Regulators have an expectation that firms – financial services operators – treat consumers respectfully and with regard to customers’ reasonable expectations. This means that firms have to imagine or try and imagine what reasonable expectations might be from a consumer perspective – and these expectations might vary depending on the financial sophistication of the customer. This is part of the new world of conduct risk.
So who challenges products and services from the customer’s perspective? What internal process exists to represent the customer/consumer’s perspective?
Internal auditors should check that there is a provision for appropriate Customer Challenge to be made (inputs coming from appropriate stakeholders [possibly NEDs, customer representatives, or representatives from regulators] to help ensure Customers’ interests are fairly represented) during a Product’s Lifecycle and in the approach to Product Design, Product Distribution and Product Service.
It may not be necessary to do this for all products, but it would be wise to do this for products that are defined as ‘high risk’ products or for those where it would be reasonable to assume that the customer’s financial sophistication level was low.
To quote the FCA: ” The Financial Conduct Authority (FCA) will put consumers’ needs at its heart and will focus even more on ensuring there is a fair deal between firms and their customers.”
In part this means that firms must learn to think like customers, in part this means that firms must pay greater attention to conduct risk and, taking both factors together, a pretty good reason for firms operating an internal customer challenge function.
Listening to a radio broadcast today about the risk associated with technology we heard a senior manager apologising for the poor quality of service provided to his organisation’s customers. This was due, he claimed, to: “Problems with the new computer system”.
It’s weird isn’t it, that more than half a century after computer technology (IT Systems) were first introduced into commercial organisations that we are still blaming computer systems for what are fundamentally human problems. Maybe we are blaming ‘computer systems’ in the hope that the listener – who by and large won’t be an IT Professional – will shake their head wisely and agree that technology is a baffling, and sometimes uncontrollable, thing.
But if we look at the problem from a risk based reviewer’s perspective, and from the many published reports on ‘Problems with new systems’ we keep finding references to: “Poorly articulated, documented and managed change support and change management regimes” and “Errors not being identified, communicated and cleared through formal working practices” and, again, “Systems becoming unstable, following incomplete testing, leading to fragile working environments and frustrated users and consumers.”
There are well known best practices such as ITIL, developed especially for the management of IT services from a user perspective. And there is ISO 20000, that further uses ITIL as a springboard to generate an international standard for IT Service Management. A read of these would at least provide a clue to the direction to be taken and what ‘good practice’ might look like. And, none of the good practices is impossible to attain, all that’s required is concentration on process and sequence and not making arbitrary decisions to bypass critical control steps.
So if we know what the underpinning problems are – why don’t we fix those first, by applying the solutions that are available? Or, is speed of implementation seen as more important than satisfied users, customers and consumers?