Risk manager fined for helping to create bad 'cultural focus'
Chris Hamblin, Editor, London, 14 December 2015
The UK's Financial Conduct Authority has fined Ms Paivi Katrina Grigg, a former risk management director at the Standard Financial Group, £14,807 for failing to ensure that the network’s risk management was good enough to mitigate risks to the group’s customers.
The FCA thought that Ms Grigg failed to understand and carry out some of her responsibilities at Standard Financial (now in liquidation) properly. As a result, the firm failed to identify and mitigate risks to the group’s customers. In doing so, the FCA believes that she failed to comply with its principle for business 6, which exhorts every regulated firm in the vaguest of terms to pay due regard to the interests of its customers and to treat them fairly. She left the group last year.
Of significant concern to the FCA was the fact that Ms Grigg knew that the group’s business model was exposing customers to more and more 'risk' because it afforded the group’s appointed representatives and CF30s (people that the FCA had authorised to perform customer function 30, regarding the giving of investment advice to customers, dealing, arranging etc.) a high degree of latitude to operate in the network. She also knew that the FCA had already punished her former CEO, Charles Palmer, for breaching principle 7, among other things. Principle 7 says that every firm must pay due regard to the 'information needs' of its clients and communicate information to them in a way that is clear, fair and not misleading. Palmer is still appealing against that decision. Grigg failed to solve these problems and her conduct put approximately 26,750 customers at risk of poor results, also exposing them to the risk of receiving unsuitable advice from the group’s appointed representatives and CF30s.
The FCA seems to be very displeased about the pension-switching advice that the firms gave to customers, although the language it uses about the damage that the appointed representatives might have done is worryingly vague. All it accuses the firm and its advisors of doing here, partly through Ms Grigg's fault, is "potential customer detriment" and "a high instance of potential unsuitability...although actual loss to individual customers has not been fully quantified."
In punishing Ms Grigg, however, the FCA is also concerned with her reluctance to bring the shortcomings of her superiors to the attention of the main board of the group. At the crucial group board meeting in 2011, she failed to challenge the group board’s approval of a document that stated that (in respect of the firms’ risk register) the “internal audit department” was looking for evidence that correct steps had been taken to control risks and also stated that "internal audit" had reviewed the firms’ standard operating procedures (which handled operational risk) regularly. Ms Grigg knew this information was incorrect because there was no internal audit department and no such arrangements were in place, and had previously raised this point with the group finance director.
The action that the FCA has taken against Ms Grigg is final as she has not referred her case to the Upper Tribunal, the pseudo-court that an amendment to the Financial Services and Markets Act set up in 2010 (to replace the Financial Services and Markets Tribunal, 2001-10) as a barrier between financial firms and the justice proffered by real courts.
Meanwhile, the FCA and the Prudential Regulation Authority have expressed their desire to subject all top employees - though not yet CF30s - to a "regulatory reference." This is a clumsy way of saying that all prospective employers should demand various kinds of references from them before taking them on. The two regulators have consulted interested parties and want everything to be in place by March. Every reference used when someone is applying for a job at a bank, building society, credit union or PRA investment firm should include any facts that led the current or previous employer(s) to conclude that the candidate breached a conduct rule and a description of the basis and outcome of disciplinary action taken in relation to any such a breach. At the moment the regulators want these disclosures to go back five years. CF30s are not earmarked for this process in the latest consultative document, but in view of the fact that the forthcoming Senior Managers and Certification regime was first intended only for banks and will now apply to all financial firms, and the further fact that the financial sector is marching inexorably towards the moment when everybody in it is working for the Government, most commentators think that this is only a matter of time.