A new toolkit from the Financial Stability Board (FSB) contains plenty of familiar weapons in an arsenal designed to combat misconduct and redirect enforcement to individuals rather than firms.
But its intent goes beyond the courtroom or the regulators’ parlour. It recommends ways to assess firm culture and drive the organisational change that will prevent misconduct from ever occurring.
As a result, many of the new FSB tools that are likely to be adopted by global regulators could have an impact far beyond traditional compliance and legal departments.
These tools reach deep into the daily practices of business divisions and those that support them, such as human resources, communications, strategy, and compensation.
They also involve solutions less familiar to compliance teams, such as vision creation, culture and employee surveys, a myriad of new data points for analysis, organizational change, and employee engagement. Accountability will need to be embedded in internal processes, as well as through external supervision.
Bringing such a broad range of people and approaches into the compliance spotlight is already part of some regulatory regimes, but the toolkit suggests there will be much more to come.
Preventing misconduct before it occurs
Unsurprisingly for a body set up by the G20 in direct response to the financial crisis, and charged with promoting global financial stability, the FSB has been instrumental in driving post-crisis regulatory reform.
While its work is not strictly binding on G20 member states, experience suggests that regulators see the FSB’s recommendations as a guide to best practice and tend to implement it.
Furthermore, while the toolkit is designed primarily for banks, many of the regulators responsible for implementing FSB measures have responsibility for a much wider group of firms. As such, measures will likely be extended quickly across the broader swathe of the financial services industry.
The toolkit sets out 19 tools for use by regulators as well as firms, with these tools straddling three key areas of misconduct risk. These areas are: the role of poor culture in driving misconduct within financial institutions; a lack of individual responsibility and accountability; and finally, the problem of “rolling bad apples”, where individuals move jobs and earlier misconduct is not disclosed to the new employer.
Some of the tools are familiar – increased cross-border coordination between regulators, and the focus on individual accountability, for instance.
Less familiar to many will be an emphasis on enhanced recruitment screening, interview techniques, performance review and a rolling in-depth ‘psychoanalysis’ of a firm’s culture.
Bad people or bad culture?
The toolkit is, in some ways, a response to the 10 years of regulatory experience since the financial crisis.
Regulators remain acutely aware of public and political criticism that financial institutions bought their way out of wrongdoing post-crisis, while senior executives escaped unscathed. Since 2007/2008, global banks have paid fines and incurred legal costs of more than $320bn, yet very few of those who oversaw the conduct which led to those fines have suffered direct consequences.
Conversely, the role of the firm in controlling or guiding the conduct of the individual was not lost on the judge presiding over the U.S. trial of the only Wall Street executive jailed for GFC misdeeds, who scathingly described his behavior as “a small piece of an overall evil climate within the bank and with many other banks.”
Recent scandals, such as Wells Fargo’s account opening incentives, have only heightened the public perception that nothing has really changed. Some regulators have responded to these political pressures by shifting their focus from institutions to individuals.
New laws, such as the UK’s Senior Managers Regime and Hong Kong’s Manager in Charge Regime, mandate the identification of those responsible for key areas of a financial institution’s business lines. These regimes are designed to make it easier for regulators to identify those responsible for overseeing misconduct when it occurs. Whilst not their stated aim, these new rules will be a powerful aid to regulators, allowing them to better target disciplinary and enforcement action at individuals.
Prosecutors around the world have also responded. In October 2017, US Deputy Attorney General Rod Rosenstein reaffirmed Department of Justice policy in this area to an audience at New York University. “Federal prosecutors should be cautious about closing investigations in return for corporate payments,” he said, “without pursuing individuals who broke the law.
However, only six months earlier at the same venue, Mark Steward, head of enforcement and market oversight at the UK’s Financial Conduct Authority, made an equally important point, “that the question of firm or individual liability is not a simple binary either/or question of policy or attitude.”
So, when does an individual’s bad behavior become the firm’s bad behavior or culture – and vice versa?
The FSB suggests a range of practical ways for firms to grapple with the relationship between individual behavior and corporate culture.
It suggests first that senior management should consider whether any of 21 key cultural drivers of misconduct are displayed in their organization.
These drivers include a lack of accountability for misconduct, a mismatch between leaders’ words and actions, as well as a “tone from the middle” which is inconsistent with the “tone from the top”.
Others include those related to decision-making in an organization, a lack of challenge and debate, decision-making dominated by business lines, and a lack of diversity and inclusion leading to “group think”.
Also listed are a lack of psychological safety within the firm, a reluctance to accept bad news, a lack of transparency upwards, and the normalization of misconduct.
But perhaps the most interesting driver of all is having a mindset/ambition that does not take account of all relevant stakeholders, including customers, markets and society. While we are used to seeing regulators hold firms to account vis-a-vis their impact on markets and customers, the reference to society more broadly is potentially a game changer.
In the context of these and the other drivers identified, the potentially Sisyphean task that the FSB sets for senior management is to articulate a “clear cultural vision” that guides appropriate behavior within the firm.
The FSB has emphasized that this should be a data and risk-driven cultural vision which specifically addresses the types of misconduct risk already identified by senior management as present in their firm.
As part of this task, the FSB envisages firms compiling their own additional significant drivers of misconduct, by analyzing a broad set of information to identify what drives staff behavior.
The FSB suggests a broad range of qualitative and quantitative data sources for firms to consider when assessing the drivers present in their workplace. Some of this data and analysis may already exist – statistics on compliance training, whistleblowers, or performance management issues, for instance.
However, the FSB also suggests other measures and data sources, such as diversity and inclusion statistics, employee engagement surveys, and social media monitoring, to properly gauge a firm’s true culture.
The final, and perhaps most important, tool suggested by the FSB is for firms to take action to shift behavioral norms once this “psychoanalysis” is complete.
This could include formal measures, such as reworking compensation and incentives, and informal measures, such as engagement with staff to improve psychological safety and increase employee willingness to call out misconduct.
Stopping a bad apple spoiling the barrel
How to deal with the issue of repeat offenders or “bad apples” migrating from firm to firm is a trickier problem for the FSB.
Its suggested tools in this area rely almost exclusively on better due diligence by the hiring firm, up to and including a review of the social media accounts of potential employees. However, importantly, the toolkit stops short of saying that regulators should require firms to disclose former employees’ misconduct to new potential employers.
This is unsurprising given the considerable employment law issues that can arise in many jurisdictions over the disclosure of this sort of information by a previous employer, particularly where the exit has involved agreements, or negotiated exits that impose confidentiality. That said, it does raise questions about the likely effectiveness of the FSB’s toolkit in this area.
However, the key takeaway from the toolkit on this issue is the increased scrutiny we are likely to see regulators apply to the work of human resources and employee-related teams. The Monetary Authority of Singapore foreshadowed this shortly after the release of the toolkit, adding human resources to the functions captured by its draft senior manager regime. We would not be surprised if this inclusion was copied by other regulators around the world.
Addressing the whole culture of the firm
For compliance and legal teams, the breadth of tools offered by the toolkit may be bewildering. It outlines a more holistic approach to misconduct than the adversarial model of enforcement and fines to which the industry has become accustomed.
Many tools will require sophisticated partnerships between other business lines, such as human resources and strategy, and require frontline business heads to endorse new styles and structures.
For some firms, these approaches may not be new – but by default such firms are therefore the least likely to have cultural problems.
Perhaps those challenged by the implementation of these elements of the toolkit have identified their first indicator of poor culture.
Any change of this type and breadth is difficult to embed, and is likely to take considerable time and resource. Regardless, the fact remains that cultural change is cheaper long term than ongoing corporate fines that drain investment, management time, reputation, and shareholder returns.
William Hallatt heads the Herbert Smith Freehills Financial Services Regulatory practice in Asia and has over a decade of experience in advising on matters in this arena, both in an advisory and a contentious context