As part of this process the FSA has commissioned research into con- sumers’ understanding of risk,72 and has devoted considerable effort to designing information such as “key features/key facts” documents that will give consumers a better understanding of the features and risks associated with investment decisions.73 What this and other re- search reveals, however, is that consumers may perceive risk differently from regulators. This has implications for the ability of the regulator to successfully enrol consumers into its risk-to-objectives regulatory process.
While the FSA has identified four principal risks that consumers may face in their financial affairs, research commissioned by the National Consumer Council (NCC) into consumer perspectives on the risks to retirement income identified additional types of risk facing consumers in their investment decisions, including not only complexity and suit- ability risk but also advice risk, public policy risks, inflation risks and the
72See, e.g., Consumer Understanding of Financial Risk, FSA Consumer Research 33, 2004.
73See, e.g., FSA website Consumer Information: Learn Online – Risk. Available at http://
www.fsa.gov.uk/consumer/11 LEARN/shopping around/mn alp shopping intro.html.
risks of not investing or saving enough.74The complexity of these risks means that risk management by consumers involves risk trade-offs. A consumer decision to save via a deposit account will reduce exposure to investment risk but increase the risk of insufficient retirement savings.
Similarly investment in the newer “stakeholder” suite of regulated prod- ucts might decrease exposure to investment risk, but increase suitability risks where the product is sold without regulated advice. Furthermore, the research revealed that the way consumers approach risks in relation to their retirement income is influenced by their age, personality, gen- der as well as external influences and perceptions of the nature of risk and its outcomes.
The FSA’s own research has revealed that the current disclosure regime through which consumers must be given a “Key Features” (or
“Key Facts”) document prior to purchase containing a risk warning actu- ally provides consumers with little to assist them to identify what those risks might be, or to understand their own risk profile.75Of course it is the role of financial advisers (where a consumer has one) to help the consumer to identify and understand risks. However, the adviser is also a sales person and his or her interests may not be served by being too fastidious about issues of risk. Indeed, as the chairman of the Investment Management Association explained to the recent House of Commons Treasury Committee into restoring confidence in long-term savings, “a lot of the [investment] products which have been designed have been just too complicated for people to understand the risk within them or even for producers to understand fully the risks that are implicit within them”
(emphasis added).76 (We would suggest that the Select Committee
74NCC, Retirement Roulette, a Case Study of Consumer Perspectives on Risks to Retirement Incomes, November 2002. The nine risks are: investment risk (equity values may increase or decrease); suitability risk; complexity risk; advice risk; prudential/insolvency risk;
performance risk (poor management by the fund); inflation and interest rate risks;
public policy risks (e.g. changes to tax regime or other regulatory policies); the risk of not saving enough.
75FSA Consumer Research 5, Informed Decisions, 2000.
76HM Treasury Select Committee Report, Restoring Confidence in Long-term Savings, HC 71-1, Vol 1, July 2004, at para 25 and see further Seymour v. Caroline Ockwell
& Co. [2005] P.N.L.R. 39 where, in a rare judicial scrutiny of investment mis-selling,
recommendation that firms provide consumers with a simple risk rating for each product, while satisfying industry desire for simplicity, is un- likely to assist consumers in this respect. A single numerical indicator of risk can never fully represent the risk and uncertainty associated with financial products.)
Risk, in the financial services context, is presented as having only a financial dimension, divorced from psychological, cultural or social dimensions, and as such is to be managed by consumers through pru- dent, rational and risk aware investing behaviour. Moreover, this risk is presented as being an intrinsic attribute of financial products them- selves (in the same way that calories are an intrinsic attribute of food), and implies that it be controlled through careful selection of the right product. The simple risk statement included in the mocked-up ex- ample of the proposed “Quick Guide/Key Facts” document to be given to prospective consumers of certain retail investment products includes statements that “The funds that we offer have different levels of risk . . . ”, and “Many of our funds invest in shares that can go up and down in value . . . ”.77 This obscures the fact that, for example, share price per- formance is, in reality, dependent upon the outcome of a myriad of decisions taken by different individuals, often across the globe. Those decisions and their outcomes can only ever be uncertain, no matter how carefully the fund is selected.
What seems missing from the FSA’s risk-based strategy for consumers is any recognition of ethical, social or cultural dimensions to risk. As Shah has pointed out in the context of his discussion of the intellectual paucity of the financial models of risk,78such models ignore the impact of a risk event occurring (financial loss) on the self-esteem, pride, phys- ical and mental health of the individual concerned, but also perhaps on
the court held the adviser liable where she recommended a complex offshore fund administered in the Bahamas to clients whose risk profile was low risk. That the adviser didn’t understand the characteristics of the product was no defence. She ought to have advised the clients to seek more specialist advice.
77FSA Consultation Paper 05/12, Investment Product Disclosure: Proposals for a Quick Guide at the Point of Sale, July 2005, Annex 2.
78A K Shah, The Social Dimensions of Financial Risk, Journal of Financial Regulation &
Compliance, 1997, 5(3), 195–207.
the family and local community (if, for example, the investment was community based). In other words, the psychological and social impact of financial risk is simply ignored, yet these may have a profound influ- ence on consumers’ perception of, and willingness to undertake, risk.
Increasingly, individual citizens are required to accept responsibility for their own longer-term financial security and for the risks associ- ated with that responsibility. But if individuals are to be effective “risk regulators” there is a need, we would suggest, for more comprehensive engagement between the government, the regulator and individuals about risk. The risks perceived by individual consumers are not neces- sarily the same as the risks perceived by regulators for consumers. In the context of the issue of investing for old age the NCC in a report on consumer views on risks found that consumers wanted a more open and inclusive debate about the extent to which it is equitable and right for individuals to carry an increased risk burden for their future retirement income.79In wanting to make consumers more risk aware what has not been explicitly acknowledged by either the government or the FSA is the ethical dimension to risk implicit in the shift from communitarian to individual responsibility for financial security. It seems that individu- als as citizens are well aware that risk is about more than understanding the technical features of various investment products, or of the need to save more. Rather it is a politicised concept, a form of governance that seeks to responsibilise80citizens in order to serve the regulator’s objec- tives, but which also facilitates (deliberately or not) the creation of a particular social order in which responsibility for longer-term financial security is shifted downwards, from government to individual.
Conclusion
In seeking to achieve its statutory objectives the FSA focuses on identi- fying and addressing risks to its objectives. Risk is the driver of regulatory policy and strategy. The FSA has made considerable effort to commu- nicate its regulatory strategy with industry and the public, including
79NCC, Running Risks: Summary of NCC Research into Consumers’ Views on Risk, October 2002.
80For a discussion of “responsibilisation” see Chapter 1 text accompanying in 31–40.
the realities (faced by all regulators) of determining priorities and bal- ancing resources. As Power nevertheless suggests, a risk-to-objectives approach to governance (including regulation) “contains the seeds for an essentially amoral, inward-looking and self-referential set of prac- tices. It creates and supports a (distracting) consciousness of the organ- isation as being at risk in the face of the rights and claims of others.”81 It also has implications, as Fisher has commented, for the way in which we judge what is good and bad regulation. One implication is that in attempting to translate regulatory uncertainties and hard choices into the language and practices associated with risk, broader social or po- litical issues or concerns can become displaced or obscured instead by concerns over technologies of performance, and, particularly in the case of consumers, information strategies.
81M Power, The Risk Management of Everything (Demos: 2004).
3
Regulation within the regulated firm: legislation
and rules
Chapter 2 set out the broad framework for the supervision of firms, drawing attention to the implications of this framework in terms of the desire to shape firms’ internal cultures and processes, and to em- bed responsibility and accountability. This chapter considers the way in which financial regulation has extended its reach “downwards” into the level of the regulated entity to impose specific responsibilities on in- dividuals within those firms, particularly on senior managers. It explains the genesis and structure of the FSA Handbook rules and guidance on senior management arrangements, systems and controls (collectively known and referred to hereafter as “SYSC”) as well as the regime for approval, regulation and sanction of persons performing what are known as “controlled functions”, i.e. key roles, within and on behalf of the firm. It concludes by considering some of the theoretical literature on regulation and compliance as well as on the notion of “responsi- bility” within complex organisations and asking how initiatives such as SYSC can be seen in the light of the insights provided by some of that work.
55
Forerunners of SYSC: senior management responsibility under the Financial Services Act 1986
Prior to the enactment of the Financial Services and Markets Act 2000 (FSMA 2000) the writing was clearly on the wall for the senior man- agement of firms regulated under the Financial Services Act 1986.1The collapse of the Barings banking group in 1995 is now widely accepted to have been as much attributable to a lack of quality, effective inter- nal controls and management systems as to employee deception. It led to new rules and guidance from the Securities and Futures Authority (SFA) designed to make explicit the link between the individual re- sponsibility of a designated senior executive officer for ensuring that the firm discharges its responsibility under the FSA (then the Securi- ties and Investments Board) Principles relating to due skill and care in the conduct of business, and proper internal organisation.2
This represented a departure from the traditional concerns and techniques of financial regulation inasmuch as it imposed explicit and specific expectations on a firm’s senior executive officers as to general management controls and structures within a regulated firm. Hence financial regulation was beginning to concern itself with more than the technical “compliance” obligations imposed by rules and regulations made under the Financial Services Act 1986, and was reaching specifically out of the compliance department and up to and into the boardroom. The prospect of regulatory disciplinary proceedings against designated senior officers of a regulated firm, should that firm suffer serious financial or reputational damage where management failure
1A Newton, The Handbook of Compliance: Making Ethics Work in Financial Services (FT Pitman Publishing: 1998) pp 98–112.
2SFA Board Notice 473, May 1998. “Senior Executive Officer” being defined to mean a senior executive director or partner, or equivalent senior executive approved by SFA, who is ultimately responsible for the management of the firm’s investment business in the UK. Such a senior executive officer (SEO) became individually registrable as such and was obliged to take reasonable steps to organise and manage the firm in a manner which is designed to ensure that its business is conducted in accordance with regulatory requirements.
has been a cause or contributing factor, began to concentrate minds at a more senior level within regulated firms than the middle ranks of the firm’s hierarchy at which the compliance function all too often had operated and had its highest level of access. These 1998 rule changes were accompanied by detailed guidance on the SFA’s Fitness and Propriety test. This was designed to strengthen the assessment of the competence and capability of individual applicants to the SFA for registration.3 The SFA was thus able to have regard to whether a registered person was, at all times, capable and competent effectively to perform the role she was employed to perform.
Guidance was also introduced to assist firms in compliance with what was then Securities and Investments Board Principle 9 (Internal Organ- isation and Compliance with Regulatory Requirements). The SFA no longer expected firms just to have “adequate management controls”, rather the expectation was now that firms “manage and control the business effectively”.4
The Financial Services Authority (at the time still termed the Secu- rities and Investments Board) had, by the time the SFA’s new rules took effect, taken up the senior management responsibility initiative from the SFA.5On 1 May 1998 it announced the setting up of a working party to consider the responsibilities of directors and senior management, and to
3The Self Regulating Organisations operating under the Financial Services Act 1986 all introduced rules at various points in time over the last decade which required certain categories of individuals to be registered and privy to their rules and, ergo disciplinary framework, in the wake of the misappropriation of pension fund monies from Maxwell group companies’ funds as a result of fraud and lack of internal controls within Bish- opsgate Investment Management Ltd, an IMRO regulated entity. These individual registration rules were the predecessors of the Approved Persons regime now found in Part V FSMA 2000.
4This was a rather different and much stricter form of expectation in practice, albeit contained in guidance so that it cannot be, strictly speaking, described as an expectation.
Para (1) of Appendix 38 SFA Rules. For example, it included matters such as effective risk management, clear segregation of duties and full reconciliation procedures along with taking reasonable steps to ensure that these work effectively, clear demarcation, communication and acceptance of responsibility for business activities, regular review of the commitments that a business has entered into and proposes to enter into (para 6A, Appendix 38, SFA Rules 1998).
5SIB Consultation Paper 109, The Responsibilities of Senior Management, July 1997.
take forward the work that had already been done by financial regulators on this topic. It was this early work, which predated publication of the Draft Financial Services and Markets Bill in July 1998, that laid the foundation stones and provided the conceptual turning point for the introduction of the rules and guidance on senior management arrange- ments, systems and controls under the FSMA which are discussed in this chapter. The FSA described the rationale for individual accountability for a firm’s compliance thus:
The benefits of individual accountability . . . should lead to higher standards of conduct and thus reduce the likelihood of a firm being adversely affected by reckless, negligent or rogue behaviour.6