“The first line of defence is represented by the doers – the people on the front lines. They’re managing risk, complying with regulations and standards, and carrying out the company’s defined risk management processes daily”.
The new Consumer Duty: how might firms be exposed?
This short article was written in response to a hugely successful webinar we co-hosted on the forthcoming new Consumer Duty. As one of the panellists, I was intrigued to listen to the expert lawyers from Shoosmiths and their opinions of where firms might be exposed.
What was clear – and the quote that sticks in my mind – was that many in the wider FinServ market are viewing the new Consumer Duty as “TCF (Treating Customers Fairly) on steroids” and believe that they largely have it covered. The sentiment might be seen along the lines of: “Perhaps there is some work to do in auditing product suitability and T&Cs, but it certainly isn’t a big deal.”
Shoosmiths were rightly quick to point out that this couldn’t be further from the truth, and that any firm that even considered using that justification to the regulator was heading for significant problems. There are many challenges with Consumer Duty that was clear from the webinar and audience polls, but what struck me was how exposed firms are, and will continue to be, in relation to their first line of defence and the rank-and-file employees delivering service to customers.
Your first line of defence: how capable are they?
If we imagine Consumer Duty as having challenges that are essentially “desk-based” (e.g., products, T&Cs, processes & policies) and others that are more holistic (e.g., culture and people), the audience polls from our recent webinar showed the people-centric elements were causing the most angst, and rightly so.
We asked 195 risk and compliance professionals: “What did they expect to be the key challenges of implementing the new Duty within their firm?” 48% stated that they expected their biggest challenge would be ‘conducting a gap analysis between current processes and new rules’, and 40% stated that it would be ‘providing board or management with the required evidence to meet regulatory expectations’.
This is not to say that it is easy to re-engineer any business, big or small, to ensure that all products and services, irrespective of the route to market, are fit for purpose. Rather, it is easier dealing with (likely) already documented processes that are relatively easy to audit than dealing with sometimes thousands of employees where, regardless of the scale of the firm, the employer is not likely to have any credible, accurate starting point of knowledge and competence.
If we compare the rigour with which a firm can approach the audit and edit of products, procedures, and processes with the current approach firms take to measuring and monitoring the capability, knowledge, and competence of their employees, in most instances, there is a gulf a mile wide.
Cut to the chase: it’s probable that most firms have no idea what their employees know and don’t know, and how that translates into decision-making and capability at the point when service is delivered. Certainly, firms could point to a host of QA mechanics and (generally) lag indicators of customer service performance, but none of these are likely to identify and track actual lead levels of relevant competence.
Last year we managed more than 100 million individual knowledge assessments, the majority in firms like yours with employees not dissimilar to yours. And the actual level of average competency was just 52%. In other words, on average, employees knew about half of what the law required them to know.
If this wasn’t a big enough challenge, our research showed that knowledge and competence was distributed throughout the workforce in a random fashion. I.e., the employee may know half, but which half? And this competency data point, pre-intervention, continues to be consistent year-on-year – and we have now been assessing this competency data point for almost a decade.
How comfortable does this make you feel?
If we then consider that these same employees are your first line of defence; the very people charged with delivering the service to your customers and interpreting, in real-time, the Consumer Duty requirements, then perhaps the reader will empathise with just why Consumer Duty really must cause a seismic shift in how firms deal with employee T&C. The current model does not deliver the level of knowledge and competence you require. But it does tick a box.
If the average level of employee in-role knowledge and competence in your firm is just 52%, how comfortable does that make you feel that this Consumer Duty obligation is going to be interpreted consistently and correctly every day in your business?
As an aside, but helpful in this context, it should be noted that Consumer Duty isn’t the only driver for firms to have a more authentic and effective employee T&C regime and the first line of defence. Recent data suggests that 95% of cyber security breaches are the direct result of human error, with employees failing to do what they have been trained. Is it any wonder that insurance brokers are quoting Cyber Security insurance premiums increased more than 100% year-on-year?
Many IT and cyber security professionals bemoan the fact that their own employees represent their single greatest cyber risk, but at the same time acknowledge that a generic, one-size-fits-all approach to T&C is a significant part of the problem. Most large firms have already acted in relation to the firm’s approach to the training and support of employees in relation to cyber security; shunning a single-point-in-time annual refresher model, to something more dynamic and interval based. Many acknowledge that despite this T&C “upgrade”, their first line of defence is still inadequate, and their employees are still not learning and retaining what is needed to keep the firm cyber-safe.
Empowering your first line of defence
If “doing more” doesn’t work for empowering the first line of defence so they know their stuff in relation to cyber security, something that every C-Suite executive would name as a top-three risk facing their business today, then just how will firms ensure each member of their business understands Consumer Duty and how it relates to their day-to-day job?
The only bulletproof method is to switch from the current (ineffective, single-point-in-time with refreshers approach to employee T&C) and adopt a continual assessment model, powered by Artificial Intelligence. The continual assessment model ensures that knowledge/competency fade is quickly identified and repaired, gently, non-critically and in the flow of work. It also has the added benefit that often infrequently required knowledge is kept front of mind, where it is ready to be used when required.
Using employee-centric AI ensures that all employees are treated as individuals, which may not sound that important but is critical to effective learning and efficiency optimisation. Our AI – Clever Nelly – identifies the unique knowledge and competency profile for each employee and then sets to work on fixing individual knowledge gaps, avoiding inefficient, irritating, costly, and time-consuming unnecessary training associated with the traditional one-size-fits all approach.
One of the single greatest drivers of employee compliance fatigue is this sheep-dip approach to learning, which many employees regard as disrespectful, ineffective, and outdated.
User surveys of our AI consistently show that 9 out of 10 employees prefer a continual assessment model that enables entirely personalised learner journeys rather than the traditional default approach that is (probably) favoured by your firm. What this means is, rather than resent compliance-based training that doesn’t work and fuels a negative culture, a continual assessment approach to compliance learning fuels a positive attitude to learning and compliance into the employee’s daily working life.
This approach enabled Aviva – who won the only gold award from the Brandon Hall Group Excellence Awards in the category of Best Advance in Machine Learning & AI in 2021 for their use of our AI – to do just this. In fact, five of the UK’s top 10 General Insurers already deploy our technology to power their employee T&C regime and underpin an authentic culture of compliance.
It also means that – unlike firms who do not use our technology – Aviva can, at the click of a mouse, precisely determine the knowledge and competency of every employee in their business as it pertains to Consumer Duty and know that the AI will work tirelessly and gently to repair gaps, flag systemic risks for human intervention and keep the content front of mind.
It is perfectly possible to achieve the same degree of independent rigour for auditing and editing employee competence and knowledge as it is for process, product, and procedure; it simply requires Artificial Intelligence that is designed to support each individual you employ.
If, as we concluded on the webinar, your rank-and-file employees; part of your first line of defence, are to have any hope of consistently delivering against your Consumer Duty obligations, then they need to genuinely know what they are doing. Not simply tick a box that says on a given day they passed a simple test. Many firms can evidence that Clever Nelly is self-funding, preferred by employees and managers and guarantees that your first line of defence is a genuine thing, not a false sense of security.