In brief
- FCA COO Emily Shepperd has delivered a speech setting out why conduct and culture is a regulatory priority
- Shepperd suggests that firms with bad cultures display poor risk management skills, which can present a wider market risk
- The FCA has also delivered a ‘Dear CEO’ letter to wholesale brokers, noting that “broker conduct” and “culture” are priorities for 2025
- The FCA will be taking direct action against firms that do not have controls to detect misconduct, will be looking at remuneration arrangements, and will be publishing a consultation on SM&CR “in due course”
The regulatory focus on conduct and culture may not be new, but the rationale behind such focus has been made clearer this week with a winter-bug themed-speech from the Financial Conduct Authority’s (FCA) Chief Operating Officer (COO) Emily Shepperd entitled “Culture is Contagious.”
The speech, delivered by Shepperd at the 10th Annual Culture and Conduct in Financial Services Summit, surmised that organizations that allow bad cultures to go unchecked likely have poor decision making and risk management in place which, in turn, poses risks to the wider financial market. As such, bad cultures are “not just a moral issue, but a regulatory concern too.” She added:
“As a conduct regulator, the FCA’s objectives are to protect consumers, ensure market integrity, and support the UK’s economic growth and competitiveness.
But time and again, when we investigate failures of consumer protection or market conduct, what do we find?
The same root cause: Failings in culture and governance.
That is no coincidence. Because it is culture that drives conduct. Culture that shapes decisions and actions at every level.”
In fact, Shepperd’s speech is the second communication from the regulator on the topic in as many weeks. On 24 January, the FCA issued a ‘Dear CEO’ letter to wholesale brokers noting that “broker conduct” and “culture” are strategic areas of focus for the regulator in the coming year.
The FCA will be conducting “targeted work to assess how firms manage their brokers” and expects firms to “have suitable controls in place to detect misconduct and to take appropriate action against those found to be committing misconduct,” according to the Dear CEO letter.
It goes on to note that the FCA continues to observe an “inconsistent application” of remuneration arrangements under the Senior Managers & Certification Regime (SMCR). The FCA has asked firms identified as not having an appropriate remuneration policy in place to take “immediate action to remediate this failing.” It added that it does not want to see that firms with a “healthy and compliant culture” are put at a disadvantage. Therefore, it will be using the regulatory tools available to it “including Board effectiveness reviews, increased capital requirements, and business restrictions” where firms have “continuously failed to bring themselves up to the standards required.”
As well as taking decisive action against firms, the FCA has announced that it will shortly be setting out more detail on our proposed next steps regarding conduct and culture. Meanwhile, the regulator is working alongside the Treasury and the PRA on reviewing the Senior Managers and Certification Regime (SM&CR), and will publish a consultation paper “in due course.”
Is surveillance your first defense for “contagious” non-compliance?
As noted, the regulatory focus on conduct and culture is not new, but, despite years of messaging, it persists. Is this, in part, owing to a lack of technological tools and solutions that could help prevent the contagion?
There is no denying that, over the past 10 years at least, there have been shifting expectations of the individuals who work within a firm, as well as a reckoning with what ‘good conduct’ or ‘bad conduct’ looks like.
However, despite rounds of policy updates, training and re-training, reconfigured processes, and an assessment of disciplinary procedures (even docking the bonus packages of individuals who don’t follow the rules) – we continue to see bad behavior and misconduct.
Perhaps now is time for firms to look again at the strategies compliance teams have employed to weed out bad culture. Is surveillance technology now the only way to detect “patient zero” before the contagion takes hold?
Surveillance technology could be used, for example, to set up alerts, either through lexicons or – as is becoming increasingly prevalent – through the use of Large Language Models (LLMs) to detect bad conduct. Instances of bullying, sexual harassment, discrimination, etc. are flagged accurately as alerts to the review team, so bad conduct is spotted and escalated instantly, mitigating the risk of it taking seed and becoming bad culture.
If bad conduct is detected at an early stage, and discussions are had with the perpetrator in the first instance, word will soon get out that such action will not be left unaddressed. Like Shepperd’s “winter bug,” the likelihood of bad conduct spreading is reduced.
Perhaps all it takes is for one individual to tell a colleague “they saw that I called a client a **** last week and I got called out on it,” for that colleague to then be wary of conducting themselves in the same way. The understanding that non-compliant activity will be detected and addressed immediately will be the “contagion” that spreads through a firm – while bad conduct gradually reduces. In the words of commissioner Kristin Johnson of the Commodity Futures Trading Commission (CFTC), “sunlight is the best disinfectant,” and firms shining light on instances of internal misconduct and bad behavior is vital to increasing cultural “hygiene.”
Of course, the old ways are not redundant. Making your expectations of what is permissible clear to employees, and outlining how it will be addressed through policies, training, and procedures, still holds a valuable role in stopping the spread. But surveillance technology now exists to accurately detect even the earliest signs of infection, meaning treatment can start before it takes hold.
