Looking for CoFI Guidance this Christmas? Watch The Castle – “It’s the vibe of the thing.”
21 December 2022, Mark Jephson – Partner, Mosaic
With the FMA recently releasing its Conduct of Financial Institutions licensing materials, it was a timely reminder that 2023 will be a significant year for many of New Zealand’s financial institutions as they ready themselves to meet the requirements, for the first time, of a principles-based legislative regime.
The Financial Markets (Conduct of Institutions) Amendment Act 2022 (CoFI) will require banks, non-bank deposit takers (NBDTs) and insurers (collectively referred to as ‘financial institutions’ under CoFI) to comply with a fair conduct principle to…wait for it…treat their customers fairly.
The functional legislative requirements to obtain a license from the FMA to act as a financial institution and to document a fair conduct programme to identify, monitor and manage conduct risk (being the risk of not treating your customers fairly) should not be underestimated particularly for those financial institutions with a broad range of products and services and an extensive and diverse customer base.
However, the real impact for financial institutions will be post-licensing and how the regulator (in this case, the FMA) is likely to first encourage and then, if necessary, enforce CoFI compliance in circumstances where they consider a financial institution may not be meeting the fair conduct principle. The CoFI licensing materials themselves are standard fare. They do not contain much in the way of guidance on what fair treatment of customers actually looks like or how financial institutions can genuinely demonstrate they are ‘living’ the fair conduct principle.
But that is the point.
One of the objectives of a principles-based legislative regime is to move away from financial institutions simply identifying the prescribed legislative obligation, developing some policies and processes, and mapping a series of controls to manage and monitor for compliance with the ‘letter of the law’.
Perhaps if the FMA had included in their licensing materials something along the lines of, “when we are assessing an organisation’s approach to the fair conduct principle or determining what action we will take if poor customer outcomes occur, we will make our assessments and determination based on ‘the vibe of the thing’” then perhaps for some of those working in financial services they will have gained an insight into what CoFI is all about. If not, they may have smiled, reflecting on what a great movie The Castle was with the little guy getting one over the big guy…
The Castle may be a weak analogy. However, we have all seen or heard of examples where an institution has complied with the ‘letter of the law’, but the outcome from a customer perspective feels careless and unfair. CoFI attempts to limit these situations by requiring financial institutions to ensure that customers are always treated fairly while receiving and using their products and services. However, mostly, it does not prescribe how they must achieve this.
So how can financial institutions ensure compliance with the fair conduct principle?
Ultimately, they need to determine and identify what they consider fair and reasonable treatment of their customers is (i.e., what does good and fair look like for their customers under all aspects of their product and service delivery). Sometimes this will be clear and other times, less so. However, once they have determined and identified their internal standards of what good and fair look like, they can identify gaps, develop policies and processes, and map controls to manage and monitor compliance with those internal standards. Because CoFI encompasses all aspects of product and service delivery, it will be important that this process is undertaken in a coordinated manner and considers the contribution of and dependencies across all internal stakeholders, including the frontline, support teams, leadership and governance.
Many financial institutions have taken significant steps to improve and monitor fair customer treatment, particularly regarding their ‘frontline’ service delivery. Fair conduct programmes can incorporate and build on processes already in place. It was good to see the FMA acknowledge this when they released their licensing materials.
Importantly, and we hope the FMA approach it this way, not all poor customer outcomes imply that a financial institution has failed to meet the fair conduct principle. Mistakes happen, and customers can make poor personal decisions despite being treated fairly. It is also important to note that unlike providers of financial advice and managed investment schemes, the fair conduct principle is not a fiduciary ‘best interests duty’.
However, when a mistake happens, or poor customer outcomes occur, the focus of the FMA will, perhaps, be less focused on what happened at the ‘frontline’ of the product and service delivery that led to the poor customer outcome and focus more on what happened (or didn’t happen) behind the frontline that contributed to the poor customer outcome.
For example, in respect of core banking products and services, most financial institutions and their customers would consider it entirely fair and reasonable that customers have timely access to their bank accounts from both an information and transacting perspective. They should also expect core systems to competently support the terms and key features of the product and service they are receiving and using. While outages of systems used to support product and service delivery may occur from time to time, which may adversely impact customers, that in and of itself does not mean the fair conduct principle will not be met or the entity’s fair conduct programme has not been complied with. However, if extensive and regular system outages or failures occur, an enquiry by the regulator will likely happen. If there appears to be a history of the board and senior leadership deferring expenditure on system upgrades and enhancements, meaning that despite the best efforts of the ‘frontline’, those systems were no longer fit to deliver those products or services, then ‘vibe of the thing’ might not feel reasonable or fair from a customer perspective and perhaps that financial institution may have a CoFI compliance problem…
While the above example is a bit blunt, it will be necessary for financial institutions to consider CoFI, the fair conduct principle and their fair conduct programme across all inputs and aspects of their product and service delivery.
This will require recognising the importance of not just the frontline in ensuring fair treatment of customers but also the importance of the board and senior leadership and the decisions they make (or do not make) in safeguarding and creating the environment and culture for fair treatment of customers.
Both will likely be key areas of focus if poor customer outcomes occur, and CoFI responses and fair conduct programmes should acknowledge and consider this.
If you are interested in listening to some examples of how decision-making and actions across an organisation can contribute to unfair (or worst) customer and stakeholder treatment, the Human Risk Podcast (https://www.humanriskpodcast.com) has some interesting examples of how all stakeholders from shareholders and boards through to those dealing with customers at the frontline can impact on the fair treatment of customers.
However, if that is a bit dry, then perhaps watch The Castle to get the general ‘vibe of the thing’. https://www.youtube.com/watch?v=wJuXIq7OazQ