tcf, conduct risk and complaints handling - … · baseline knowledge – tcf company...
TRANSCRIPT
TCF, Conduct Risk and Complaints HandlingAn Internal Audit Perspective
8 July 2013Tom Lewis, Steven Pope
Unrestrictd distribution
Part 1: Baseline KnowledgeTCF, Conduct Risk and the Financial Conduct Authority
Unrestricted distribution 2 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Baseline Knowledge – TCF
Company confidential/Internal use only/Unrestricted distribution *Delete as appropriate
By December 2008 the FSA expected firms to be able to demonstrateto that they are consistently treating their customers fairly. RegulatedFS firms need to have controls in place to achieve the six TCFoutcomes
• Outcome 1: Consumers can be confident that they are dealing with firms where the fairtreatment of customers is central to the corporate culture.
• Outcome 2: Products and services marketed and sold in the retail market are designedto meet the needs of identified consumer groups and are targeted accordingly.
• Outcome 3: Consumers are provided with clear information and are kept appropriatelyinformed before, during and after the point of sales.
• Outcome 4: Where consumers receive advice, the advice is suitable and takes accountof their circumstances.
• Outcome 5: Consumers are provided with products that perform as firms have led themto expect, and the associated service is of an acceptable standard and as they havebeen led to expect.
• Outcome 6: Consumers do not face unreasonable post-sale barriers imposed by firmsto change product, switch provider, submit a claim or make a complaint.
3 | TCF, Conduct and Complaints Handling | 8 July 2013
TCF
Out
com
es
The FCA and the advent of Conduct RiskThe FCA was created under the Financial Services Act 2012. This laid out the following statutory objectives for the FCA.
1. Delivering Consumer Protection - Securing an appropriate degree of protection for consumers.
2. Enhancing Market Integrity - Protecting and enhancing the integrity of the UK Financial System.
3. Building Competitive Markets - Promoting effective competition in the interest of consumers.
Important: A consumer is any user of financial services. It is not limited to retail customers
Unrestricted distribution 4 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
How the FCA will operateIn March 2013 the FCA published its 2013 Risk Outlook and its Business Plan. These documents confirm the focus on fair outcomes for customers
FCA ApproachPillar 1
Firm systemic framework
Answers the question: “does the firm have the interests of its customers and the integrity of the market at the heart of how the business is run?”
Pillar 2
Event-driven work
Deals with issues that are emerging or have happened and are unforeseen in their nature. The FCA will act faster and more decisively.
Pillar 3
Issues and products
Driven by sector risk assessments of what is currently and prospectively driving poor outcomes for consumers and market participants. Findings and remedial actions will usually be extended to all firms that might be affected by the risk in question.
Unrestricted distribution 5 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
When firms don’t get it rightThe FCA will be an interventionist regulator
• Intervention in products or promotions
• Greater use of skilled persons reviews
• 2013/14 enforcement priorities:§ Reinforcing expectations of wholesale markets by taking decisive action where firms fail to
manage risks effectively or observe proper standards of market conduct;
§ Removing from the industry the firms or individuals who do not meet our standards;
§ Continuing to pursue aggressively the firms or individuals who abuse UK markets by using our criminal and civil powers;
§ Taking tough action where firms fail to treat customers fairly, penalising those who are responsible and ensuring that redress is effective; and
§ Delivered quickly.
Unrestricted distribution 6 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Part 2: The customer agendaRisks, Trends and Outcomes
Unrestricted distribution 7 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Discussion Question:
What impacts are our firms feeling so far?
Unrestricted distribution 8 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
FCA Business Plan 2013/2014The FCA published its first Business Plan in March 2013, laying out its approach and priorities for the year ahead.
RiskFirms do not design products or services thatrespond to real consumer needs or are inconsumers’ long-term interests.Distribution channels do not promotetransparency for consumers on financialproducts and services.Over-reliance on, and inadequate oversight of,payment and product technologies.Shift towards more innovative, complex or riskyfunding strategies or structures that lackadequate oversight, posing risks to marketintegrity and consumer protection.Poor understanding of risk and return, combinedwith the search for yield or income, leadsconsumers to take on more risk than isappropriate.
Customers may not receive the products they need and the service they can reasonably expect
Unrestricted distribution 9 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Customer OutcomesThe FCA has identified many areas where they see risk of poor customer outcomes … Examples:
3
Payments to investment platforms
Mobilepayment
innovations
ProductComplexity
Financial promotions
Retail investment
advice
Charging structures
ProductDesign
Price comparison
firms
Investment replacement
business
Retail hedging products
Mortgage arrears &
forbearance
Competition
Complaints Management
Conflicts in asset
managementProduct stress testing
Biases & heuristics
“PPI replacement”
Incentiveschemes
Payment Services
Regulations
Over-segmented distribution
chains
Unrestricted distribution 10 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Good PracticeAcross the industry, firms are supplementing their existing TCF controlframeworks with Conduct governance frameworks. This will include, but mightnot be limited to:
Policy• Set firm’s own definition
of Conduct Risk
• Clear roles and responsibilities at all levels of the firm
• Identify conduct risks faced by the firm
• Determine MI needs
Roll-out• Training to front line,
second line and internal audit.
• Monitor management of TCF / Conduct risks, including complaints.
• Reassess the audit plan from a conduct perspective.
Governance• Define accountability.
• Committee structure.
• Embed conduct in strategic decision making and across the product lifecycle.
• Are escalation thresholds necessary?
Unrestricted distribution 11 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Part 3: Complaints A Window into Fairness and Conduct
Unrestricted distribution 12 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Discussion Question:
How can complaints help to ensure good customer outcomes?
Unrestricted distribution 13 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Read Between the Lines – What do complaints tell a Firm?“Complaints are customer feedback. This is your customers telling you what you didwrong.” Natalie Ceeney, Chief Executive Financial Ombudsman Service
• Helps to measure culture• Does senior management instill a culture where complaints are treated fairly?
• The impact on customers of new products or amendments toexisting products or established products.
• Is the firm targeting the right market?• Have customers received products that meet their needs?• Are the business processes suitable to service and provide support to
customers in a post sale environment?• Which of the Firm’s product features are redundant and/or posses significant
residual risks?• Does the product literature provide all customers with clear and transparent
information?
• Validate the effectiveness of the complaints training.• Are staff following the established complaints policies and procedures?
Unrestricted distribution 14 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Part 4: Complaints HandlingAn Internal Audit Approach
Unrestricted distribution 15 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Internal Audit ApproachAcross the industry, internal audit functions are using various audittechniques to review Complaints Handling. The example illustratedbelow sets out an example approach to review Complaints Handling:
Scoping• Review complaints handling
process
• Define control objectives
• Define the types ofcomplaints in scope
• Identify key regulations forComplaints Handling (DISPetc.)
Testing• Controls v Outcome
based testing
• Define key data required for
the testing approach
• Automated testing (CAATTs –Computer Audit Assisted Tools &Techniques)
• Define sampling approach
Reporting• Assess overall rating of
complaints handling.
• Rate audit issuesH,M,L and considerimpact.
• Develop action plans /recommendations withmanagement tomitigate risks identified.
Unrestricted distribution 16 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Scoping Complaints Handling Process Overview -Best Practice – (Source FCA)
Policies & Procedures
Training and Validation of
Learning
Investigation Investigation and decision-
making on outcome and
redress
Results clearly & Timely
Communicated
Quality Assurance
Root Cause Analysis
Action to remedy
underlying issues
Unrestricted distribution 17 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Scoping
Key Regulations FCA - Dispute Resolution (DISP): Complaints
1. Application – DISP 2.7
2. Management of Companies – DISP1.2-3
3. Timing – DISP 1.6.1/2
4. Complaint Forwarding Rule
5. Complaint Recording Rule - DISP 1.9
6. Complaint Reporting – DISP 1.10, DISP 1.10.4
7. Complaint Publishing Rules
8. Records – DISP 1.1.3R(2), DISP 1.9R
9. Payments - Reg 70
Unrestricted distribution 18 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Scoping
Complaints In Scope1. First Point of Contact (FPOC) - Complaints received from the
customer (or their authorised representative)
2. General Escalations – Complaints escalated from FPOC asunresolved or due to being a “Fast Track” e.g. Alleged Misselling,Marketing exclusions
3. Specialist Complaints – Complaints escalated from GeneralEscalations due to nature of complaint or due to being “Fast-Track”complaint e.g. FOS activity on complaints
Unrestricted distribution 19 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Scoping Define Specific Control Objectives - (Best Practice)
1. All complaints are captured promptly and accurately.
2. Complaints are resolved fairly, consistently and promptly.
3. Complaint root causes are identified, evaluated and appropriatelyescalated.
4. Actions to remedy underlying issues are adequate and appropriate.
5. Complaints are reported in line with Group and Regulatoryrequirements.
Unrestricted distribution 20 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Testing ApproachCONTROL OBJECTIVES
EXAMPLE TESTING STRATEGIES
1. All complaints arecaptured promptlyand accurately.
1. Mystery Shopping (completeness)2. Desktop Review of Complaints Handling
Procedures (Inference on completeness)3. Review of QA testing Over Complaints
Records (accuracy)
2. Complaints are resolved fairly, consistently and promptly.
Sample review of resolution for customers(focusing on complaints not resolved incustomer’s favour) was the outcome appropriatewith regards to FCA Disp. Rules and firms policy.
Unrestricted distribution 21 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Testing ApproachCONTROL OBJECTIVES EXAMPLE TESTING STRATEGIES3. Complaint root causes
are identified, evaluatedand appropriatelyescalated.
1. Classification – Review types andnumber of categories are appropriate(circa 250 categories maybe lessmeaningful than say 50 categories).
2. Review of QA testing over ComplaintsRecords (accuracy)
3. Information – Is the detail appropriate tomake informed decision i.e. answer thewhy?
4. Escalation – Forum/Committeeappropriately empowered to authorizeaction plans.
4. Actions to remedyunderlying issues areadequate and appropriate.
1. Are key success indicators set andmonitored
Unrestricted distribution 22 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Testing ApproachCONTROL OBJECTIVES
EXAMPLE TESTING STRATEGIES
5. Complaints arereported in line withGroup and RegulatoryRequirements
1. Review a sample of internal and externalreturns to ensure that information providedinternally and externally to regulators.
Unrestricted distribution 23 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Testing Approach – Types of Outcome TestingOUTCOME TESTS EXAMPLE TESTSFCA Timeliness Check Conduct a specific automated test over the
population of data to identify cases that havebreached FCA timelines (8 Weeks).
Limits of Authority Checks
Conduct a specific automated test over thepopulation of customer redress payments toidentify cases that have been paid outside ofinternal limit authorities.
Payment Timeliness / Accuracy
Conduct a specific automated test to identifypayments have been accurately and promptlypaid to customers.
Payments Consistency Conduct a specific review of the amounts paid tocustomers for certain events in order to ensurepayment consistency.
Unrestricted distribution 24 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Reporting Example - Factors that may suggest a “Less Than Satisfactory” Result1. Complaints are not captured promptly and accurately .
2. Complaints are not resolved fairly, consistently and promptly.
3. Complaint root cause analysis is not sufficient and management donot act on the analysis provided.
4. KRI’s are not defined or monitored.
Unrestricted distribution 25 | TCF, Conduct Risk & Complaints Handling | 8 July 2013
Reporting
Company confidential/Internal use only/Unrestricted distribution *Delete as appropriate26 | Barclays presentation title | 30 January 2012
Action Plans
“Good” action plans will ensure that control implemented is:
– Performed by the appropriate person at the appropriate level.Consideration should be give to the level of skills and seniorityrequired for the control to be performed effectively.
– Performed at the appropriate stage in the process. Considerationshould be given to whether the control should be performedearlier or later in the process and whether the frequency ofoperation is sufficient to mitigate the risk.
– Sustainable. Consideration should be given to whether the controlis designed to operate effectively if business volumes increase orif the regular operator is absent.
– Evidenced. Consideration should be given to whether theevidence of operation of the control is sufficient to be able toconclude that it has operated effectively.