Speech by Sheree Howard, Executive Director of Risk and Compliance Oversight.
Speaker: Sheree Howard, Executive Director of Risk and Compliance Oversight
Event: XLOD Global London
Delivered: 15 November 2023
Note: This is the speech as drafted and may differ from the delivered version
Highlights
- Heightened financial pressures mean making careful judgements around risk but should not mean dropping standards.
- A firm's 3 lines of defence should be separate but cohesive.
- Creating a culture of fearlessness, not fear, where employees can speak up and employers listen up is vital for healthy cultures.
- An organisation with a lack of diversity, equity and inclusion is at much greater risk of not having a healthy culture.
Introduction
A long, long time ago, in a land far away – well the 1980s and New Zealand to be precise – amidst a social shift of deregulation and free markets – an ambition took shape to make homes more affordable, to meet rising demand more quickly.
But, less than 20 years later, it culminated in a series of building failures that became known as New Zealand’s biggest human made disaster – the leaky homes scandal.
Families suffered ill health when homes – often built in a fashionable, Mediterranean style that was woefully unsuited to New Zealand’s wet climate – turned black with mould.
Many suffered near financial ruin – spending life changing sums to fix the leaks and yet were often still left with unsellable homes.
A number of factors had caused this crisis: Peter Dyer, an investigative journalist, blames it on officials making decisions to replace regulation and inspectors with a performance-based system which effectively meant allowing the market to police itself.
Industry regulators were stripped of powers.
Builders were suddenly allowed to use untreated soft timber in the construction of homes.
Shoddy workmanship was also blamed.
However, the real scandal was that the main ambition of providing more homes at a lower cost failed.
Ordinary citizens had to bear the cost through increased council tax bills to mitigate the nearly 50 billion dollar – (nearly £25 billion) – disaster.
Lessons in challenging a culture
There are lessons here for us all to learn. One is that the execution of a plan is as vital as ideology and purpose.
You should ask yourself not just do you have the right plans, but do you have clear sight of the breadth of risks you face and with them the controls needed to manage them? For without them there is every chance that your firm’s outcomes could also be the exact opposite of what was desired.
Another lesson is that participants should never feel fear to challenge. These reforms to construction came at a time when New Zealand was undergoing huge liberalisation across its public and financial services – sound familiar?
Even in transparent, modern democracies, it can be tough to be an outlier and to question the prevailing mindset. Even more so within a firm.
Yet that is exactly what we must all do – regardless of whether we are in the first line of defence, second or third.
Indeed, the leaky homes controversy depicts the dangers of what may happen when our lines of defence are totally blurred and rendered toothless – or when groupthink temporarily blinds us into acquiescence.
One of our key current concerns is how concentration kills – particularly when it is unintended.
Often these things emerge in moments of market strain. In the last 18 months, for example, we have had issues where banks didn’t know that some of their counterparties were in fact related (concentration); or that their counterparties had huge exposure to other banks too (concentration); or where firms had underestimated the extent to which specific markets were made up of similar actors with similar incentives (concentration), so that when one stopped buying they might all stop.
The examples of Archegos and the LDI pensions shock spring to mind.
There is also an enormous risk when we concentrate only on our own firm and its culture and practice without realising what may be playing out or potentially waiting in the wings elsewhere.
We have also seen how different types of risk can transform. What may start as conduct, operational, or reputational risk can swiftly transform into liquidity or solvency risk. And in the event of liquidity or solvency challenges…there are often new conduct, operational or reputational challenges to manage.
Very simply, risk upon risk upon risk. And if you haven’t updated your stress assumptions in the last 18 months – it is time to do so!
The wise person builds their house on rock, not sand.
Feel the fear and ask anyway
Too often, we think of attitudes to risk as being something that we bolt-on to culture when in fact, risk culture is integral to an organisation’s core purpose.
For a healthy, purposeful culture to thrive, we have to create an atmosphere of fearlessness, not fear.
One thing I would implore you all to ask yourselves is: what are you frightened of asking your organisation and why?
There should be no ‘no-go’ zones.
And before you think ‘easy for the regulator to say’ – please remember I have sat where you are and faced a number of situations where I have had to go against the grain – it is not easy, but it is the right thing to do.
I remember being asked by someone a long time ago to review something from every angle possible as they didn’t like the answer the modelling gave: which was that the investment was at risk of being a white elephant. I redid the paper; I revisited the assumptions and reviewed the model; I chose my language differently but ultimately, I could not change the answer so it had to remain.
Being able to challenge – even the boss – is crucial. Employees should feel free to speak up and even more importantly, bosses should feel compelled to listen up.
We can all point to examples of where this could have avoided fall outs or even firm failures.
And risk can transform and ultimately engulf an organisation.
A culture that tolerates nonfinancial misconduct is unlikely to be one in which people feel able to speak up and challenge decisions.
Nor is it one in which they will have faith that concerns will be considered independently and fairly.
It also raises questions about decision making and risk management in the firm.
We have seen instances of non-financial misconduct having financial consequences.
Should allegations or evidence of non-financial misconduct come to light we expect a regulated firm to take them seriously through appropriate internal procedures and act accordingly.
Our recent letter to wholesale banks highlights our expectations in this space, and one which I would implore all of you here today to read.
It has also been well documented that an organisation with a lack of diversity, equity and inclusion is at much greater risk of not having a healthy culture.
Diversity of perspectives and thought, when part of an inclusive culture, reduces group think, and results in stronger and better governance, decision making and risk management.
It can enhance the safety and soundness of firms, policy holder protection and outcomes for markets and consumers.
We have a consultation which is running on this topic and we would urge you all the engage in it if you have not already done so.
Heightened financial pressures can lead to rash decisions
We know the tighter fiscal climate can lead to heightened pressure on performance and profitability. It might even be tempting to take more risks around conduct and regulation.
But I would implore you to think of the consequences.
We do not want a repeat of the conduct events that followed the 2008 financial crisis or those that were intimated during the Covid pandemic, not when we are still feeling the repercussions today and not when so many of you have worked so hard to claw back that trust for the industry.
We recognise to secure a return you need to take some risk and we know that we need to get the balance right between risk and investor protection and these are not always straightforward judgements.
But a challenging environment must not lead to diminishing standards, short cuts to vital processes, a reduction in the control framework or changes in the investment in or behaviour of our lines of defence, by short term commercial interests being prioritised over regulatory obligations.
We will continue to look for signs of similar behaviour. Boards and senior management need to provide an unambiguous tone from the top on the importance of good conduct.
As a regulator, we hugely value the second and third lines - they should play a key role in assisting senior management with its oversight of business activities. Each have different tools; each have different lenses, and together they ensure that firms are doing right by everyone.
In all things and in each line, acting early when something is awry can prevent it from spiralling out of control – so challenge whenever you have doubt – better to be proved wrong than to watch the house sink around you when you could see the foundations cracking long before.
Remember, when considering how the FCA may deal with an event of concern, we will often take into account the quality and independence of a firm’s third line of defence.
If the firm has a robust Internal Audit function, we will often trust them to investigate or validate something.
If not…we will be forced to reach for other regulatory tools – such as digging deep ourselves or commissioning a skilled person.
Good lines of defence protect a firm – you can all think of this as a regulatory dividend.
Conclusion
Finally, we know times are tough and that you are all under ever greater pressure but right now, is exactly the time to maintain and to resist any temptation to lessen standards or let things slide.
Good risk management protects profitability.
Do what you can to infuse your culture with fearlessness.
Take heed of your culture of diversity, equity and inclusion.
Closely scrutinise your 3 lines of defence to ensure they are separate but cohesive – for that is what we are doing.
That way, your firms and our markets will not just thrive but remain – hopefully – safe as houses built on solid rock.