Training is nothing new. It’s an accepted part of running financial services businesses as well as a regulatory requirement, particularly for those providing retail investment advice and pension transfer advice.
But there’s another aspect to training. It needs to be considered not just as something to develop staff or tick the relevant boxes from the rulebook. Failure to implement adequate training programmes is one of the key components taken into account time after time by the regulators (the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA)) when deciding whether to take enforcement action against both firms and individuals.
Solving the Problem
If training programmes can help to stave off regulatory threats, that’s great. But where does the money come from? How do firms find the budget? How do you overcome the problem of constructing a solid business case?
Meeting the Regulators’ Expectations
The FCA has set out its stall quite clearly when it comes to training. It says that firms must ensure that employees demonstrate the necessary competence in terms of skill and knowledge so that they can work with a reduced level of supervision.
Examples of good practice include having a training plan with time scheduled in advance for training events. Firms are also encouraged to use a variety of training methods for developing competence.
These are all laudable intentions which no-one would disagree with. And it’s easy for firms to think that because they’ve provided some training for some employees, then they’re doing OK. Especially where there are strict rule requirements (such as Training and Competence requirements and training in anti-money laundering).
But unfortunately, it’s not that simple. A lack of adequate training on its own has not historically led to enforcement actions, but it’s one of the contributing factors.
For example, if systems and controls in a particular area are found to be inadequate, then the reasons could include staff not having the necessary regulatory knowledge, or not knowing how to follow procedures or implement controls. These could be traced back to a training need that hasn’t been fulfilled properly.
Regulators will look to see how well staff are trained in the relevant procedures, and indeed, how good the training programmes are to begin with. If these are found wanting, the chance of the regulators taking action is greatly increased.
Training on the Enforcement Agenda
The problem firms now face is that the FCA, as the regulator with primary responsibility for enforcement, is clearly putting training (or lack of it) on the enforcement agenda. It’s doing so by highlighting where shortcomings are considered to have been a contributing factor to the action. In some cases, training is being quoted as a direct failing.
This sends out a very clear message to firms. If training isn’t up to scratch, or is not provided in every area of the firm, then this is very much being taken into consideration when deciding whether enforcement action is taken.
More reasons to be concerned
As if that isn’t enough, the FCA (and its predecessor the Financial Services Authority) has been steadily increasing its focus on personal accountability when taking action against firms. The FCA has made its position quite clear in its latest Enforcement Annual Performance Account for 2013/14.
The number of actions taken by the FCA during its 2013/14 year against individuals holding significant influence functions, was 16, against whom it levied over £1.2 million in fines. On top of which, there were a number of private warnings issued to individuals, where no further action is taken after an investigation.
Both regulators have also declared they’re keen to increase the extent of accountability amongst senior managers, particularly in the banking sector (with the insurance sector to follow with a similar regime). The FCA and PRA have issued concurrent consultations on a new Senior Managers Regime, which is expected to take effect in 2015, and will supersede the Approved Persons regime for senior managers in banks.
Each senior manager will be required to produce a “Statement of Responsibilities” which sets out the relevant systems and controls that they’re responsible for. In the event of failures at the firm, which relate to the governance under each senior manager’s area of responsibility, the individual will be held to account for governance failings, even if they didn’t directly contribute to the breach. This means that there will need to be a greater focus on all systems and controls, which will include training provisions.
Given the above information, firms need to think about how to design a training programme to meet both business needs and regulatory expectations.
The two key challenges are; firstly, how to access the appropriate training resources, skill and expertise in a way which delivers the best value for money.
The other challenge is that firms don’t have bottomless resources: so how do they achieve this aim whilst remaining in budget?
Join us on 19th November at 2pm GMT for our free webinar, Responding to the Threats: the importance of training in protecting financial services businesses.