I spent last week in London researching my book on the financial crisis and consumer protection. UK regulators began emphasizing principles-based financial "fairness" years before their American counterparts, and I knew they are grappling with the toughest issues. Still, my interviews with regulators, former regulators, bankers, attorneys, and consumer advocates were even more thought-provoking than I expected.
Quick background: The UK’s Financial Services Authority (FSA), launched a Treating Customers Fairly initiative, or TCF, in 2000. Regulators laid out broad principles that financial companies must follow. They also undertook an aggressive enforcement regime, especially on payment protection insurance. PPI is similar to the debt cancellation add-on products that became the target of CFPB’s first set of bank enforcement actions, but the UK’s mandated penalties and consumer refunds have been much larger -- topping 15 billion pounds and still climbing. While this massive cost has captured the full attention of the industry, the original TCF approach was deemed insufficient. In 2013, the UK reorganized financial regulation to separate prudential oversight from “conduct” standards, and created a new Financial Conduct Authority, or FCA. This logic mirrors the thinking behind creation of the CFPB in the U.S., although the FCA covers more than consumer issues.
There are many parallels between the consumer protection approaches in the U.S. and UK, but I was struck by the differences. With the disclaimer that the following reflects still-limited research and greatly oversimplifies these complex topics, here are some observations on themes that go to the heart of how best to provide and regulate consumer financial services:
Principles- versus rules-driven regulation: Virtually all regulators use both principles- and rules-based tools. In the U.S., however, apart from non-discrimination mandates and a recent focus on UDAAP (unfair, deceptive, and abusive practices), the government has mostly relied on complex, prescriptive rules (especially disclosures), for consumer financial protection. While the U.K., too, has many prescriptive rules, it puts much more emphasis on principles. A sampling:
- Principle 6: A firm must pay due regard to the interests of its customers and treat them fairly.
- Principle 7: A firm must pay due regard to the information needs of its clients, and communicate information to them in a way which is clear, fair and not misleading.
- Principle 8: A firm must manage conflicts of interest fairly, both between itself and its customers and between a customer and another client.
- Principle 9: A firm must take reasonable care to ensure the suitability of its advice and discretionary decisions for any customer who is entitled to rely upon its judgment.
These principles, while subjective, are mandatory. Every regulated company must take and sustain comprehensive actions to make them drive its business.
The centrality of culture: In the U.S., the CFPB emphasizes and evaluates financial companies’ compliance cultures, but the FCA has made this element much more central. British banks have embarked on a deep redesign of business decision-making, driven by boards and senior executives who are accountable for results. One banker told me their outside directors now demand that every board meeting devote hours to conduct issues, whereas old-style “compliance” received minimal attention. In 2006, the FSA’s Clive Briault said, “Treating Customers Fairly needs to be embedded into the culture of a firm at all levels, so that over time it becomes business as usual. This is very much a responsibility of senior management, not just a compliance issue.”
Depth of change: The explicit emphasis on culture and change-management has moved British regulators and banks into a massive effort to alter the core nature of the industry. One bank described a process of identifying several hundred factors that impact customer fairness, ranging from product terms, pricing, and disclosures to sales and servicing practices. The bank has evaluated each element, changed them where necessary, and now requires every business line head to certify personally that the going-forward factor is fully fair. Almost all my interviewees emphasized that these are now core business decisions, with accountability in the business line, rather than “compliance” functions in the traditional sense. People spoke of shifting accountability from the second line of defense (the compliance function) to the first line – the business itself. This contrasts with trends in the U.S., where regulators do expect the first line of defense to be robust, but have increasingly emphasized the need for major investment in second line and also the third (audit).
Deemphasizing “controls:” The CFPB and the other US regulators are highly focused on requiring robust compliance management systems, called CMS. These systems set and test a vast body of “controls” that assure that every regulatory requirement will be met. Controls range from policy, procedure, and training to IT systems and redundant testing that detects and fixes errors. The testing regime is structured to be conducted by various players who are independent of each other -- in large banks, there is testing by the business line, the compliance group, audit, and numerous other functions like operations and credit risk management. Banks often lament the cost and inefficiency of this redundancy, complaining about needing “checkers checking the checkers.” The regulators, however, view CMS as the only way the bank, itself, can assure strong compliance. A highly reliable CMS system, in theory, enables the regulators to trust that the bank is managing compliance well, which in turn can lead to streamlined examinations – an objective the industry shares as well.
Emphasis on the CMS, however, raises problems. One is that these control systems have become more and more expensive, while bringing diminishing returns. A deeper issue is that they are overwhelmingly designed to assure compliance with technical consumer regulations that, while perhaps necessary, have not produced true consumer “fairness.” Companies spend tremendous amounts of money producing and quality-checking mandated disclosures that their customers do not read.
The UK seems to be moving beyond the CMS emphasis and staking its regulatory strategy on cultural change. Technical rules and disclosure requirements still exist and banks must still have controls around them, but numerous people told me they are now subordinated to the conduct and fairness principles. One bank says they now have separate groups testing controls versus assuring fairness, with the testing now being a limited effort. If they can get conduct right, the “policing” of compliance would become less necessary.
Focus on full product lifecycle and consumer ”outcomes:” Deemphasizing compliance controls and emphasizing principles leads to thorny definitional and measurement issues regarding what constitutes fairness. The UK is struggling toward a new approach that will measure “consumer outcomes.” The FCA has identified six required outcomes, including that consumers be “confident that they are dealing with firms where the fair treatment of customers is central to the corporate culture;” that services are “designed to meet the needs of identified customers groups and are targeted accordingly;” that customers receive “clear information and are kept informed before, during and after the point of sale;” that any advice given is “suitable” and takes account of the customer’s “circumstances;” that products “perform as firms have led (the customer) to expect;” and that customers “do not face unreasonable post-sale barriers imposed by firms to change product, switch provider, submit a claim or make a complaint.”
The outcomes focus requires looking holistically at the customer’s entire experience with the product, to determine whether the person received what was promised and was treated well at every step of the change. This product life-cycle approach (which mirrors the CFPB’s broad emphasis on “risk to the consumer” and its “consumer-centric” perspective) necessitates a major shift from most banks’ highly siloed business models. Retail business lines often don’t even know what happens to customers after the origination stage of a product – whether problems arise or penalties are imposed or consumers are denied claims for insurance or rewards features. A holistic approach also creates huge data and metrics challenges, since business lines normally measure success by sales volume and revenue, not customer outcomes. Banks typically have not even collected some of the relevant information, much less tracked and analyzed it.
Positive, not negative mandates: UDAAP is a framed as a negative prohibition – it bars acts and practices that are unfair, deceptive, or abusive. In contrast, the UK’s TCF and conduct principles are framed as positive mandates, affirmatively requiring fairness and “integrity.” The two deal with largely the same topics, but this difference in emphasis produces different approaches. In practice, there can be a big gap – gray space -- between practices that are clearly fair versus clearly unfair. Historically, U.S. regulators applied UDAAP mainly to unusual practices at the margins of the industry, rarely hitting mainstream products. Since creation of the CFPB, all the US regulators have largely reversed this – they are interpreting UDAAP much more broadly. Still, they focus on practices, and see issues like culture and controls as means to the end of eliminating problematic acts. The UK, in contrast, focuses directly on conduct, explicitly seeing culture as the core issue, not something in the background.
One can worry that the UK’s affirmative approach casts too wide a net. After all, principles of fairness and transparency are not defined with precision, and almost any financial practice may seem unfair or confusing to someone. Still, I see value in the positive and principles-based approach, if it can be implemented well. In the U.S., the very term “UDAAP” undermines the lofty goal of fairness. It’s a bad-sounding acronym that must be translated for anyone from outside the financial regulatory world. Inside that world, it joins the numerous other alphabet soup regulations that have long fostered a view of “compliance” as an arcane endeavor for subject matter specialists, disconnected from common sense business strategy or customer value. “Treating Customers Fairly” and good “conduct” are better grounded in compelling, comprehensible values.
Structural solutions: Several interviewees expressed doubt that separating prudential regulation from conduct supervision will accomplish much. One noted that both models existed globally before the financial crisis, without producing noticeably better outcomes correlated with either design. Another lamented the tendency of legislatures to respond to problems by doing the easy thing – reorganizing government – rather than the harder work of figuring out the underlying issues. On the other hand, many interviewees believe that consumer protection never has and never will win equal attention from regulators who are charged with keeping the financial system sound. That has certainly been the history in the U.S., despite extensive efforts by the bank regulators (I myself led the original consumer protection unit at the Comptroller of the Currency).
Global focus: London is one of the world’s most international cities, and nearly all my interviewees spoke from a global perspective. Most of the bankers are actively involved with UK, European, and U.S. bank regulators and had interesting thoughts on similarities and differences. One person talked about the diversity of both cultures and laws around the world, pointing out practices that are banned in some countries, restricted in others, and actually required in certain places (adjusting interest rates on outstanding balances is an example). This Individual also observed that privacy is a top regulatory concern in the U.S. and Europe, but is less valued in parts of Asia with stronger communal, rather than individual, social and cultural roots. It was a reminder that “fairness” will be forever elusive.
Costs, competition, and market dynamics: Most of my interviewees, especially the bankers, described the costs of the fairness efforts as enormous, even shockingly so, although the expense is hard to quantify. There is also great concern about what will happen if regulators cannot apply the conduct principles with sufficient clarity and consistency. While consumers might reward increased “fairness” and transparency with more business, there is fear that the opposite will happen – that firms making the most effort will be punished by the market, losing ground to less scrupulous competitors that exploit consumers’ lack of knowlege. U.S. companies, too, speak of this problem. Some tell stories of making their product terms more understandable, and immediately losing market share to others that drew in customer by being opaque or misleading. That pattern, left unchecked, will fuel growth of “unfair” companies and shrinkage of “fair” ones.
Building trust / Can this work? The only possible solution (apart from consumer education, which hasn’t worked yet) is superlative wisdom and consistency from the regulators. My UK interviewees described a grand experiment involving a huge, collective, simultaneous leap of faith by industry and regulators. The government is asking the financial industry to shift its business models to try to remove any profit that derives from the consumer not understanding the product. The industry, at all levels and with varying degrees of concern or enthusiasm, is trying to do this, undertaking efforts much more fundamental than most of what is underway in the U.S. The process requires trust, in every direction. The industry is trusting that the regulators will not punish them for finding and fixing their own problems (one banker said if that happens, the bank’s executives will instantly give up on the conduct changes). Even more importantly, the industry is trying to trust that the regulators will be judicious and consistent in holding all competitors to the same standards, thereby blocking market advantage for those that do not change practices. If the regulators fail in this, financial incentives will cause businesses to minimizes the changes they make, rather than to reach high as many are doing now. Businesses that try to maintain higher standards against competitors that are permitted to use low ones, will lose market share (unless consumers actually understand and value the new fair practices, which is unlikely given the complex and arcane nature of many of them).
Just as the industry hopes it can trust the regulators, it also hopes for trust from them. The goal is that these good faith efforts will win the government’s confidence, leading eventually to a regulatory regime that would be less punitive, intrusive, and burdensome. As in the United States, bankers look forward to the day when regulators stop penalizing industry actions that occurred many years ago when regulatory standards were different (although most people acknowledge that the high penalties have been a key catalyst in sparking change). Some hope compliance management systems can be streamlined, with resources redirected to higher-value efforts.
Consumers will always have problems with financial services; no regulatory approach can perfect the system. The UK’s effort has been running for 14 years, and neither the regulators nor the industry have figured out the formula for assuring “fairness.” Both banks and regulators described the current effort as a “journey,” with everyone struggling to figure out how best to proceed. And of course, the themes I’ve distilled here are obviously not universally shared. Still, I think U.S. banks and regulators might take some thought-provoking lessons from London.
Send me your comments on them – I would love to hear from you.