Banking StandardsLetter from Sir Hector Sants

In response to your request, I write to offer my thoughts on the issue of the design of an effective approach to conduct regulation of banks. These observations are made in a private capacity.

General Background

There is a fundamental difference between conduct and prudential regulation in respect of the feasible role of the regulator.

Prudential regulation

In the case of prudential regulation the relevant authority can expect to achieve six outcomes:

1.Establish a set of regulatory rules primarily for capital, liquidity and resolvability. These rules should set the perimeter within which management can exercise their judgement. There are three principle outcomes to be achieved by the rules. Firstly, to significantly decrease the possibility that bad judgements by management will lead to the failure of the bank. Secondly, to ensure if it does fail that it can be resolved in a way which does not have systemic consequences for the economy. Thirdly, that any failure does not incur cost to the taxpayer.

2.Collect the right information from the banks which would enable the supervisor to make its own judgement as to the sustainability and resolvability of the bank. It is debatable however whether the supervisor should be resourced to check that the data is accurate and in particular whether the data on the quality of the individual loans is correct. I believe that a prudential supervisor should be resourced to achieve that goal. This resourcing can either come from specialists, employed directly by the regulator or by outsourcing to third parties, such as auditors, or a combination of the two.

3.Make an assessment of whether the bank has sufficient oversight mechanisms to enable the bank’s management to judge whether the prudential limits are at risk of being exceeded.

4.Ensure that the bank’s senior management have the right technical skills and necessary probity for the roles they are carrying out.

5.Deliver effective enforcement when its rules are broken. In particular, the regulator needs to have the necessary powers to both ban individuals from carrying out senior management roles for which they are not competent and to suspend them while investigations are pending. It should also have powers to attach conditionality to its authorisation of individuals. It is reasonable to give the prudential regulator powers to sanction banks through fines for failures to either maintain quality of data or have the right systems and controls.

6.Make a judgement as to whether the bank has the right culture to encourage individuals within the institution to comply with these rules. It would be reasonable for the supervisor to set rules to ensure that the individuals are incentivised by the bank itself to behave in the right way especially with regards to compensation.

Conduct regulation

In the case of conduct regulation the feasible aims of a supervisor are more constrained. In particular it is not realistic to construct a conduct supervisor which could discover misconduct by individuals which is not visible to the firm, with any reliability. Discovering individual acts of wrong doing requires a forensic level of investigation for which it is not realistic to equip a regulator. This role should rest with the internal control mechanisms for the individual bank, namely management, compliance and audit.

A conduct supervisor can however be expected to achieve the following seven outcomes:

1.Establish a set of regulatory rules which:

(a)determine how markets and transactions between professional counterparties should be carried out; and

(b)determine the rules which cover interaction with retail consumers.

2.Ensure that firms have appropriate oversight mechanisms in place to seek to ensure adherence with those rules. The testing of whether the oversight framework is in place can include periodic detailed assessment of particular oversight mechanisms, for example with regards to product suitability. However, as I mentioned above, it should not be set up with the goal of picking up individual acts of wrongdoing.

3.Operate an effective redress mechanism which returns money promptly to consumers.

4.Operate an effective authorisation regime for key management roles which includes making judgements on competency and probity.

5.Operate an effective enforcement regime. My definition of an effective enforcement regime would be “one which ensures that when individuals are contemplating wilfully committing wrongdoing they believe there is a reasonable chance of them being caught and that the sanctions are severe enough to provide credible deterrence”. This was the substance of my speech in which I stated that individuals needed to be afraid of the regulator.

6.Operate a set of detection and analysis mechanisms which maximise the chances of detecting wrong doing once it has become reasonably prevalent in the system but prior to it becoming systemic.

7.Make a judgement as to whether the bank has the right culture to encourage individuals within the institution to comply with these rules. In particular, the supervisor should set rules which ensure that individuals are incentivised by the bank itself to behave in the right way, in particular the compensation structure needs to be correctly aligned.

Specific Observations with regard to Conduct Regulation

I expand below on each of the seven points.

1.Regulatory rules

The central policy question in respect of rules is the degree of specificity which is required. This sits at the heart of the “principles versus rules” debate. Experience suggests a hybrid approach remains the only realistic solution. Superficially the concept of a simple set of rules such as “Treating Customers Fairly” appears desirable as it should be less bureaucratic to administer and would appear to avoid the opportunity for enforcement arbitrage. However, the fact is that any enforcement process ultimately gives the defendant recourse to the legal system. The absence of clarity creates the opportunity for the banks to resist sanction even when it is clear to the society that they have transgressed such as in the case of PPI. Consequently there has to be a mix of principles and detailed rules and the regulator has to seek the right balance between maximising enforcement success, giving clarity to firms, whilst minimising the administrative burden.

2.Conduct supervision

If the Financial Conduct Authority (FCA) is to be successful it is in the area of supervisory expectation that Parliament needs to be clearer. Currently the expectation of the media and Parliament is that any wrongdoing should be preventable by the supervisor. Thus, any wrongdoing by a firm is seen as a supervisory failure. This is an unachievable expectation which also creates unnecessary costs, regulatory burden and creates defensive behaviour by supervisors. It would be helpful if Parliament would make clear that it does not expect the regulator to discover wrongdoing before it has become visible in the marketplace not least because having the capability to do so would not pass a cost benefit test. The role of supervisors should be to detect wrongdoing once it is visible in the marketplace and also seek to ensure that firms have appropriate oversight mechanisms in place which themselves deter the wrongdoing.

3.Redress mechanisms

The ability to deliver redress to consumers is an essential element of conduct regulation. The Ombudsman service has worked broadly well in relation to individual complaints, but there is clearly scope to give greater power to the regulator to achieve speedier mass redress. The current Finance Act has improved the regulator’s powers in respect of delivering mass redress, but more could be done.

4.Authorisation regime

In relation to the authorisation regime, the supervisor needs powers to make it easier to make a judgement on technical competency. It also important that individuals recognise that they need to promote the right culture in the institution. The problem here is that this is a subjective judgement. Therefore, if this is an obligation on the regulator it lays it open to the risk it is being seen to misuse its powers. There is therefore an argument that this judgement should be made by the industry operating its own code of conduct and register. This would have to work in conjunction with the authorisation process. However, notwithstanding the reputational risk to the regulator, on balance I favour keeping all the judgements relating to authorisations with the regulator but in either case statutory backing would be beneficial. Finally, it would be helpful if authorisation of individuals could include conditions, albeit for a limited period of time. This would enable the regulator to formally identify actions which it requires members of management to carry out as a condition of maintaining their authorisation.

5.Enforcement regime

In respect of ensuring an effective enforcement regime it could well be that fines need to rise again; even above the levels the changes made by the FSA in 2010 will have achieved. Furthermore, the regulator needs to be given additional powers. Firstly, to suspend individuals while their investigation is pending. Secondly, to enshrine in law that if an individual has been associated with a bank that either prudentially fails or commits an act of serious conduct wrongdoing, there is a presumption that the senior individual cannot hold a senior post again, unless they can demonstrate reasons to the contrary. In general I would not be in favour of imposing criminal sanctions for poor commercial decision making. It is however important that the Serious Fraud Office (SFO) is well resourced and effective and encouraged to use its powers in support of the regulator.

The central point as I said earlier, is to ensure those who are contemplating wrongdoing are deterred by believing there is a reasonable probability of being sanctioned in a material way. This concept of fearing the regulator sits alongside the regulator being seen as respected and authoritative by those who are wishing to operate within the rules

6.Detection capability

As has been discussed in the FCA document the detection mechanisms need to include much stronger analysis of business models, product suitability and, critically, complaints data by the regulator. This capability would supplement the existing obligations on regulated markets operators to provide the necessary data. This will require a significant investment by the FCA in terms of both people and technology. It will also require a change in culture, and in particular a greater willingness to listen to consumers. One particular innovation I would encourage would be to put much greater investment into encouraging consumers to contact the regulator directly with their concerns. This would require a vastly expanded call centre capability.

7.Oversight of culture

As I made clear in previous speeches at the FSA I do not think the regulator should have responsibility for determining the culture within a particular bank, but it should make a judgement as to whether there is a culture in place which supports the regulator’s objectives. This would include making judgements on the effectiveness of Boards and the incentives, deterrence and oversight structures which individual firms have in place. Undoubtedly this would be a contentious area of focus as it is highly judgemental. Thus, some general obligation in statute requiring the regulator to make such a judgement would be helpful in giving it the necessary authority.

In particular, the regulator should ensure that the banks have the following three elements in place:

(a)A clear statement of purpose and values which places an obligation on employees to give consideration to the impact of their actions on society as whole.

(b)An effective incentive regime which encourages individuals to see themselves as the custodian of their institution and which, in particular enables claw back for wrongdoing and does not reward high pressure selling.

Further changes to the current compensation arrangement should include:

Making clear that any discretionary compensation is linked to compliance with the general statement of purpose. The specific changes below would assist in this aim.

For senior Executives extend the deferral period to five years.

As is being proposed, a clear ban on commission arrangements which encourage high pressure selling.

Clarity that fines should come out of the bonus pool. This would then encourage a greater ownership of good behaviour by everyone. One of the changes required is not just aiming to deter deliberate wrongdoing, but also to eliminate passive acceptance behaviour by everybody else.

(c)A strong and independent compliance function which is tasked with ensuring adherence to the purpose and values statement, not just with regulatory rules. This would be encouraged by the setting up of a Board Committee to sit alongside the Risk and Audit Committee which would focus on operational conduct and behavioural risks, leaving the current Risk Committee to focus on balance sheet risk


In summary, the central point I wish to make is that the approach to prevention differs between prudential and conduct regulation. In prudential regulation the supervisor can make a forward looking judgement within the framework of the rules as to the likelihood of a firm achieving the regulators desired outcome and intervene if it thinks they are not going to be achieved.

In the case of conduct regulation an inspection based regime is unlikely to reliably detect individual wrongdoing in firms. The focus of the regulator thus needs to be on ensuring the firms themselves take responsibility for achieving that goal. In pursuit of that goal the regulator needs to give greater emphasis to ensuring firms have the right culture and behaviour than has been done in the past. Ensuring firms have the right culture should be a statutory objective of the regulator. The historic approach has emphasised the need to ensure the right systems and controls are in place, this is still a valid approach, but it must be complimented by a focus on culture. Also in assessing controls, greater emphasis needs to be placed on ensuring that there is a strong and independent oversight function within the firm. This approach needs to be backed up by clearer enforcement powers which ensure individual accountability.

It should however be recognised that whilst in this letter, I have emphasised the importance of culture, I am doing so because it has historically not been a focus of regulators. I continue to hold the view of the importance of also implementing the proposed proactive intervention strategy based on in depth market and business model analysis which has been laid out in recent FSA publications.

I hope these observations are helpful and I would be happy to expand on any of them if you would find that of assistance.

20 January 2013

Prepared 19th June 2013