Define sampling approach

Reporting• Assess overall rating of

complaints handling.

• Rate audit issuesH,M,L and considerimpact.

• Develop action plans /recommendations withmanagement tomitigate risks identified.


Scoping Complaints Handling Process Overview -Best Practice – (Source FCA)

Policies & Procedures

Training and Validation of

Learning

Investigation Investigation and decision-

making on outcome and

redress

Results clearly & Timely

Communicated

Quality Assurance

Root Cause Analysis

Action to remedy

underlying issues


Scoping

Key Regulations FCA - Dispute Resolution (DISP): Complaints

1. Application – DISP 2.7

2. Management of Companies – DISP1.2-3

3. Timing – DISP 1.6.1/2

4. Complaint Forwarding Rule

5. Complaint Recording Rule - DISP 1.9

6. Complaint Reporting – DISP 1.10, DISP 1.10.4

7. Complaint Publishing Rules

8. Records – DISP 1.1.3R(2), DISP 1.9R

9. Payments - Reg 70


Scoping

Complaints In Scope1. First Point of Contact (FPOC) - Complaints received from the

customer (or their authorised representative)

2. General Escalations – Complaints escalated from FPOC asunresolved or due to being a “Fast Track” e.g. Alleged Misselling,Marketing exclusions

3. Specialist Complaints – Complaints escalated from GeneralEscalations due to nature of complaint or due to being “Fast-Track”complaint e.g. FOS activity on complaints


Scoping Define Specific Control Objectives - (Best Practice)

1. All complaints are captured promptly and accurately.

2. Complaints are resolved fairly, consistently and promptly.

3. Complaint root causes are identified, evaluated and appropriatelyescalated.

4. Actions to remedy underlying issues are adequate and appropriate.

5. Complaints are reported in line with Group and Regulatoryrequirements.


Testing ApproachCONTROL OBJECTIVES

EXAMPLE TESTING STRATEGIES

1. All complaints arecaptured promptlyand accurately.

1. Mystery Shopping (completeness)2. Desktop Review of Complaints Handling

Procedures (Inference on completeness)3. Review of QA testing Over Complaints

Records (accuracy)

2. Complaints are resolved fairly, consistently and promptly.

Sample review of resolution for customers(focusing on complaints not resolved incustomer’s favour) was the outcome appropriatewith regards to FCA Disp. Rules and firms policy.


Testing ApproachCONTROL OBJECTIVES EXAMPLE TESTING STRATEGIES3. Complaint root causes

are identified, evaluatedand appropriatelyescalated.

1. Classification – Review types andnumber of categories are appropriate(circa 250 categories maybe lessmeaningful than say 50 categories).

2. Review of QA testing over ComplaintsRecords (accuracy)

3. Information – Is the detail appropriate tomake informed decision i.e. answer thewhy?

4. Escalation – Forum/Committeeappropriately empowered to authorizeaction plans.

4. Actions to remedyunderlying issues areadequate and appropriate.

1. Are key success indicators set andmonitored


Testing ApproachCONTROL OBJECTIVES

EXAMPLE TESTING STRATEGIES

5. Complaints arereported in line withGroup and RegulatoryRequirements

1. Review a sample of internal and externalreturns to ensure that information providedinternally and externally to regulators.


Testing Approach – Types of Outcome TestingOUTCOME TESTS EXAMPLE TESTSFCA Timeliness Check Conduct a specific automated test over the

population of data to identify cases that havebreached FCA timelines (8 Weeks).

Limits of Authority Checks

Conduct a specific automated test over thepopulation of customer redress payments toidentify cases that have been paid outside ofinternal limit authorities.

Payment Timeliness / Accuracy

Conduct a specific automated test to identifypayments have been accurately and promptlypaid to customers.

Payments Consistency Conduct a specific review of the amounts paid tocustomers for certain events in order to ensurepayment consistency.


Reporting Example - Factors that may suggest a “Less Than Satisfactory” Result1. Complaints are not captured promptly and accurately .

2. Complaints are not resolved fairly, consistently and promptly.

3. Complaint root cause analysis is not sufficient and management donot act on the analysis provided.

4. KRI’s are not defined or monitored.


Reporting

Company confidential/Internal use only/Unrestricted distribution *Delete as appropriate26 | Barclays presentation title | 30 January 2012

Action Plans

“Good” action plans will ensure that control implemented is:

– Performed by the appropriate person at the appropriate level.Consideration should be give to the level of skills and seniorityrequired for the control to be performed effectively.

– Performed at the appropriate stage in the process. Considerationshould be given to whether the control should be performedearlier or later in the process and whether the frequency ofoperation is sufficient to mitigate the risk.

– Sustainable. Consideration should be given to whether the controlis designed to operate effectively if business volumes increase orif the regular operator is absent.

– Evidenced. Consideration should be given to whether theevidence of operation of the control is sufficient to be able toconclude that it has operated effectively.

Questions?

Company confidential/Internal use only/Unrestricted distribution *Delete as appropriate27 | Barclays presentation title | 30 January 2012

tcf, conduct risk and complaints handling - … · baseline knowledge – tcf company...

Documents