With conduct being such a hot button issue right now, Radar examines the evolving approach to training a bigger universe on conduct rules and their own definitions of good and bad conduct.
Life for financial services firms is always changing. Regulators like to keep them on their toes with shiny new challenges. The advent of new regimes, such as the UK Senior Managers and Certification Regime (SMCR), will often see replication in other regions if the application and rationale make sense globally – Australia has the Banking Executive Accountability Regime, while Hong Kong has the Manager-in-Charge Regime.
Compliance training keeps evolving and remains an integral part of the need to continually educate a workforce that must be conversant with changing regulation and its subtle nuances. Conduct, and the expectations of management and regulators alike, is a relatively new requirement; training on conduct rules is even more nascent.
We spoke to a head of EMEA compliance at a global investment bank headquartered in North America, who said, “I think all banks are struggling with conduct training right now. We send email updates, but we send them from the SMF as this is more likely to get attention than just another email from Compliance. The same goes for any face-to-face interactions which are hard to execute as you need to get everyone in the room at the same time. Plus, how do you know if it has been effective? I am personally skeptical about basic computer based training (CBT). Scenario-based CBT is better but it can be too obvious and too easy to guess the right answer. We had a ‘conduct’ team at my last firm but these specialised units can grow isolated and get very out of touch with the business.”
This experienced compliance head goes on, “it is better to be subtle and do training consistently and regularly so people are not so aware they are being trained. Actually defining what ‘conduct’ means to the firm and their role is a very good starting point. Our new head of macro has been doing fireside chats with people to help educate them and glean information from them at the same time. For example, he might ask them what they think spoofing is. People get very engaged in this sort of dialogue. But then the hard bit is to actually demonstrate effectiveness, and to measure any improvement in conduct driven by the training.”
In the Financial Conduct Authority’s Senior Managers and Certification Banking Regime Stocktake Report (5 August 2019), the UK regulator stated, “interviewees believed that staff generally understand the conduct rules. However, our evidence suggests that firms have not always sufficiently tailored their conduct rules training to staff ’s job roles.”
“Firms are often using their own values to articulate how they bring the conduct rules to life. However, there was insufficient evidence to be confident that firms have clearly mapped the conduct rules to their values.”
“Many firms were often unable to explain what a conduct breach looked like in the context of their business.” FCA commented, “the conduct rules are a critical foundation for firms’ culture and the conduct of individuals. It is essential that staff understand the rules and how they apply to them. Under the Financial Services and Markets Act, firms must:
- notify all relevant persons of the conduct rules that apply in relation to them;
- take all reasonable steps to secure that those persons understand how those rules apply in relation to them.
This must include the provision of suitable training.”
Vaughan Edwards, Director and Compliance expert at Medius Consulting supports this view, “firms have not always sufficiently tailored their conduct rules training to their business and circumstances. Appropriately tailored conduct training means more than just a front office and back office version, but nor do you need 43 different flavours. What you do need is to be clever about how you do it, as responsibility for compliance with the Conduct Rules is a prescribed responsibility and not just something that it is sensible to do.”
He continues, “Whoever owns the prescribed responsibility, and it increasingly tends to be the Head of Compliance, needs to be confident that if something conduct-related happens, people are not in a position to be able to say they were unaware of the types of conduct expected of someone in their particular role eg a sales/trader. There is a risk that Conduct Rules training content will focus far more on those in sales and trading roles and not enough on those in support functions. Given the increasingly broad definition of conduct, this risks failing to create adequate awareness amongst employees who will have received very little attention in the past.”
“A good example would be someone engaged in sourcing corporate insurance where entertainment practices and the cultural issues that have come to light at the Lloyd’s market need to be clearly highlighted as potential sources of conduct risk in their role.”
He adds, “getting clever about this is perhaps best approached by not just having the same person in Compliance delivering the training; instead get someone to be a partner from that department who gets engaged so that when it is delivered it is much more credible and relevant with real examples that people can relate to (especially if you can point to a peer firm or even a colleague they all know).”
“This flows through to why it is not being done well; it is being poorly delivered. FCA has made it clear that defaulting to CBT just does not work for conduct rules training. I would caution firms to look beyond training content alone. Excellent conduct training can be fundamentally undermined if the training culture is poor. For example, it should not be acceptable for employees – let alone senior employees – to turn up 15 minutes late, sign attendance sheets and then leave early. Lock doors once the training starts and only get attendance sheets signed once it has finished.” Vaughan reminds us, “in addition to the conduct rules for everybody, you have the conduct rules for senior managers. If you want to help these people to discharge ‘reasonable steps’ and build the right ‘reasonable steps’ framework, this is best combined with telling them about the conduct rules for senior managers. These are there to ensure senior managers are on top of controlling the business effectively, that systems exist and work, and particularly if you are delegating, that you are doing this correctly. This is part of an effective, ‘reasonable steps’ framework which details how the delegation gets overseen etc.”
He concludes, “if I was in charge of compliance I would probably not look to do two channels of training, which would be conduct rules training and then conduct training. You can tie the two together and say ‘here are the conduct rules and here is an example of good and bad conduct’. So you tick the regulatory requirement box and also stress how important it is to get this right, and the implications for the individual if they do not.”