In a breach of Principle 9, “the nature and risks of Keydata products were misrepresented, and sold to customers whose stated investment objectives and attitude to risk they failed to meet”. Of even greater magnitude was the “failure to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems, in breach of Principle 3”.
Here I should declare an interest; Sesame is a client of Oxford Risk, and we provide many of the risk tolerance assessments and investor risk profilers used within the FCA’s jurisdiction. I am keen to understand where, in this case, the advice process broke down, and to what extent providers’ tools can help.
There is no suggestion of any inadequacy in the determination of customers’ risk attitudes and investment objectives in the Notice. Indeed in the Principle 9 argument, that there was a mismatch implies customers’ risk attitudes and investment objectives were reasonably established. The Keydata investments were mis-sold. Whether their characteristics and risk attributes were misrepresented to advisory firms is beside the point. Those firms and their advisers lacked diligence. They did not satisfy themselves that Keydata investments were fit for purpose. Lack of diligence is a failure of individual competence, compounded by a lack of management control and suitable process.
Under Principle 3 the documented failures are entirely organisational and managerial. “Sesame failed to improve its systems and controls directed at achieving effective oversight of its Appointed Representatives.” Poor processes failed to identify and monitor unsuitable sales; file reviews, supervisory visits and management information systems were inadequate; and record keeping was problematic. Moreover, it appeared that Sesame regarded its Appointed Representatives as its customers, rather than the retail investors.
As a consequence advisers could deliver unsuitable advice without it being detected and corrected. That is not to say unsuitable advice was the norm. The Notice highlights that, except in the special cases of advice on Lehman structured products and pensions switching, more often customer files were unsuitable. They lacked essential documents, or the documents that were in the file lacked sufficient information. Nevertheless the problems are clear; management controls were totally, and expensively, inadequate.
Exercising control and effective management is a special challenge for the networks. Many have grown rapidly, often by acquisition, during a period when RDR has increased regulatory pressures. Networks offer shelter for independents who are used to “doing things their own way”. Indeed the networks want to leverage these entrepreneurial instincts and keep constraints, and costs, as light as possible. At the same time there is a compelling need to raise and maintain professional standards to the highest level and implement the checks and balances necessary in a large and diverse organisation. Often processes, technologies, and management competences were acquired for a less demanding requirement. Legacy systems, and those that run them, can prove wholly inadequate when new complexities of scale, diversity, and business need arise. It seems much of this affected Sesame, but one suspects they are not an isolated example.
So where are the new controls and competences going to come from, and can compliance consultants provide part of the solution?
Effective management and control has some key components. First, every human contributor needs to understand the role he performs and the standards and competences expected of him. Whether an adviser in a network affiliate or the head of risk, the responsibilities must be clear. Even the retail investor has some responsibility, and the customer engagement processes need to communicate these expectations and ensure they are accepted. Second, there have to be adequate checks and balances to ensure standards are met and responsibilities delivered, and that where they are not, this is detected and remedied. Third, the overall culture and discipline should support correct actions and quickly recognise and challenge failures. These processes should be supported by effective systems and technologies to make their performance easier, and to reduce or eliminate the scope for errors and omissions.Tools and technology-delivered systems undoubtedly have a part to play.
Nevertheless, many firms still use tools and technology that fail to deliver. Much of the concern expressed by the FSA’s 2011 Guidance on Assessing Suitability focused on the poor use of tools. The guidance highlighted the potential for unsuitable advice when outputs from partial risk assessments were interpreted as completely meaningful, or where risk profiles were matched to inappropriate investment risks because the calibration of the one to the other was misconceived.
Many compliance firms’ commitment is to reveal the investor’s preferences for risk in as much detail as possible. Too often customers have been tagged with their risk category, without the adviser or firm really understanding what that means. Investors are comfortable with different levels of risk depending on the time horizons and nature of their goals, with some goals requiring a high degree of certainty that the desired value will be delivered when expected; while others can be more speculative and flexible.
A good risk profiler can reveal whether an investor is likely to get spooked by day-to-day fluctuations in value even though the investment is still on track to deliver their desired outcome; or if the investor is willing to forego more of the expected gain to secure capital protection than the cost of provision. An investor’s appetite for risk is not fixed, but is influenced by general levels of expectation and sentiment. Investors generally are more wary of risk today than they were in early 2007, when the markets seemed unstoppable. Risk profilers survey investors’ actual preferences for risk using sophisticated empirical methods so they can calibrate risk tolerance categories to available investment risk metrics.
My point is that no single firm is likely to have the ability, or resources, to do as much work to create and maintain their own equivalent risk profiler, yet without this competence, investors risk preferences will be poorly understood. Good tools, chosen wisely, and integrated well, set some of the essential foundations for delivering suitable advice. Good tools and competent systems ensure that advisers follow established protocols at each stage of the advice process, even as scale and sophistication increase. They ensure essential information is created and retained for scrutiny, and they will include checks to highlight failures in process or overstepped limits. For networks they can support advisers’ individuality without compromising the organisation.
Management must still exercise control, but supporting tools and systems can provide essential structure and discipline. Good systems and tools ensure consistency, and can ensure that the standards of the best are applied to all. The big firms and networks are prominent drivers for change, not least in the cultural transition from sales to advice-led retail investing. Sesame has committed many millions of pounds to the implementation of improved systems and processes and we are pleased to be part of that programme.
Terry Thomson is chief executive of Oxford Risk
Key points
* The recent “Final Notice to Sesame” from the FCA will be chilling reading to many
* Under Principle 3 the documented failures are entirely organisational and managerial.
* A good risk profiler can reveal whether an investor is likely to get “spooked” by day-to-day fluctuations in value even though the investment is still “on track” to deliver their desired outcome
