Part IX Legal and Conduct Risk Management, 32 Managing the ‘Grey Areas’Standards, Scenario Analysis, and Case Studies
Roger Mccormick, Chris Stears
Roger McCormick, Chris Stears
- Banking — Financial regulation — Financial stability
(p. 585) 32 Managing the ‘Grey Areas’Standards, Scenario Analysis, and Case Studies1
In a system where trust is fundamental it ought to be of grave concern that only 20% of UK citizens now think that banks are well-run, down from 90% in the late 1980s.2
The banking industry has a clear sense that it does not hold the position in society it once did. This is often expressed by asking why the public no longer trust or understand it and has led to a bit of a mission to regain or rebuild trust. In my view—it is a search to recover something you never truly had. I believe we have mistaken deferential treatment (based on faith—or sometimes fear) for trust … It is true that bad things happened (and indeed continue to) which seriously damaged the image and reputation of the industry but there was a broader change going on too. Banks—along with others—(even doctors and lawyers) suffered a loss of deference attached to their positions of authority—as consumer confidence and expectations of service providers massively increased.3
32.01 As is apparent from Part III of this book, the management of conduct risk continues, at the time of writing, to present many challenges for financial institutions. Society expects banks to do rather more than merely comply with the law. Banks are expected to be ‘good corporate citizens’ and to behave ethically. As has been said so many times, they are expected to (and say they wish to) ‘regain public trust’. One might argue that they are expected to observe the spirit as well as the letter of the law. If they do not, the risk of litigation and regulatory action, coupled with reputational damage, increases. But financial markets thrive on ingenuity and the law allows considerable flexibility to those who are determined to ‘find a way round’ a perceived problem. ‘Creative compliance’ abounds in financial markets.4 When is such ‘problem solving’ to be applauded and when is it to be condemned as irresponsible or immoral? Where is the line to be drawn when there is a ‘grey area’ between the obviously right and the obviously wrong? As already noted,5 if such questions cannot be answered clearly and confidently, there is every possibility that banks will simply ‘de-risk’, closing down the business lines that are perceived to present too much risk of heavy conduct costs and reputational damage. In this chapter we revisit, in the context of risk management, the issues concerning ‘grey areas’ first considered in Chapter 12 and explore the potential benefits of standards6 that set out what is regarded as accepted practice, adopted either within an individual bank (with various business lines) or amongst a group of banks. We also suggest how one might in practice set about developing a standard.
32.02 We suggest a definition of ‘standard’ in paragraph 32.09 below. Our definition of ‘grey area’ is:
An area of market activity where there is a significant level of uncertainty among market participants as to the appropriate course of action that should be followed.
32.03 As was mentioned in Chapter 12, The Fair and Effective Markets Review (FEMR) Final Report (June 2015) called for ‘near-term’ actions to improve conduct standards. One of the principles underlying these actions was that ‘firms active in FICC markets should take greater collective responsibility for developing and adhering to clear, widely understood and practical standards of market practice, in regular dialogue with the authorities’.
(p. 587) 32.04 The FEMR’s proposals were of particular importance in relation to the management of grey areas. An effective response to the ethical dilemmas posed by grey areas, particularly the adoption of ‘standards’ that supplied an approved behavioural response, could go a long way to ‘restoring public trust’, the objective that has become almost an obsession in financial markets and amongst regulators.
32.05 Consequent upon the recommendation of the FEMR, the FICC Markets Standards Board (FMSB) was established with a mandate to issue standards designed to improve conduct and raise standards in the wholesale Fixed Income, Commodity, and Currency (FICC) markets. The standards so far published by the FMSB are referred to in Chapter 12. In all cases (as the FMSB emphasizes) the standard is designed to improve market conduct by supplementing existing law/regulation with best practice guidance in specific contentious or grey areas of the markets. The standard is thus a very useful conduct risk management tool.
32.06 What do we mean by a ‘standard’? There are bodies in various sectors (including banking) that set ‘professional’ standards that are, essentially, concerned with levels of technical attainment and achievement; for example, ‘acting, at all times, in a fair, honest, trustworthy and diligent manner’. To the extent moral or ethical questions are addressed, the standard tends to operate only at a very high level. In this respect, the FEMR Final Report highlights that the high level nature of such standards may also explain (albeit not excuse) why firms that operate in over-the-counter markets appear to do very little in translating both formal regulatory requirements and the contents of market codes into operational internal guidelines for traders.7 On the other hand, the FEMR has used the term to refer to a standard of conduct intended to give guidance as to how to resolve the correct course of action in a grey area (as was the case with Sir Richard Lambert’s May 2014 Report on the Banking Standards Review Council (the ‘BSRC Report’)). We are concerned in this chapter with the latter usage. That is, standards which have the granularity to provide operational internal guidelines; and achieve a workable balance between high level principles and more detailed rules. This, in turn, requires standards to articulate the underlying objectives of principles and rules in a way that offers practical insights to firms and assists with risk management.
32.07 There is a coherent argument for linking standards to grey areas, which cuts across different markets. To this end, the BSRC Report called for standard setting to focus on areas of banking activity where there are legitimate concerns about current practices, and to issues where there is a clear public interest but the issues do not readily lend themselves towards statutory regulation.8 As demonstrated below, the term ‘grey areas’ clearly encapsulates such areas and issues.
• no clear answer is provided by law or regulation,
• applying a ‘high level’ standard only results in more questions than it answers, and
• the relevant banker, conscious of shifting social expectations, should be asking himself: ‘this may be legal but is it right?’
Since one cannot provide a detailed rule for every eventuality, conventional regulation leaves gaps that have to be filled by judgement on ‘right’ and ‘wrong’ behaviour. For effective practice, market participants must be in a position to judge appropriate conduct across a broad range of potential situations—these are the standards from which to derive sectoral benchmarks. Without this, how can the market determine what is a defensible response? On this basis, the term ‘standard’ assumes compliance with the relevant laws, regulations, and codes of conduct and, importantly, operates as an additional requirement.
A description of conduct or behaviour that is intended to specify, with whatever precision may be practicable, the appropriate course to be followed and standard of care to be observed in specified circumstances (where there may be some perceived uncertainty as to what is appropriate conduct) which is subscribed to either by a significant number of market participants or (in relation to a standard applicable only to a single institution) by all the relevant business lines within a bank.
Such an understanding of the term ‘standard’ implies a description of conduct considered to be appropriate in the specified circumstances to which it relates by those who subscribe to it. This implies two contexts. Firstly, the standard relates to ‘the right thing to do’ in a given situation. This aspect of standard setting should encourage the development of ethical judgement and, as Lambert suggests, have ‘aspirational’ elements above regulatory expectations. Of course, what is judged to be the ‘right’ course of action is relative to broader social expectations, and is time and place specific. Accordingly, standards must be kept under constant review and, over time, subject to amendment in light of changing circumstances. Secondly (as regards standards applicable across a group of banks) in order to provide a sense of legitimacy as to what amounts to the right thing to do, it is suggested that such an opinion is supported and endorsed by either a body or bodies of some kind (for example, the Banking Standards Board) or by a group of persons (for example, named banks). This proposal dovetails with Lambert’s recommendation that banks should sign up to conform to these standards, which would operate on a ‘comply or explain’ basis.
32.10 Grey areas are described in the FEMR October 2014 consultation document in terms of ‘perceived uncertainty over the boundary between acceptable and unacceptable practice’. (The definition we set out in paragraph 32.02 above would thus apply). In FICC markets, for example, these areas of reported uncertainties include: the trading relationship between dealers and end-users; the distinction between legitimate trading activity and market manipulation; and assessing a client’s suitability (such as level of knowledge and sophistication) for transacting in different products.9 But grey areas exist in many aspects of banking practice; they are not confined to FICC markets.10
32.11 The FEMR Final Report emphasizes that genuine uncertainties or grey areas arise out of specific circumstances.11 In one instance, grey areas may represent gaps in understanding of existing regulatory rules. In other instances, they may represent ambiguities in market practice that are intrinsic to the activity in question or arise due to changes in market structure or practice over time. The consultation document further noted that, on one view, standards provide ‘a sufficient guide to expectations of market practice, given the impossibility of providing detail for every scenario or circumstance’.12 In an idealized conception, standards on grey areas should close perceived gaps that, inter alia, arise out of an uneven regulatory perimeter or voluntary market codes that are too dated or legalistic. To proactively address grey areas, the Final Report calls for ‘stronger collective processes’ for identifying and agreeing on appropriate standards of market practice (that are, by definition, consistent with regulatory requirements).
(1) The risks presented by grey areas
32.12 Principles-based regulation, of course, operates at a very ‘high level’, and the absence of more detailed rules (and regulatory guidance) leaves areas of uncertainty and risk for market participants. High level principles may have the attraction that they are difficult to ‘game’ but if they are applied retrospectively to incidents and conduct that practitioners quite reasonably did not regard as wrong at the time they occurred then injustice and unfairness may result. The risks involved (p. 590) are serious and their management should ideally be addressed collectively (by the adoption of industry-wide standards) as well as individually.
(2) How case studies (or ‘scenario analysis’) can be used to foster agreement on standards
32.13 So how might the ‘grey areas’ be identified? And how might a ‘defensible response’ be built upon the resulting insights? In line with what is envisaged by the FEMR, the authors would suggest that the first step is to develop scenario-based responses in an agreed range of grey areas. The best practice responses are derived from collaborative feedback from the businesses within a bank and are benchmarked for efficacy against a series of ‘trust and sustainability indicators’—from, for example, strict legal and regulatory risk, governance and ethical outcomes, to conflicts (or potential conflicts) with established market practice.
32.14 The collaborative feedback above can be obtained by means of a set of case studies (or scenario analyses). These can be an effective way to i) identify the point of discretion that gives rise to the grey area risk, ii) test the market bias, and thus iii) develop an initial defensible response (likely to develop into subsequently agreed standards). Indeed, in the FEMR Final Report, one of the recommendations (paragraph 4.3) was to provide greater clarity and understanding of market standards. Respondents would like the regulators ‘to communicate better that standards already existed’ and argued that ‘markets would benefit’ from the regulator publishing ‘real life’ case studies in areas where uncertainties are genuinely large and potentially detrimental to the effective operation of those markets. To help improve ‘the practical application of standards’, respondents also sought to see advisory case studies designed ‘to explain (but not define) acceptable market practices through practical examples’.
32.15 The same report noted the value of circulating case examples among market participants, to help them ‘to describe good and bad market practices’, both for improved ‘trading and conduct’, and to ‘help [them] scan the horizon for uncertainties and new risks.’
• Case studies can be tailored to real-life scenarios that market participants readily identify with, rather than ‘taught’ theoretical pieces.
• Case studies are ideal for prompting discussion in groups that include various ranks of personnel (including, crucially, the most senior).
• A case study tends to elicit not only a specific response to its fact set but also a strong indication of what the right answer would be in a comparable fact set. In effect, it provides a clearer guiding principle than would a ‘high level’ statement of principle such as ‘behave with integrity’. Importantly, whenever a discussion leads to the conclusion about what the ‘right’ answer is, the case study (p. 591) provides experiential reasons why that answer is regarded as ‘right’. Participants are likely to agree on, and when subsequently facing a comparable situation, encourage others to follow, the rationale(s) behind the one (or many) solutions reasoned from the case study.
• Case studies can, in appropriate situations, lead to the industry adopting a written standard whose authority is securely grounded in thorough discussion and consensus building at the earlier stages—they have moral weight. In this way case studies support the creation of ‘soft infrastructures’ (standards and norms) by which market participants operate.
32.17 The FEMR process has, amongst many other things, given some support to the need to (i) recognize the importance of grey areas and (ii) look at case studies more seriously as a training tool. Some examples from the FEMR are given below.
• The FEMR Consultation Document observed (paragraph 5.4.1, sub-paragraph 3) that:
Some market participants have reported that they are uncertain about a number of current FICC market practices. Those reported uncertainties or ‘grey areas’ cut across different markets, including foreign exchange and fixed income …
• FEMR noted that ‘perceived uncertainties’ over ‘the boundary between acceptable and unacceptable practice’ included:
i. trading relationships between dealers and end-users (whether acting as principal or agent; impact on fiduciary duty; whether communication from client is an order or a mere expression of interest);
iv. standards for external and internal communication of market activity (danger or ‘market colour’ communications being seen as conveying market sensitive information; collusion risks; breach of client confidentiality risks; ‘lack of clear industry standards regarding internal information sharing’ perception);
(p. 592) 32.18 While the above grey areas are specific to FICC markets, the list could be greatly expanded if the analysis was applied to banking generally. It could, for example, include standards appropriate to: (a) dealing with an SME customer that is in default (including the sale of the loan); (b) valuing a customer’s property for the purpose of determining if a financial ratio is satisfied; (c) sales of financial products to SMEs; and (d) dealing with complaints of mis-selling to SMEs.
32.19 How might a bank or group of banks set about the development of standards? Ideally, the exercise should be a collective effort from the beginning, either within one bank or amongst a group of banks. The suggestions below assume that the programme is implemented by a bank with a number of different businesses although the essentials of the approach could eventually be subscribed to by a group of banks with sufficiently comparable business models.
• to understand the conduct risks, behaviours, practices, and aspirations of a bank in order to develop a set of conduct ‘standards’ that are capable of achieving a practical balance between high level principles and prescriptive-style rules and, in particular, address key grey areas;
• to create an important opportunity for businesses with the bank to explore, separately and together, approaches to conduct and benchmark market practice and stakeholder expectations using specially selected case studies;
• to identify potential conduct risk management benefits;
• to contribute to restoring public trust in the bank;
Beyond the general objectives set out above, the following benefits should also be targeted:
• understanding of the effectiveness and impact of conduct risk management;
• a shared perspective throughout the institution on common standards, reducing uncertainty in conduct risk;
• a framework for the production of conduct standards that is intellectually robust and practice-significant;
• recognition of critical grey areas for the institution where standards would assist with practical guidance on suggested and proven courses of conduct;
• through case studies to draw out, analyse, and benchmark conduct behaviours and practices.
32.21 A bank wishing to implement a standards programme would, of course, need to establish a project team (possibly with external members13) with sufficient authority to carry forward the programme from start to finish. The human resource commitment will vary depending on the phase of the programme. The following is a suggested programme framework, with associated personnel requirements.
• Preliminary Phase: a small number of personnel would be needed with appropriate seniority, experience and/or expertise in order to contribute to the determination of the programme’s set of grey areas.
• Phase I (Roundtable Discussion Meetings): a number of individuals would be selected, of varying seniority and position with the bank, sufficient to provide a representative account of that institution’s response to the various grey areas, having regard to the need to feedback against various conduct risk and ethical indicators (see ‘Phase I: Scenario Testing’, below).
• Phase II (‘Cross-pollination’ Meetings): individuals would be chosen from each business within the bank, with sufficient seniority, experience and/or expertise in order to discuss the outcomes of Phase I meetings with a view to agreeing a best practice approach to each grey area dilemma and the language of an applicable standard.
Issues Gathering: The project team would establish the bank’s agenda for grey areas to be covered. This would, of course, require extensive consultation within the bank.
Phase I: Roundtable discussion meetings
Scenario Testing: Once the grey areas are agreed, the project team would develop a number of case-study based scenarios per area. The project team would then meet with each business in the bank, separately, during which there would be a discussion of the grey areas.14 The objective of these roundtable discussion meetings would be to identify a ‘right’ (defensible) response to each scenario, with firms providing feedback against conduct risk and ethical indicators, such as:
• Perceived norms of acceptable and expected behaviour
• Experience of the scenario
• Governance response: relevant policies; governance arrangements board involvement; stakeholder relations
• Senior management response
• Compliance: relevant policy, process; compliance monitoring
• Business response: relevant procedures; decision-makers; delegated authority; escalation.
It would be necessary to convene a number of meetings, specific to each grey area, and as required in order to solicit a truly representative view of the ‘bank’s response’.
The project team would, ultimately, direct discussions towards the articulation of a standard for each grey area (and/or in respect of discrete issues within that area) and to what a standard might look like.
The objective, at this stage of the programme, would be to ascertain (and, to an extent, challenge) each business’s view of the acceptable and unacceptable responses to the given scenarios, working towards a cross-bank (and, ultimately, cross-industry) consensus to reach a ‘benchmarkable’ response.
Phase II: ‘Cross-pollination’ meetings
Representatives of each business in the bank would then participate in one or more roundtable discussions of the results from the Phase I meetings; revisiting the case studies with the benefit of the views and experience of their peers, facilitated by the project team. The objective here would be to explore further and work towards a consensus on what the ‘right’ approach to the conduct dilemmas looks like. It would be an opportunity to gain an insight into, and expand upon the project team’s feedback with regard to performance against a best practice benchmark. The cross-pollination meetings would also develop further the standards (in each grey area (or sub-area) that, when adopted and effectively implemented within the bank’s existing control framework, will provide practical guidance to achieving the ‘right’ outcomes in grey area scenarios and (when visible to the public) will help in rebuilding trust.
32.22 The programme suggested above would of course need to be adapted in detail to the needs and structures of each institution. As a precursor to any decision, and in order to aid discussion on whether or not such a programme might be (p. 595) appropriate, we would suggest the operational risk management function might set up formalized internal discussions based around the following issues (this should not be seen as an exhaustive list).
• The importance of the ‘trust agenda’; does the bank still attach importance to restoring and keeping public trust? How does it test its success?
• Is it ever right to take advantage of a counterparty’s innocent mistake?
• If the bank’s employees are trusted by customers, is the bank itself?
• Do the Banking Standards Review proposals (by Sir Richard Lambert) still make sense?
• What makes an issue a ‘legacy issue’?
• How has the bank changed since the Financial Crisis? What does it not do now that it used to do? What does it do now that it used not to do?
• What further changes (a) does the bank expect? (b) would the bank like to see?
• What does the bank understand by ‘conduct risk’?
• Whose responsibility is the management of conduct risk?
• What is an acceptable level of conduct costs? Should they be looked at in absolute terms, in comparison with competitors, or as a percentage of profits?
• How would the bank define an ‘ethical issue’?
• Are ethics relevant to (a) conduct risk and/or (b) ‘restoring public trust’?
• What are the most common ethical issues the bank has to deal with?
• Are the bank’s management’s views on the above questions shared by (a) most colleagues and (b) other banks?
• Would it be easier to be consistently more ethical if the bank knew the competition had the same values and implemented them?
• If the bank is in compliance with relevant laws and regulations, does it matter whether its behaviour is also ethical?
• Is this a good idea?
• What does the bank think it means?
• What are the key hallmarks of a profession?
• What are the practical obstacles to professionalizing banking?
• Is it feasible for a business to have ethical targets as well as financial targets?
• Can ‘ethical success’ be measured?
• How can staff be incentivized to be more ethical? Should this be necessary?
• What are the things that most commonly cause staff to behave unethically? Ignorance? Poor training? Bad character? Poor role models? Poor leadership?
… the old cliché holds true: actions speak louder than words.
A higher purpose should be evidenced:
- By how you choose to use your deep—sometimes intimate—understanding ofconsumer behaviour—to help—not exploit;
- By the transparency and clarity of communication and terms and conditions—soconsumers can make informed choices.
- By what you do proactively to move people to better deals.
- By your offer of support and advice to avoid early warning signs developing intoproblems …
- … At the heart of being trustworthy is openness and honesty.
32.24 The authors do not doubt that such issues are frequently discussed in a wide range of financial institutions. There are, no doubt, many others that could be added to the list in the context of ethics and standards. We mention them here in order to place them in a risk management context and to reinforce the point that awareness of such matters, and the taking of appropriate action, now needs to be seen as a regular item on the risk management agenda, not merely a temporary reaction to ‘a series of unfortunate events’. Restoring trust is one thing. Keeping it (and deserving it) quite another.
4 See Ch 24 Section B(3).
5 See Ch 12 Section D.
6 See Ch 12.
10 See para 32.18 below.