No results found
Financial Services Internal Audit Planning Priorities 2022
Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2022. We hope this informs your 2022 planning and assurance approach.
The Financial Conduct Authority (FCA) has always been focused on ensuring that products and services are delivering fair outcomes for consumers. The FCA has undertaken several market studies in this regard within the Asset Fund Management (June 2017) and General Insurance (September 2020) sectors and this work is set to continue with the Regulator expanding the focus into the Retail Banking, Mortgage Intermediary and Later Life Markets during 2021. This growing emphasis on value for money has been accompanied with a sharper focus on firms’ business models and overall purpose, with particular focus on whether the success of the business model and product strategy is driven by inadvertent unfair consumer treatment and/or consumer misunderstanding or inertia. Given the clear focus of the Regulator on Value for Money within ongoing supervisory activity, it is important that Internal Audit teams are considering focused assurance activity over the risk and control framework that covers Value for Money as part of the ongoing assurance that they provide to senior Management and the Board.
Area of Focus Fee charging models & product pricing |
Description |
Suitable/fair customer outcomes | The FCA has identified that one of the key drivers of harm within the Mortgage Market and wider Credit Markets is the suitability of advice or suitability of products purchased by consumers. Exploratory work undertaken by the FCA has identified that some firms within the Mortgage Market have advised their customers to purchase an unsuitable product (defined as it not meeting their long term needs and circumstances) or where they were unable appropriately to evidence suitability. Internal Audit should focus their activity in this regard on the adequacy of design and operational effectiveness of Quality Assurance and Compliance Monitoring at firms to specifically focus on issues relating to the suitability of advice or product sales and how the root causes of any issues are remedied by Sales teams.
|
Product development framework | Internal Audit teams should be assessing the adequacy of design and operational effectiveness of Product Development Frameworks, from the initial new product design phase or an amendment to an existing proposition, all the way through to post sales monitoring (which will include the end of product life and replacement with a new product). The aim of the review is to ensure that product providers are designing products to meet the needs of an identified consumer target market and that products continue to perform as expected throughout the customer lifecycle. A firm’s product governance framework should enable them to identify and manage the ongoing risk of poor consumer outcomes, with a clear mechanism to ensure any systemic issues identified through ongoing monitoring can be addressed by senior Management.
|
The Financial Conduct Authority’s (FCA’s) Product Governance rules (PROD) were implemented across the industry with considerable regulatory uncertainty and continue to pose challenges to firms who manufacture and distribute investment products. This uncertainty has resulted in many firms focussing on updates to, or the creation of, Product Governance policies and tactical solutions, with the strategic implementation of a robust Product Governance framework still in flight. Product Governance remains a key consideration of the Regulator and the FCA published findings from its ‘Markets in Financial Instruments Directive (MIFID) II product governance review’ in February 2021. The FCA has stated that asset managers and distributors should prioritise effective co-operation to address potential harm to consumers from poor product design. It is important that Internal Audit teams are considering product governance arrangements in the four main areas identified by the FCA as key findings: product design, product testing, distributors and governance and oversight.
Area of Focus Product design |
Description
|
Product testing | Internal Audit should consider whether all products are subject to regular review and should assess the appropriateness and robustness of the firm’s scenario and stress testing, including the operating effectiveness in order to ensure compliance with the PROD requirements (PROD 3.2.1R). As part of this, Internal Audit should consider who determines whether scenario testing is robust and whether this determination is suitable. Internal Audit should also undertake regular review cost and charges disclosures to ensure accurate information is captured.
|
Distributors | Due diligence allows asset managers to establish whether their distributors’ intended product recipients match the product’s target market. Failure to do so may result in investor harm. Internal Audit teams should be assessing the quality of management information (MI), whether product MI covers all elements of risk management and whether trigger events are identified.
|
Governance and oversight | Internal Audit teams should look to assess the adequacy of design and operational effectiveness of how the Second Line of Deference and product governance related Committees offer meaningful challenge. The FCA identified that this challenge is not always sufficient and the role of Second Line of Defence is often poorly defined. Internal Audit should determine whether the roles and responsibilities relating to product governance are clear and documented.
|
On 30 June 2021, the Financial Conduct Authority (FCA) published their findings of the review of host Authorised Corporate Directors (ACD) firms. The aim of the review was to test the ‘viability of the host AFM business models and assess whether conflicts of interest were being effectively managed’. The review focused on governance, controls and monitoring by host ACDs including how they managed conflicts of interest (COI) in their relationship with Portfolio Managers. The FCA found significant failings and intends to keep a close watch in this area going forward with the potential use of section 166 Skilled Person reports to improve compliance. These reports will primarily consider the adequacy of firms’ governance, systems, controls and delegated third party manager oversight. For the firms in the host ACD review the FCA will review progress over next 12-18 months. The FCA also intends to conduct further work in this area to identify whether to make rule changes.
Area of Focus Due diligence |
Description
|
Governance and oversight | It is important firms ensure key performance indicators and risk metrics are relevant to each fund’s strategy rather than being ‘one size fits all’. ACDs need sufficient expertise to be able to challenge the management information (MI) they are receiving from delegates. When considering how much expertise and resources an ACD needs, it is useful for Internal Audit to assess whether the ACD could oversee delegated funds effectively on a temporary basis if the delegation arrangement were to cease at short notice.
|
Skills and resources | At the point of selection for an underlying investment manager, there should be controls in place to confirm the investment manager has the skills, resources and capacities to run the mandate accordingly and controls in place to ensure this will be monitored by the ACD within expectations. Internal Audit should check that the ACD has the appropriate capabilities and expertise to understand the main risks in relation to the delegated fund or mandate.
|
Conflicts of interest | One of the challenges firms may face is navigating COI with competitors in the market who carry out similar exercises in setting up delegation arrangements. The FCA review found several firms were unable to show sufficient evidence that they had identified relevant conflicts of interests despite some being ‘obvious’, e.g. conflict between a fund’s investors and a sponsor whose fees are paid by the fund. Internal Audit should assess the effectiveness of the firm’s approach to COIs, giving due consideration to conflicts the FCA have asked ACDs to pay particular attention to, e.g. as noted above
|
Since 2006 when the Financial Services Authority ( the Financial Conduct Authority’s (FCA’s) predecessor) set out six customer outcome statements, outcomes testing has been a key component of conduct requirements. The FCA expects firms, through the Board and senior Executives, to assess and monitor the outcomes their customers receive.
Customer outcomes testing provides insights into the end-to-end customer journey from the customer’s perspective, and is used to identify instances of potential or actual customer harm requiring remediation. Firms should fully integrate customer outcomes testing within their conduct risk framework and identify customer outcome statements that support the conduct risk appetite statements. Metrics mapped against the customer outcome statements enable firms to evidence to the FCA that business activities are in line with these statements. These metrics perform a key role in driving the customer outcomes testing as they help flag key points of failure or concern within the customer journey.
Area of Focus Customer outcomes testing procedure |
The testing should include factors such as whether the standard of communications and contact between the customer and the firm is appropriate, whether products and solutions provided to the customer performed as expected and whether the firm acted appropriately at critical points ( e.g. during the advice process where relevant).
|
Systems and tools | Internal Audit should perform a review of the firms systems and tools used to support customer outcomes testing.
|
Key contacts: Poppy Young and Aaron Oxborough
The repayment of an Interest Only loan is reliant on the performance of the customers repayment strategy which should be declared at the outset of an application. The Financial Conduct Authority (FCA) has previously raised concerns regarding the inability of some customers to repay their Interest Only Mortgages as some customers with legacy Interest Only Mortgages do not have a repayment vehicle in place or the repayment vehicle has not performed in line with their expectations. As part of the Mortgage Market Review (MMR), the FCA implemented new rules within MCOB to ensure that the performance of the repayment vehicle for all new Interest Only Mortgages were subject to a review (as a minimum, once) during the term of the Mortgage, to check that the customer's repayment strategy is still in place and is expected to repay the original amount borrowed. This remains an area of focus for the Regulator which has identified three residential Interest Only Mortgage maturity peaks: 2012-20, 2027-28 and 2032. There is scheduled to be c.513k Interest Only Mortgages due to expire worth c.£70 billion between 2021 and 2027 alone.
Area of Focus Repayment strategies and COVID-19 guidance |
Description |
Management information | Internal Audit should ensure that senior Management and the Board are receiving appropriate management information (MI) which captures the output from the periodic review of repayment vehicles for Interest Only Mortgages. This information should include the volume of customers that will potentially have a shortfall upon maturity and the proposed action that will be taken for this cohort of customers, particularly where they may be considered vulnerable. Internal Audit should also review whether appropriate MI is produced in relation to the customer contact strategy for those customers that have been contacted following the updated FCA guidance in relation to COVID-19 to review their repayment strategies and delay capital repayment, where appropriate. This MI should also provide senior Management and the Board with a view on extent to which these strategies are delivering fair customer outcomes. Any review should also consider whether this MI is provided to appropriate governance forums.
|
Monitoring and oversight | Internal Audit should review the design adequacy and operational effectiveness of Quality Assurance and Compliance Monitoring activity/controls in relation to firm’s contact strategies for Interest Only customers, including the firm’s review of repayment vehicles for Interest Only Mortgages throughout the Mortgage lifecycle.
|
Key contacts: Lyndsey Fallon and Stuart Batigan
The Financial Conduct Authority (FCA) has acknowledged that creditworthiness and affordability assessments are not an exact science, and that implications outside of normal controls, such as a change in the customer’s circumstances or wider economic events can impact affordability. In normal times, firms are expected to have effective processes in place aimed at eliminating lending that is foreseeably unaffordable, without having a process that may be so conservative as to decline applications where credit would be affordable. The wider economic impact following the COVID-19 pandemic has brought additional scrutiny over the affordability controls that firms have in place to ensure that funds are being lent responsibly and whether this has resulted in fair outcomes for consumers. Whilst this remains important for Banks and Building Societies, this is a particular area of focus for the FCA within the high-cost short-term and second charge lending markets where the risk of harm is higher.
Whilst FCA publications have been limited in this space during the COVID-19 pandemic, we have observed through supervisory activities a greater focus on underwriting standards in key markets where the risk of consumer harm is greater (High-Cost Short-Term Credit, Guarantor Lending, and Second Charge Lending). Although the impact of COVID-19 has been mitigated due to extensive government support packages, this support is currently in the process of being wound down which may impact on the financial circumstances of some customers. This risk may be increased for customers who have lower levels of financial literacy and may be experiencing short term pressure on their finances.
We have also seen an increase in the number of Societies and Challenger Banks starting to offer Mortgages much later into retirement to support customers with maturing Interest Only Mortgages or later life lending requirements. This has created additional complexities within underwriting processes as organisations need to balance the increased risks that come with lending into retirement and their commercial objectives. Firms operating in these markets need to ensure that any later life lending is done so in the best interests of its customers and that this can be evidenced in their underwriting files.
Area of Focus Assessing affordability—COVID-19 impact |
Description
|
Lending into retirement | Internal Audit should review and consider the processes and controls in place for lending into retirement and later-life lending to ensure that affordability assessments being conducted are updated to reflect the additional risks/complexities within underwriting processes. Internal Audit should challenge the decisions made around the following aspects:
|
Monitoring and oversight | Internal Audit should review Quality Assurance and Compliance Monitoring arrangements and consider whether they are adequate to identify any issues within underwriting cases where customers have been impacted by COVID-19. There should also be a review of whether appropriate MI is produced and provided to appropriate governance forums in relation to affordability outcomes, and the ongoing monitoring of lending facilities and security to understand whether firms’ are acting within its stated risk appetite.
|
Key contacts: Lyndsey Fallon and Stuart Batigan
Protecting vulnerable customers is a key focus of the Financial Conduct Authority (FCA) and this has become a greater focal point within the last few years, including following the COVID-19 pandemic’s impact on policyholders from a health, resilience and financial perspective. The FCA has stated that firms are still failing to consider the needs of vulnerable customers which is leading to customer harm. The pressure is on for firms to be able to evidence they are appropriately identifying customer vulnerability, responding to the needs of these vulnerable customers, making sure staff have the right skills and capabilities, monitoring and assessing processes around the fair treatment of vulnerable customers and making improvements where this is not happening.
Area of Focus Vulnerable customer policies and procedures |
Description |
Management information | Assess whether appropriate management information (MI) is provided to senior Management and the Board so that they can continually monitor the fair treatment of vulnerable customers across the firm. Consideration should be given to whether the existing MI suite provides adequate visibility of the number and different categories of vulnerability and whether there is sufficient MI in place to assess any changes to the conduct risk profile at the firms. Internal Audit should review the controls in place around the completeness and accuracy of the data and information that firms hold in relation to their vulnerable customers. Internal Audit should confirm how regularly Management review this to determine whether the firm is justified in holding this data (to be able to meet the customers needs) and that the customer is aware this data is being held.
|
Contingency planning for major events (COVID-19) | The FCA has clearly articulated the need for firms to develop contingency plans to deal with major events, to support customers who could become vulnerable as a result of the event. Internal Audit should focus on the processes in place to demonstrate that the business is being proactive in assessing how events outside of the firm are impacting customers; and how the firm can ready itself to ensure this is not only identified but that the necessary measures and actions are taken to best support the customers affected.
|
Quality assurance | Review the robustness of Quality Assurance and Compliance Monitoring frameworks to ensure there is appropriate coverage of vulnerable customers and that any treatment of vulnerable customers that falls below the FCA or firm’s expectations is identified and escalated accordingly
|
Did you find this useful?
If you would like to help improve Deloitte.com further, please complete a 3-minute survey
To tell us what you think, please update your settings to accept analytics and performance cookies.