Smaller firms, while distinct from large banks in terms of scale and structure, can often draw valuable lessons from the regulatory missteps of their larger counterparts. A recurring theme in these cases is non-financial misconduct — behavioural failings that may underpin breaches of Consumer Duty, fraud, or financial crime. Such misconduct is frequently scrutinised by regulators only in hindsight, typically following a more visible issue. In response to growing concerns, the FCA has recently updated its rules and expectations around non-financial misconduct, signalling a shift in how these behavioural risks are assessed and addressed.
Learning from the mistakes of larger firms
Recent publicised failures in large firms and banks have highlighted vulnerabilities that can serve as valuable lessons to the likes of mortgage brokers, non-bank lenders and financial advisers in smaller firms. This article reflects on the lessons from these high-profile cases and translates the actions into the context of smaller firms.
The basis of this advice is not necessarily to make the smaller firm “gold plated” standard. This likely wouldn’t be commercially viable for most smaller firms. It is intended to help avoid becoming bottom quartile outliers in regulatory compliance, a situation likely to lead to regulatory interventions such as FSMA s166 Skilled Person reviews.
One of the conclusions taken from a review of the regulatory failures leading to the recently announced large bank fines must be that even large firms with sophisticated and comprehensive compliance programmes are susceptible to making basic errors.
Why is this? And what can smaller firms with more limited compliance resources learn from these mistakes?
Understanding what the common pitfalls are and acting to avoid them will put firms in a strong position to avoid unwanted regulatory attention. Here is our experience-based advice to non-bank lenders, mortgage brokers and financial advisers.
Implement adequate policies and procedures
One of the lessons from the recent fines of large banks such as Monzo and Barclays is that basic policies and procedures existed, but were not applied or enforced, and in some cases on a large scale.
This relates directly to culture and behaviour within a firm. Namely, how a culture of ignoring the rules arises and persists. Often this is attributed to a combination of a failure to communicate the rules and expectations clearly, a lack of training, high staff turnover, or other pressures (e.g. performance management and remuneration) that conflicted with and overrode compliance.
Implementing and communicating adequate policy and procedure is a fundamental starting position - necessary but far from sufficient.
Clarity and consistency in both communication and training around policy and procedure is essential. Firms must outline what staff should be doing, how this is prioritised against other demands on them (and remember that actions - in terms of pay, promotion, and example - are more telling than words), and how they are dealing with new starters or role changes.
These steps are about getting the basics right.
Valuing policies and procedures within the culture of the organisation
Leaders and middle managers must consistently demonstrate, through their behaviour, the value the firm wants placed on policy and procedure: making clear what the accepted behaviours are, how behavioural failures in individuals are treated, how people are renumerated and how performance is managed.
Failing to tackle breaches, whether through lethargy, unwillingness to have difficult conversations, missing the timely opportunity, or not wanting to upset high commercial performers, will be noticed and will impact behaviour. Tacitly ignoring behavioural breaches is tantamount to throwing the stated policies and ethics on a bonfire.
For managers and leaders, personal compliance is only the foundation. There must be an expectation that they will actively promote behavioural standards throughout their sphere of influence. With many firms overlooking the rewarding of good compliance behaviour, while clearly incentivising strong commercial performance.
Discouraging poor behaviour is generally binary - either one meets minimum standards, or one is caught in breach, and sanctioned. Compliance - just like commercial performance - is nuanced with performance management rarely reflecting this.
Get the straightforward behavioural motivations right, and be seen to be acting on them proportionately, not just paying lip-service and make sure you are doing this across all teams at all levels. For example, ensuring new joiners understand the speak up and whistle blower mechanisms, or new managers and leaders understand their behavioural responsibilities for their team.
A topical example: Managing off-channel communications
Preventing business-related messages being exchanged through messaging or social media platforms that are not approved or monitored by the firm (e.g. WhatsApp, Signal) is difficult, even for large firms.
There are numerous examples of appointed representatives (AR) and other agents going “off the rails” and exposing their principals to significant or catastrophic reputational damage or redress payouts, often through the use of off-channel communications to customers. Principal firms are made liable very broadly for AR misbehaviour under AR supervision rules. At Pathlight Associates we have seen the FCA choosing to spread a very wide net in terms of the responsibility of the principal firm, well beyond actions known to the principal.
Our advice is to acknowledge that technology is important, but as a small firm you probably don’t have the level of resources in terms of internal knowledge or external spend to make off-channel communications watertight through technology. You will therefore have to deal with it partly or mainly through alternative, behavioural approaches as outlined above.
Conclusion
The good and bad news is that many of the recent costly failures in large firms could have been prevented by implementing adequate policy and procedure, better firmwide cultural, and behavioural engagement.
This is good news for small firms, whose smaller size makes behaviour easier to monitor and culture easier to maintain, and whose resources for grand technology investments are limited. The bad news is that small firms comprise the same people with the same vulnerabilities as larger firms, and their leaders’ actions - and sometimes more damaging failure to act - are very apparent to the team. Culture and behaviour is not a “soft” option - it requires consistency, clarity, and for many leaders, acting when it’s all too easy to do nothing. The damage is incremental, not immediate.
Leaders need to be equipped through training and experience to manage culture confidently and firms must make a commitment to consistently and clearly communicating policy and procedure. The right development here is as necessary - and has just as significant organisational benefits - as technical skills development.
