CONTACTS
Our team of experts are ready to share further insights based on deep understanding of the pressure points across industries and regions. Get in touch to continue the conversation.
FIND A LAWYER
© Herbert Smith Freehills 2022 Modern Slavery and Human Trafficking Statement | Accessibility | Legal and Regulatory | Privacy Policy | Report Fraud | Whistleblowing
00
#CustomerIsKing – Banks strive to stay relevant and satisfy regulators in the TikTok age
Non-financial misconduct – Where to draw the blurry line?
Uncharted territories – A time for brave leadership
Calm under pressure – The chair’s strategic role as activists target AGMs
Ghosts in the machine – The rewards and risks of AI-assisted banking
Power plays – Have social shifts upended the age-old bargain banks make with staff?
What lies beneath – Cyber threats and manager liability
All change – The evolving role of banks' in-house legal teams
Welcome to the sixth edition of the Global Bank Review
Hannah Cassidy, Simon Clarke and Tony Damian, Co-Chairs – Global Banks Sector Group
Tough calls loom as the costs of capital and labour mount
CHAPTERS
Featured
#CustomerIsKing – Banks strive to stay relevant and satisfy regulators in the TIKTOK age
POWER PLAYS – HAVE SOCIAL SHIFTS UPENDED THE AGE-OLD BARGAIN BANKS MAKE WITH STAFF?
HOME
READ MORE +
Aaron White and Lena Naris
WHY I CAME BACK
Rochelle Eades - Pioneer at BET Vodka
A view from Minneapolis
What inspired Natacha you to become a lawyer?
12 QUESTIONS WITH...NATACHA HEFFINCK
Pro bono work is integral to Herbert Smith Freehills (HSF) services, and most of the firm’s lawyers gain considerable...
Working together for the greater good
MORE ON DECARBONISING CITIES
After years of inaction and divisive rhetoric, Australia's new Labor government promises a new approach to climate action
ENDING THE CLIMATE WARS – CAN AUSTRALIA'S NEW GOVERNMENT MAKE GOOD ON AMBITIOUS EMISSION PLEDGES?
COMING SOON
Urban centres need new funding models to be in the vanguard of the battle against climate change
FINANCING NET ZERO CITIES – THE CASE FOR SMART LEGAL SOLUTIONS
As part of our Decarbonising Cities series, we sat down with TfL Head of Corporate Environment Sam Longman to explore the role of public transport in reaching net zero
DECARBONISING CITIES PERSPECTIVES: TRANSPORT FOR LONDON
As part of our Decarbonising Cities series, we sat down with MEPC regional development manager Rob Groves to explore the role of developers in clean urban living
DECARBONISING CITIES PERSPECTIVES: MEPC
After centuries of aggressive growth fuelled by fossil fuels, a small group of cities are leading the global drive to net-zero. What lessons can be learned?
PIONEER CITIES – THE CUTTING EDGE OF CLEAN URBAN LIVING
What does post-pandemic, hybrid working mean for your team in terms of culture and operational issues?
pARTNER
MELBOURNE
+61 3 9288 1297
Email
NICK BAKER
LinkedIn
Profile
GERMANY
+49 211 975 59012
HEIKE SCHMITZ
Professional support lawYER
+61 3 9288 1410
ANTHONY ELLIS
+61 3 9288 1870
ALISON DODD
01
It's safe to say the last two years have given in-house legal teams – who have had to navigate tough times – plenty of opportunity to demonstrate their value. Though banks were already accelerating towards more sophisticated internal legal operations, the pandemic represented an unprecedented challenge for modern businesses, deepening the need for legal teams to step outside their usual roles. To discuss these challenges, and the necessary responses, we sat down with Sharon Cook, Group Executive, Legal and Commercial Services, National Australia Bank; René du Preez, Group Chief Legal Officer, Standard Bank Group; and Barbara Levi, Group General Counsel at UBS.
I am convinced more diverse teams achieve better results as they represent different backgrounds, competences, and perspectives.
Barbara Levi, Group General Counsel, UBS
How can in-house legal teams bolster diversity and inclusion efforts?
Barbara Levi: We all learned is that working from home is possible for many of us. At UBS, we had around 80,000 people working remotely at the same time. This was possible due to our prior investments in technology as well as years of developing remote leadership skills and a supportive company culture. Having said that, the pandemic has not hindered our ability to deliver high-quality advice. Even though most of the meetings were held online, we stayed focused and connected to maintain the quality of advice we provided to our clients. Now, as we have seen many restrictions easing over the last months, we are of course happy to meet our stakeholders physically again. René du Preez: I'm trying to avoid our lawyers becoming data capturers, which can happen in a big organisation. But we also want to become more aware of our data. We've set up tools which mean we can put in data which is worthwhile and usable. We need to consider how we use technology and how we can get it to incorporate legal risks more smartly to create efficiencies and do more with less. It's about creating synergies across the different issues lawyers have to deal with now. The pandemic has concentrated our efforts. We've had innovation across our legal teams. They look at what our clients specifically need, and we use things like AI to prepopulate NDAs and marketing agreements, those vanilla-type agreements. It takes those things away from the lawyers so they can focus on strategic and complex matters. It's freed up a lot of time and engages the team on higher value work.
How has the disruption of the past two years made you think differently about efficiency or the support in-house legal provides to the business?
The community has been reminded of the purpose of banks - to serve customers and help them prosper - and the positive contribution they can make.
Sharon Cook, Group Executive, Legal and Commercial Services at National Australia Bank
Sharon Cook: Financial services in Australia is a desirable place to be. Happily, in our legal team we continue to be able to attract talented recruits and our retention is high. Things have changed a lot in this regard from 4 years ago. That was the time of the Royal Commission in Australia which, with the attendant media, caused people to drop financial services firms down their list of desirable places to work. The community’s trust of the financial services sector has improved, helped by the constructive role banks played during the pandemic. The community has been reminded of the purpose of banks - to serve customers and help them prosper - and the positive contribution they can make. Banks, too, have learned the lessons of the Royal Commission. I believe people want to work in the legal team at banks because of their interest in the financial sector and the role that banks play in the economy, for customers and in the community; the interesting, varied and challenging work; and the pleasure (mostly) of working closely with the business. Barbara Levi: Competition for talent is nothing new, especially in the banking and legal sectors. When I think about the beginning of my own career, there were a couple of top priorities I had for potential employers. Things like global reach, reputation, career growth, remuneration and exposure to different areas of legal practice to ensure I could continue to learn and develop. Those are still among the top attractors of talent in the legal industry. And UBS is a global financial player, a well-known employer and a bank with a very good reputation. Of course, there are newer factors which candidates consider as well – things like flexible working and digital transformation. And we are addressing those as well to remain an attractive employer.
In the face of an unstable economic outlook and rising costs, how has the war for talent impacted your team?
Sharon Cook: We've seen people move states, move to the country, but we've not seen an exodus. What we'll see is people staying in their jobs, using that flexibility, because they've already established credibility and trust. All I'm seeing is people taking advantage of flexibility in various ways. René du Preez: We keep all our data on staff turnover and what we call "regrettable losses", which are people who are performing on track or very well. Those things have gone up. When we talk about the Great Resignation we need to know what has driven these departures. People leave for different reasons. The trends we have seen are foreign law firms, South African law firms, start-ups and fintechs headhunting our staff either overseas or from here remotely. Where people are emigrating because of the social or political circumstances in the country, and where they're being offered packages in dollars or sterling, it's hard to do anything about that. But we've also seen people leave because they've been offered greater flexibility. We're taking all this into account in how we remunerate people and package rewards.
How can banks attract, develop, and retain talent in the face of increasingly tight talent markets? Are you seeing the Great Resignation?
René du Preez (Standard Bank Group): There's been a shift to more strategic partnering with our external stakeholders. That requires strategic insight and contribution as well as being commercially minded. Our lawyers have always been versed in future-ready skills. We are increasingly required to create and implement solutions beyond legal advice. There's an expectation that our teams upskill themselves around these capabilities. We've created learning and development pathways for them to do so and are continuously evaluating what new or additional skills we should equip them with. Barbara Levi: I am very fortunate to have excellent teams of highly-skilled lawyers across the globe that provide strategic advice across our businesses. Wherever possible, we try to standardise the more business-as-usual work, ensuring the in-house team is exposed to sophisticated and complex legal issues where they can add value with their strategic mind-set and business acumen.
Have you seen a shift in the type of work in-house teams are undertaking?
Sharon Cook (National Australia Bank): I was surprised how quickly my legal team, and the whole of NAB, went from a pre-pandemic to a pandemic environment. I've been an advocate of flexible working my whole professional life. The pandemic saw the vast majority of our over 35,000 people at NAB work both remotely and flexibly all the time with no loss of productivity. It was a marvellous discovery. I didn't think it would be possible, particularly from a technology point of view. We saw some great benefits of working from home. The relationships with colleagues became more intimate and authentic. We saw the inside of colleagues’ houses, partners, children and pets. We got out of corporate garb and wore exercise gear, hoodies and UGG boots. Socialising was done in new and innovative ways: team exercise sessions, gin tastings, cooking classes, dinners – all on Zoom or Teams. We talked more about our personal lives than we did when sitting in an office, building stronger relationships with each other. And for many of us, we at last got a good step closer to achieving true work life balance. Of course, there were many negatives to solely working from home – the isolation for some; the impact on many colleagues’ wellbeing; missing the relationship building that happens in the office, especially with colleagues outside your own team; and those incidental conversations that oil the wheels of our businesses. Being at home also negatively impacted our ability to learn and develop. I also think it inhibited promotions and colleagues’ ability to find new jobs in our very big business.
Hybrid working is the perfect solution. You keep all of the good but minimise the bad. We now strongly encourage our people to work from the office two to three days a week. Barbara Levi (UBS): Even before the pandemic, UBS legal employees had the opportunity to work from home for a few days per week. During the pandemic, more than 80% of employees across the firm worked from home. And it went smoothly. Based on internal surveys, we know many employees want a hybrid model. So, where role, task and location allow, we will offer this flexibility. We believe a hybrid approach allows for a better work/life balance and makes us a more attractive employer, appealing to a more diverse talent pool.
Sharon Cook: The higher the take up of flexible work practices, the greater the diversity and inclusion we will see. My hope is that the surge in flexible working continues post pandemic and that there will be large numbers of jobs in the future which can be done entirely from home, or for a few days a week, which will give a more diverse range of people access to the labour market. Flexible working will supercharge diversity and inclusion. In-house legal teams need to encourage flexibility in their own teams and across their organisations. René du Preez: We keep diversity at the forefront of our hiring strategy. Being a lawyer now is a very different story from how it used to be. In our function we have various D&I teams which drive different agendas. We drive this through the firms we use externally. We keep a strict eye on the firms we use, even in the credit space. We encourage and hold to account and are held to account ourselves. It's about the law firms you're using, the advocates, and the vendors. Barbara Levi: D&I holds a lot of importance for me personally. In all the years I held leading roles across companies and industries, D&I played a central role in how I led my teams. I am convinced more diverse teams achieve better results as they represent different backgrounds, competences, and perspectives. I will continue to foster it in my role as group general counsel.
AT UBS, WE HAD Around
80,000
WORKING REMOTELY AT THE SAME TIME
Technology will continue to improve our risk management and profitability. It speeds up our business processes. We've developed our own tools in-house with our own teams, such as our matter management solution.
René du Preez, Group Chief Legal Officer, Standard Bank Group
René du Preez: It's been playing a large role since Covid. I must give credit to our group's engineering teams, which have enabled the legal team to set themselves up in a short period of time to be fully functional remotely. Technology will continue to improve our risk management and profitability. It speeds up our business processes. We've developed our own tools in-house with our own teams, such as our matter management solution. We've had a specific issue with our litigation matters, as we're such a large group across Africa. Keeping track of that and updating those matters - and they're reported to our insurers - was really a manual process. One of the first things we did was develop an in-house tool to give access to all our teams digitally to input all details and updates, which has made it more efficient. The data is better and more accurate. Sharon Cook: The big technology impact of the pandemic was the normalisation of the use of Zoom and Teams for meetings, large and small. We have learned the advantages and disadvantages of those kinds of meetings and will calibrate their use appropriately in the future, I believe. Artificial intelligence, machine learning, chat bots, process flows and other technology are my team’s tools of trade and have been since before the pandemic. That hasn't changed. Looking to the future, we will need our lawyers to have digital and data skills, process mapping skills, analytical skills, and skills we don't even know exist yet. There's massive digitisation going on in NAB currently, and my team needs to lead and support that in working with the business. We also need to use technology and data in our legal team to better serve our customers and bankers; provide insights to the business; and find efficiency and productivity savings.
What role will technology (including AI) play in delivering the in-house legal services of the future?
Our lawyers have always been versed in future-ready skills. We are increasingly required to create and implement solutions beyond legal advice. There's an expectation that our teams upskill themselves around these capabilities.
With the pandemic recasting workplaces and the economic outlook darkening, we sat down with three senior legal chiefs to see how their teams have responded to the disruption and risen to meet new challenges
READ MORE
+ Non-financial misconduct
Where to draw the blurry line?
+ uncharted territories
A time for brave leadership
+ CALM UNDER PRESSURE
The chair’s strategic role as activists target AGMs
+ GHOSTS IN THE MACHINE
The rewards and risks of AI-assisted banking
+ POWER PLAYS
Have social shifts upended the age-old bargain banks make with staff?
+ WHAT LIES BENEATH
Cyber threats and manager liability
+ #CustomerIsKing
Banks strive to stay relevant and satisfy regulators in the TIKTOK age
+ All change
The evolving role of banks' in-house legal teams
Innovative product offerings and marketing channels
02
The Covid-19 pandemic and ensuing digital acceleration, combined with a low interest rate environment and global stimulus payments to individuals have emboldened disrupters in financial markets to introduce new consumer services and products. Banks have fought to retain their relevance in a fast-changing market by introducing new services to entice consumers, and starting to sell products through innovative channels, such as so-called "finfluencers". The battle to attract a new generation of customers already rages. In response, regulators have moved to ensure these new products and marketing channels do not harm consumers, imposing additional compliance burdens on banks. In the UK, there has been a step change in conduct regulation with the introduction of a new Consumer Duty, under which firms will have to deliver good (as opposed to fair) outcomes for retail clients. Regulators are also clamping down on financial scams targeting consumers, and asking banks to look at their support for vulnerable customers, especially those suffering hardship amid the cost-of-living crisis. The rise of ESG-related products and accusations of greenwashing are also garnering increased regulatory scrutiny. Regulators are determined to follow lenders into this new terrain as the hunt for the next generation of consumers intensifies. Our experts assess the complex dynamic now playing out at a global level, spanning regions and digital spheres.
Australia’s Banking Code Compliance Committee has encouraged banks to ensure their systems and processes are robust enough to protect customers and the lender from scammers and other criminal activity, including confirming employees are aware of current fraud and scam issues. Additionally, in 2021, the Australian Competition and Consumer Commission (ACCC) communicated with financial firms about their roles in preventing scams. In short, it is evident that banks are expected to assist in the fight against online fraud.
SYDNEY
+61 2 9225 5733
Ellen O’Rourke
PARTNER
PARIS
+33 1 53 57 74 04
Antoine Juaristi
LONDON
+44 20 7466 2789
PATRICIA HORTON
SINGAPORE
+65 6868 9805
Natalie Curtis
HONG KONG
+852 2101 4133
Hannah Cassidy
+44 20 7466 2288
Marina Reason
+61 2 9225 5442
ANDREW EASTWOOD
Charlotte Henry
While lenders are determined to broaden their appeal to a new generation of customers, regulators are raising the bar for consumer protection – that's a risky combination
Over the last 12 months, banks have broadened their products and services to attract a wider and younger customer base. A good example of customers driving banks to change their product suite is buy-now-pay-later (BNPL). First appearing in Australia with Afterpay in 2014, it was then copied by Klarna entering the EU markets, and US giant Affirm. Come 2022 there are now a plethora of BNPL providers globally. Almost a decade later, BNPL has become a mainstream product for lenders – in Australia alone, three banks (including two of the Big Four banks) have their own BNPL offerings. Most regimes globally have a consumer credit framework governing whether BNPL is policed, and in most jurisdictions it can be structured to be unregulated. However, consumer advocate bodies maintain that BNPL is rife with bad outcomes given its unregulated nature – eg, there is no requirement to conduct responsible lending checks. The data, however, paints a different picture. The Australian Securities and Investments Commission (ASIC) has conducted three in-depth assessments of BNPL and not found the poor customer results consumer groups claim, save for charging of late fees. Moreover, some BNPL business models do not give rise to hardship as a customer is not permitted to make another transaction if they have missed a repayment – unlike traditional credit cards or overdrafts where further transactions are permitted and arguably encourage spiralling debts.
There has been a recent boom in social media ‘finfluencers’ who use their platforms and reach to discuss products and services with their followers. PostFinance, an established Swiss bank, turned to TikTok to reach a fresh audience for its youth bank accounts. The campaign was a resounding success, driving over 6.3 million TikTok impressions. This caught the attention of regulators, who have reminded finfluencers that they may be acting in contravention of the law when discussing financial products and services. Licenced financial advisers using finfluencers must ensure they have adequate risk management procedures, monitoring and supervisory measures and consider the implications of laws and regulations, such as product governance obligations. A newsworthy example of this response saw the US Securities and Exchange Commission (SEC) in October announce charges against Kim Kardashian for touting a cryptoasset security offered and sold by EthereumMax on social media without disclosing the payment she received for the promotion. Kardashian agreed to settle the charges, pay $1.26 million in penalties, disgorgement and interest, and cooperate with the SEC's ongoing investigation.
PostFinance, an established Swiss bank, turned to TikTok to reach a fresh audience for its youth bank accounts. The campaign was a resounding success, driving over 6.3 million TikTok impressions
Finfluencers
Driven in part by the increased use of digital channels, scams are a growing problem throughout the world. In 2021, the UK reported financial fraud losses of £1.316 billion, including unauthorised fraud across payment cards, remote banking, cheques and authorised push payment scams. Online fraudsters have many approaches, including investment scams (such as “ramp and dump” schemes), romance scams and payment direction scams. In a payment direction scam, perpetrators impersonate a business or its employees via email and request that money (which is usually owed to a legitimate business) is sent to a fraudulent account. Banks are often unwitting facilitators of scams, effecting the transfer of funds from victims to fraudsters. Unfortunately, as banks have provided improved online services, for example, in mobile banking, the potential for customers to be deceived in increasingly sophisticated ways has grown. It is therefore unsurprising that victims look to recover lost funds from banks. Some plaintiffs have pursued court actions, relying on creative causes of action. In the past year alone there have been a number of important judgments, particularly in the UK, considering the scope of a bank’s duty of care, both to customers and non-customers, in the context of authorised push payment fraud. Plaintiffs have had some success expanding the scope of duties owed by banks, but to date the courts generally seem cautious about imposing duties on banks beyond the relevant contractual mandate. A bank’s contractual duty to customers of its transactional banking services typically includes a duty to execute their transaction orders. This is qualified by an implied duty to exercise reasonable care and skill in executing those orders. As victims seek to expand the scope of that duty, banks have found themselves treading carefully to prevent customers being scammed, while not impinging on the customers' right to access their funds on demand and deal (legally) with those funds as they see fit. In some jurisdictions, victims are also able to pursue non-judicial recovery such as via the Australian Financial Complaints Authority (AFCA). These avenues can hold greater prospects, as the outcome may not simply turn on the strict legal position, but more general notions of “fairness”. As the problem of scams grow, regulators and governments are entering the fray. This raises the fundamental policy question: where is the balance struck between victim and bank? Banks play a critical role in the transfer of funds throughout the economy and are therefore in a position to detect and prevent some scams. But if wide liability is imposed on banks (with lenders effectively becoming “insurers” to victims of scams), what is the responsibility of consumers to protect their own interests? Jurisdictions are taking different approaches as set out below.
A global rise in scams
In the UK, the FCA is focusing on how tech solutions can prevent fraud in real time, for example, testing how financial services and other sectors can share data and how to spot fraud at source. It is also asking firms to consider whether they are doing enough to raise customer awareness of crimes such as authorised push payment fraud, pension scams and so-called ghost broking, where fraudsters pose as middlemen for insurance firms. The FCA has said firms should be assessing evolving risks, such as the cost-of-living crisis, and re-calibrating their financial crime controls accordingly. The financial promotion regime in the UK is also being tightened in a bid to prevent misleading advertisements and scams. In May 2022, the UK Government announced it intends to introduce legislation to enable the Payment Systems Regulator to use existing regulatory powers to require reimbursement in cases of authorised push payment scams in designated payment systems.
In March 2022, Hong Kong's Securities and Futures Commission (SFC) warned the industry about business email compromise in a circular that provided additional guidance on enhancing internal controls and reminders relating to existing guidance.
In Singapore, the Monetary Authority of Singapore (MAS) is preparing a framework for equitable sharing of losses arising from scams and is expected to issue a consultation paper shortly. The MAS has previously indicated the framework will recognise that all parties have responsibilities to take precautions against scams. The proportion of losses each party bears will depend on whether and how the party has fallen short of its obligations.
The debate around the liability position in relation to scams, and the sharing of liability between customer and bank, is far from settled. But one thing is clear: the regulatory trend is towards rising expectations on banks, spanning customer education, internal policies and processes, and warnings that should be provided when a possible scam is detected.
As the problem of scams grow, regulators and governments are entering the fray. This raises the fundamental policy question: where is the balance struck between victim and bank?
In a global first, the UK has just finished consulting on measures centred around a new FCA Principle for business requiring banks and other authorised firms to “act to deliver good outcomes for retail customers”, to encapsulate the new Consumer Duty. It represents a marked shift in the FCA's approach by resetting expectations around the duty of care owed to customers by financial services firms, and the UK regulator is arguably going further than counterparts to rebalance the relationship between firms and consumers. However, there are concerns that a fair outcome is not always a good resolution from a customer's perspective, and it will be incumbent on the FCA and the UK's Financial Ombudsman Service to distinguish between good and fair outcomes, regardless of the wording of the new Duty. The new Principle (Principle 12), which will be implemented in 2023, will be underpinned by three broad duties requiring firms to:
New UK Consumer Duty
act in good faith towards retail customers; avoid causing foreseeable harm to retail customers; and enable and support retail customers to pursue their financial objectives.
The FCA expects the new rules to promote good outcomes in the following four areas:
At an individual level, the FCA also proposes to introduce a new Individual Conduct Rule 6, which mirrors the new Principle, in requiring certified staff to “act to deliver good outcomes for retail customers” where their firms’ activities fall within scope of the Consumer Duty. Banks will be expected to monitor, test and adapt their policies and processes to satisfy themselves and the FCA that customer outcomes meet regulatory expectations. The new Consumer Duty will become an integral part of the FCA's tool-kit and we can expect other regulators to closely watch developments in this area.
In recent years, there has been an increased awareness of vulnerable customers, with regulators introducing new measures and obligations on banks. Australia’s securities regulator, ASIC, has encouraged banks to work with customers suffering financial difficulty from Covid-19, and to identify what could make their total indebtedness worse when introducing further temporary assistance. ASIC has also recently introduced a policy enabling large banks to withhold reporting certain credit information relating to customers if these reports could lead to consumer harm, including if the customers may be suffering from family violence. Other industry bodies such as the Australian Banking Association have introduced non-binding guides on financial abuse, defining expectations of what institutions should do if they suspect a customer is being financially abused. Many UK banks have also committed to implement a voluntary code on financial abuse developed by UK trade associations. Following the publication of FCA guidance in 2021 on the fair treatment of vulnerable customers, the FCA recently noted good examples of firms taking positive action to understand the needs of customers in vulnerable circumstances and meet those needs. However, the FCA also noted inconsistent practices, for example, in relation to the monitoring and evaluation of management information at some retail banks. The Hong Kong Association of Banks also has guidelines relating to the provision of barrier-free banking services, as well as the provision of banking services to vulnerable customers such as those with dementia or intellectual disabilities.
Vulnerable customers
Another area where customers are driving change is ESG, increasingly demanding that their bank address climate action by becoming sustainable, only engaging in sustainable finance, and ensuring their investment products are ethical and green. Moreover, climate change risk is a global priority for regulators. The Australian Prudential Regulation Authority (APRA) and ASIC have this as one of their top priorities for the next 12 months, focusing on two angles: firstly, taking action with disclosures that are not useful, accurate or substantiated; and, secondly, to monitor and bolster operational resilience. APRA is conducting a climate vulnerability assessment and self-assessment survey to gain insight on climate risk management practices and will be working with industry, the Council of Financial Regulators, research organisations, and global peers to embed climate risk factors into its supervisory activities. APRA is also developing tools to assess climate-related financial risks and will increase scrutiny of entities’ progress in addressing climate change risk following the release of new guidance, CPG 229 Climate Change Financial Risks. APRA expects entities to begin using this guidance immediately. In the UK, there are initiatives for listed entities with corporate reporting, and the FCA is working with the UK government to develop and implement a sustainable investment labelling system for financial products and services. It is expected that the evolution of disclosure standards and taxonomies will continue for the next 12 to 24 months, and regulators are showing clear signs of gearing up for intervention and enforcement. Misleading or deceptive greenwashing practices are also coming under mounting scrutiny. ASIC has informed institutions that products must be 'true to label' and banks should avoid vague terminology. The Hong Kong Monetary Authority has flagged plans to conduct thematic reviews in 2022 to assess banks' due diligence for ESG products to gauge how they mitigate greenwashing risks. Hong Kong's SFC has already introduced new requirements on fund managers to incorporate climate-related risk in their investment decisions, risk management and related disclosure. The SFC is now planning to review fund managers' use of ESG ratings and data product providers after concerns over the low comparability among ratings and data products. The EU Sustainable Finance Disclosure Regulation (SFDR) already provides a classification system for sustainability-related investment products in the region while the EU is also developing an Ecolabel for retail financial products. In summary, the customer is definitely king, and this is driving banks to develop new ways to enhance the consumer experience, as well as satisfy new needs. Regulators have been quick to respond, and in certain markets, the pendulum has swung rapidly in favour of customers – whether through the new UK Consumer Duty, enhanced protection of vulnerable customers, or new expectations on banks to assist in the fight against online scams. The broad direction of regulatory travel has now been set. Banks must anticipate and respond to rising expectations in how they treat customers. Policy-makers, rivals and ultimately consumers are all watching closely.
ESG
#CustomerIsKing Crypto and consumer protection – Try to keep up
Nonetheless, regulators feel the need to take action. In the UK, the Financial Conduct Authority (FCA) is consulting on changes to its consumer credit regime to police BNPL in a risk-based manner. In Hong Kong, though BNPL is in initial stages of development, the banking regulator has recently published its expectations around customer protection for product providers. Banks must include the educational message of "To borrow or not to borrow? Borrow only if you can repay!" in promotional materials. In Australia, the non-bank BNPL industry banded together to ward off regulatory action by developing an industry code of conduct that binds signatories to undertake activities such as responsible lending checks. However, it is likely to become regulated in the short-to-medium term.
Banks will be expected to monitor, test and adapt their policies and processes to satisfy themselves and the FCA that customer outcomes meet regulatory expectations.
Products and services – customers are sold products and services that are designed to meet their needs, characteristics and objectives
Price and fair value – customers pay a price for products and services that represents fair value to them
Consumer understanding – customers are equipped with the right information to make effective, timely and informed decisions
Consumer support – customers receive the support they need.
03
The World Economic Forum recognises cyber risk as “the most immediate and financially material sustainability risk that organisations face today”. Cyber security has become a top business risk. Nearly half of CEOs globally see cyber threats as a challenge to their organisation's growth prospects, with 62% of that number concerned about the impact upon their ability to sell products and services, 56% on their ability to innovate and 19% upon the scope to raise capital. This makes the question of how to achieve effective governance of cyber security risk a pressing concern for all firms but the issue is particularly acute in banking. The head of the European Central Bank has warned that a combined cyber-attack on major lenders could trigger a liquidity crunch resulting in a systemic crisis threatening financial stability. Financial regulators are issuing stark warnings about cyber security, particularly in light of the invasion of Ukraine. For example, the UK's Financial Conduct Authority in March 2022 told firms: "You should consider your ability, and that of your third-party providers, to withstand a cyber-attack. You should take all appropriate steps to shore up your controls… Consider if your staffing levels are appropriate to deal with an elevated cyber risk."
There are some steps being taken to increase cyber expertise at board level. The US Securities and Exchange Commission (SEC) is proposing rules to draw out the discrete cyber security expertise of the board – including experience, certification and degrees – as part of its proposed new rules for public companies on cyber risk management, strategy, governance and incident disclosure. Meanwhile, the Technology Risk Management Guidelines issued by the Monetary Authority of Singapore (MAS) provide that both the board of directors and senior management of financial institutions should have members with the knowledge to understand and manage technology risks, including cyber threats. The Australian Prudential Regulation Authority (APRA) requires this of all board members, noting: “APRA expects boards to have the same level of confidence in reviewing and challenging information security issues as they do when governing other business issues." In financial services, of course, there are various regimes which make senior individuals more accountable for their conduct and competence generally that can be leveraged to address cyber risk. The UK has the FCA/PRA Senior Managers and Certification Regime, which includes as a Senior Management Function the role of Chief Operations (generally referred to as SMF24), which is defined as "the function having responsibility for the internal operations and technology of a firm". Firms are able to split this responsibility, as long as it is done accurately and preserves clear lines of accountability. Indeed, for many firms with "distinct, but equally senior individuals", such as a Chief Operating Officer, a Chief Information Officer (CIO) and a Chief Technology Officer, this may be the approach taken.
Increasingly, lawmakers and regulators in all sectors are placing responsibilities for cyber security upon individual directors and senior managers to achieve effective governance. New requirements are being introduced in various sectors to supplement the legal obligations applicable to directors of all businesses, such as the duty to promote the success of the company or the duty to exercise reasonable care, skill and diligence (found in sections 172 and 174 of the Companies Act 2006 in the UK).
While the UK was a first mover on individual accountability, there are comparable regimes in other jurisdictions. The Guidelines on Individual Accountability and Conduct issued by Singapore's MAS require the Chief Information Security Officer and CIO to be designated as senior managers and held responsible for the actions of employees and the conduct of the wider business. In Hong Kong, the Securities and Futures Commission's Manager in Charge (MIC) Regime includes "operational control and review" and "information technology" as core functions in which a MIC should be appointed. Similarly, the Banking and Executive Accountability Regime in Australia, requires one or more senior executives to take responsibility for risk management arrangements and controls, operations and information management, including information technology systems. The key question is what do these regimes require directors and senior managers to do in practice to provide effective oversight of cyber security? Accountable individuals should be taking steps to deliver cyber security. This will involve making sure they understand cyber security failures – both non-malicious and malicious – which might impact upon the business and ensuring that steps are taken to mitigate those risks. In the UK, the regulators' operational resilience framework sets impact tolerances and takes actions through testing severe but plausible disruption scenarios. This is a valuable addition to methodologies which can help senior staff assess cyber risk in banks. There are similar regimes in other jurisdictions.
Generally, reasonable steps directors and senior managers will be expected to take involve maintaining awareness of relevant external developments and carrying out periodic threat assessments. They will involve ensuring cyber security has adequate resources, appropriately deployed. Those accountable will have to seek to ensure policies and procedures for controlling daily operations are implemented, controlled and policed – and any delegations are managed and reviewed, with reporting lines clear to staff and operated effectively. Directors and senior managers will also have to consider cyber risk in decisions about expansion or restructuring. We are starting to see corporate deals fall through because of poor cyber security in the target company. With the shift to cloud, paying attention to arrangements with third-party suppliers is also becoming more important. For example, the EU's forthcoming Digital Operational Resilience Act marks the first steps towards the introduction of a new designation regime for third-party providers in respect of the material services they provide to the UK financial services sector. In Australia, we have now seen the first case of a regulated entity being held liable for not acting efficiently and fairly when it failed to have adequate risk management systems to handle its cyber security risks. In 2021, APRA found 60% of its regulated entities (banks, insurers and pension funds) had not assessed all of their IT service providers’ information security control testing.
We are starting to see corporate deals fall through because of poor cyber security in the target company.
The key question is what do these regimes require directors and senior managers to do to provide effective oversight of cyber security?
Increasingly, however, the measure by which directors and senior managers will be judged is how well they deal with cyber incident response. Cyber security is a multidisciplinary field, which requires successful integration of various teams within a business and of different crisis response plans. Seamless integration cannot be achieved in the heat of an incident. Similarly, the intense pressures of incident response do not lend themselves to resolving differences in risk appetite or approach within the crisis management team. Take a ransomware incident. Making the right call on the pay/don't pay decision requires the board to consider whether it is more advantageous to pay the ransom to reduce recovery time (and hence losses) or not to pay and suffer losses for potentially longer while attempting to restore systems. Consideration will need to be given to a number of issues, including:
whether paying might embroil individual directors in sanctions, money laundering or terrorist financing offences; technical input on the impact upon systems/operations or whether any decryption key will work; analysis of what data may have been impacted; advice from the legal function on liability which may be incurred if one pays or does not; input on how regulators may respond to the attack, and analysis and handling of a wide range of insurance policies that may apply.
It is easy to see how missteps can occur, putting individuals in breach of various obligations with directors or senior managers at risk of committing a criminal offence. Only individuals who have rehearsed thoroughly will be able to meet the standard expected of them. Other pitfalls include slow or partial response to customer detriment or market impact or not keeping the regulator informed. In many jurisdictions notification of a cyber incident must be prompt – in some instances within an hour. Good governance of public statements is also important; misleading communications to customers or markets about recovery can cause particular trouble. For example, if you have strong grounds to suspect an attack is ransomware, the regulator might take a dim view of a vague statement portraying the event as "problems with your computer systems". In the UK, such a statement might breach the requirement for firms to make "clear, timely and relevant" communications (SYSC 15A.8.3.R and FCA Principle 7 in the UK).) Further, we are seeing points being taken about this in litigation. For example, the pleadings in a recent US securities class action include an allegation that a company "intentionally minimised the breach and failed to disclose that attackers had gained administrative access to the servers". In conclusion, never has the burden upon individual directors and senior managers within banks been greater in relation to cyber security. Individuals should take time to familiarise themselves with the new requirements in the jurisdictions in which they operate and ensure they are fully equipped to ask the right questions.
+65 6868 9808
MARK ROBINSON
NEW YORK
+1 917 542 7805
JOSEPH FALCONE
+44 20 7466 2773
ANDREW MOIR
CONSULTANT
+44 20 7466 3737
Kate Macmillan
SENIOR ASSOCIATE
+61 3 9288 1395
PHILLIP MAGNESS
CHARLOTTE HENRY
+61 3 9288 1531
CAMERON WHITTFIELD
NATALIE CURTIS
As regulators place increasing demands on senior managers to tackle cyber risks, we explore how to avoid the hidden dangers
1
1. PwC 24th Annual Global CEO Survey
The power of activism
04
Once, not so long ago, aspiring bankers knew what to expect of a career in the money industry: long hours, intense demands and pay to literally compensate for that contribution. While money matters, there are mounting reasons to question what employees are looking for from a role in banking and what motivates them, as well as what they are looking for in return for that work. Even leaving aside the challenge for institutions in gauging what drives workers in today's labour market there remain conflicting forces at play in the labour market. Consider the backdrop. There is a clear rise in employee activism with industrial action happening in the financial services sector alongside many others, driven by the cost-of-living crisis and resulting pressure for large pay rises. Social movements such as #MeToo and Black Lives Matter, along with a stronger focus on ESG matters, have given employees greater confidence to raise their views.
There is a clear rise in employee activism with industrial action happening in the finance sector alongside many others, driven by the cost-of-living crisis and resulting pressure for large pay rises.
Cultural talking points like The Great Resignation and Quiet Quitting certainly highlight pressing retention and performance issues amid a labour market in which talent is scarce in many key economies. On one hand, many firms are questioning what staff value and what employers must provide to ensure a stable, productive workforce. On the other – with slowing economies, fewer deals leading to hiring freezes and potentially lower bonuses – the question remains: is the balance of power about to swing back again?
To avert both industrial action and newer forms of employee activism, the imperative for banks to engage employees remains clear. Our Future of Work research shows that 69% of bank respondents have already established a formal forum for employee consultation, with a further 31% planning to do so. In 2019, 41% of bank respondents stated that they were engaging with employees in external forums and other spaces. In 2021, this rose to 72%. Some organisations are even seeking to reinvent the relationship and social contract between their customers, employees and unions from the ground up to combat such issues. In contrast, union-led industrial action in the finance industry remains nearly unheard of in the US as only 1% of all financial employees are unionised. Moreover, the majority of this group work in community banks and credit unions. Activism, therefore, is more likely to be employee-led in the US. In Australia, the Australian Finance Sector Union has achieved some success campaigning for banks to remove pay secrecy clauses in employment contracts. The G20 nation's four largest banks have agreed to remove such clauses in advance of the new Federal government promising to legislate for them to be banned.
Meta managers are being urged to identify and report low performers, to force them out the company, and similar measures are being seen across the financial services sector.
The Covid-19 pandemic has accelerated several existing trends in mobility, with employees across the globe being increasingly assertive about when, how and for whom to work. The much-discussed phenomenon of the Great Resignation is a case in point. A recent study from PwC shows that up to one in five UK workers are considering a career move in the next 12 months, with other surveys showing this figure may be as high as one in three in the UK financial sector. High turnover rates are seen by many commentators as reflecting a change in the priorities of finance workers, with high remuneration no longer being sufficient to retain employees in isolation. Quiet Quitting, a viral trend in which employees do the minimum required while keeping their job, is another increasingly prominent example, even if the debate rages as to whether it illustrates changing work attitudes or just a new tag for an age-old condition. Along with an uptick in resignations and recent working trends, there is an increasing focus on performance management, allowing employers to manage headcount without resorting to the sort of redundancies that were previously commonplace in many sectors. Meta managers are being urged to identify and report low performers, to force them out the company, and similar measures are being seen across the financial services sector.
Increasingly, however, the measure by which directors and senior managers will be judged is how well they deal with cyber incident response.
Recent strikes sparked by the cost-of-living crisis might give the impression of a return to an earlier age of union-led industrial action. Strikes in the transport and logistics sectors captured the headlines over the summer and the UK finance sector has not been immune, with industrial action at banks as well as the Financial Conduct Authority, where staff walked out in early May 2022 over pay and conditions. All the same, union membership remains at a historic low in the UK. The Office for National Statistics estimated in 2020 that little more than 10% of workers in the banking sector were union members. The picture is similar in France, with around 10.3% of French employees being unionised. However, French unions retain significant clout through their influence in works councils and the French Government's obligation to consider unions' rights when proposing legislative changes. By contrast, in South East Asia, unions have been increasingly vocal (particularly in relation to employee protections through Covid-19) with increased engagement with both governments and workers. The National Trade Unions Congress in Singapore has also embarked on a concerted campaign to increase union representation across professionals, managers and executives, including in the banking sector. Against this backdrop, new models of staff activism have emerged. In particular, employee-led campaigns have gained traction as a means of driving corporate change. Anonymous platforms such as that hosted by social enterprise Organise allow employees to discuss working experiences and grievances, to conduct surveys and start petitions.
41%
Respondents who stated that they were engaging with employees in external forums and other spaces
2019
72%
2021
69%
31%
Bank respondents who have already established a formal forum for employee consultation
Bank respondents who are planning to establish a formal forum for employee consultation
The power of MOBILITY
To retain staff and attract a broader pool of talent, employers are looking at what staff value (and it is not just money). In particular, the 'when' and 'where' of work in banking has been transformed by the post-pandemic shift to hybrid set-ups. A recent survey run by Bloomberg confirmed the sea-change in a sector once infamous for presentism, with more than 85% of UK finance workers no longer seeing the office as their primary place of work. All the same, banks have taken varying approaches to demands for greater flexibility. Perhaps the most-widely reported quote on the topic is from JPMorgan CEO Jamie Dimon, who stated at a conference that remote work “doesn’t work for people who want to hustle”.
Despite JP Morgan’s continued hybrid-work schedule, Dimon has continued to be an ardent critic of remote work and he is not alone. By contrast, Citigroup's CEO, Jane Fraser, announced as early as March 2021 that the majority of roles globally would be designated as 'hybrid', with colleagues able to work remotely up to two days a week. In Australia, unions are also now pushing to entrench rights to hybrid working in enterprise agreements along with, perhaps more significantly, the right to disconnect, which remains a novel concept in Australia. Similarly across Asia – flexible working – a relatively uncommon practice pre Covid-19 – is increasingly viewed as the norm with many companies struggling to entice workers back into offices. Some employers are also giving enhanced flexibility around work location and hours of work. Atom Bank has recently trialled a four-day compressed working pattern and reported no negative impact on employees or customer service. UK online bank Zopa made headlines when it announced that it would allow employees to work abroad for 120 days per year. Such arrangements will still need to meet regulatory requirements, and the tax implications also need consideration. In the US, allowing employees to work from anywhere can also require compliance with employment law in the state the employee is located. New York is a prominent example: the NY Department of Labour's view on cross-border arrangements are that "New York laws apply immediately if employees work remotely in the state".
The power of representation
Recent years have seen increasing corporate focus on the importance of diversity, equity and inclusion, spurred on by social movements such as #MeToo and Black Lives Matter. In one recent study, nearly a third (31%) of senior bank respondents across North America, Australia, Asia and EMEA agreed that social trends were already prompting change in their business. In particular, the imperative to hire and retain a workforce that represents the social make-up of its recruitment pool has been felt more acutely, particularly in cities with diverse populations such as London and New York. These issues are similarly prominent across continental Europe, but it can be difficult for employers to measure their success in this area due to complicated data privacy regimes and the prohibition in certain jurisdictions such as Germany against collecting diversity statistics. The effects of this shift have been felt at a regulatory level in the UK finance sector. The FCA has recently introduced requirements for listed companies to report information and disclose against targets on representation of women and ethnic minorities on their boards. The "comply or explain" requirement targets at least 40% of the board as women, at least one senior board position as a woman and at least one board member from an ethnic minority background.
Similarly, US firms on the Nasdaq must have at least two diverse directors or explain the failure. There is a pending court challenge to this rule, and the future of this rule and similar measures, may be determined in this proceeding, with a decision expected later this year. At state level, California has imposed laws requiring public companies to have gender, ethnic and racial diversity on boards, but these laws were recently struck down as unconstitutional. UK financial regulators already have such issues on their agenda with a discussion paper last year on reporting diversity data, setting targets and making individuals accountable for D&I within firms. Singapore follows this trend, recently committing to enshrining workplace anti-discrimination laws.
With the default expectation tilting towards flexibility, any institution maintaining a traditionalist stance on working practices should have a clear analysis of why diverging from this New Normal is right for their firm.
Conclusion: soft power, hard realities
Changes to the cultural and social landscape, through the rise of social justice campaigns, the Covid-19 pandemic and the current inflationary environment have further stoked long-term shifts in worker attitudes and priorities. In response, and to ensure a stable and productive workforce, finance employers will need to:
Consider how to engage with staff directly using internal and possibly external forums, including ushering in fresh approaches to communicate with staff; Provide greater flexibility around working arrangements to the extent consistent with business need and within regulatory bounds; with the default expectation tilting towards flexibility, any institution maintaining a more traditionalist stance on working practices should have a clear analysis of why diverging from this New Normal is right for their firm and policies to match their strategy. Recognise that the drivers of finance employees are less overwhelmingly focused on remuneration and instead cover a wider arrange of factors, including feeling valued, enhanced autonomy and a belief that they and their employers are making a positive social difference. A more creative approach to graduate recruitment and talent acquisition as the finance industry faces mounting competition for the best young workers, notably from a capital-rich technology sector.
Hybrid working, the cost-of-living crisis and the Great Resignation – many forces are driving the shifting attitudes and demands of today's bankers. How should firms respond?
+44 20 7466 2977
matthew procter
+49 69 2222 82501
MORITZ KUNZ
+33 1 53 57 72 35
EMMA ROHSLER
+61 2 9225 5228
SHIVCHAND JHINKU
+1 917 542 7866
TYLER HENDRY
+44 20 7466 2845
Christine Young
OF COUNSEL
+44 20 7466 6430
JENNY ANDREWS
LEGAL RISKS OF AI
05
Artificial intelligence (AI) is one of the fastest growing technologies globally due to its tremendous potential in enhancing decision-making, efficiency and automation. For the banks sector, AI has enabled lenders to automate certain processes and services as well as make use of huge volumes of data to derive actionable insights leading to enhanced customer experience or improved compliance. As of 2020, around 32% of banks globally have already been using AI across various use cases, ranging from customer service – such as chatbot assistants, credit scoring and personalised insights – to crime prevention, including anti-money laundering and fraud detection tools.
It is estimated that AI will deliver up to $1 trillion of additional value to global banking annually.
The undeniable benefits of AI for banks and customers come with risks attached. In particular there are the risks of 'unfair' bias in decisions affecting customers and a lack of transparency in computer-driven decision-making. The risk of unfair bias in an AI system is a prominent concern among consumer advocates, firms and policy makers. It can arise from bias in input data, either due to historical human decisions or over-representation of certain demographic groups in data, or the result of the algorithm over-emphasising certain factors in its calculations. To guard against such distortions, and the unfair consequences – potentially in breach of discrimination law – requires rigorous testing and monitoring. Even with robust controls, firms must still grapple with fundamental issues in mitigating bias. For example, from whose perspective should unfair bias be judged? What outcomes are being measured, and how do you measure them? What about the quality of data? Difficulties in understanding and managing data quality can translate into obstacles to mitigating bias. After all, the ability to avoid unfair bias through, for example, statistical approaches focused on ensuring that individuals who are similar in relevant ways are treated comparably depends on data representativeness and other aspects of data quality. Another important issue is the so-called Black Box problem regarding the lack of transparency of an AI system. For example, deep learning is a category of AI which uses ‘neural networks’, ie, models which aim to recognise hidden patterns between variables through a process which mimics how a human brain operates but which by design does not reveal how an input leads to an output. This affects the ability to understand and predict the behaviour of models, making it more challenging to identify and fix problems which may arise, or explain to customers why a certain outcome of the AI system occurred (let alone in terms which can be readily understood).
AI adoption in banking is expected to increase as more lenders plan to implement or expand advanced automation under their digitalisation strategies. Further opportunities will arise as institutions seek to embed customer journeys in partner ecosystems, take advantage of partners’ data and platforms to increase engagement and personalisation, potentially from traditionally under-served sections of society. If these opportunities are realised, it is estimated that AI will deliver up to $1 trillion of additional value to global banking annually.
Governments and regulators around the world are seeking to address such risks, while also allowing sufficient flexibility for innovation. Some measures, such as the EU with its draft AI Regulation, apply to all uses of AI, imposing more stringent obligations on systems deemed of greater risk to the public. In contrast, the UK Government recently announced that it proposes to focus on the use and impact of AI within specific contexts, delegating responsibility for designing and implementing regulation to relevant regulators. For greater coherence, the UK Government proposes to establish a set of cross-sectoral principles – such as embedding considerations of fairness into AI or ensuring AI is appropriately transparent and explainable – with regulators asked to interpret, prioritise and implement these principles within their respective sectors. In this regard, the proposed UK approach will be similar to that of Singapore. By comparison, Australia is in the early stages of exploring how to augment its AI ethics principles with tailored regulation, including a public consultation process which is currently underway.
Even with robust controls, firms must still grapple with fundamental issues in mitigating bias.
Principles-based regulation is, of course, familiar to banks. Indeed, their current use of AI is subject to existing regulation and law, which includes concepts such as fair treatment of customers. However, for the reasons discussed above, it can be difficult to demonstrate how AI systems have complied with such principles. This can lead to banks facing enforcement action for the appearance of unfair treatment due to AI or algorithmic processes. Even though months of investigation may establish there was no unfair treatment, reputational damage will likely to be suffered in the process. Accordingly, practical guidance on the application of future regulation regarding AI in financial services will be crucial to encourage further innovation in this increasingly potent technology.
FUTURE REGULATION
1. National Business Research Institute (2020) 2. McKinsey's "The executive's AI playbook". 3. Principles to Promote Fairness, Ethics, Accountability and Transparency (FEAT) in the Use of Artificial Intelligence and Data Analytics
+61 2 9225 5569
Kwok Tang
+44 20 7466 2378
Miriam Everett
+44 20 7466 2404
Karen Anderson
DIGITAL LAW LEAD
BRISBANE
+61 7 3258 6786
SUSANNAH WILKINSON
+44 20 7466 2996
Sian McKinley
+44 20 7466 2539
JON FORD
SOLICITOR
+61 2 9322 4173
Raymond Sun
A personal service will increasingly be delivered without a person as banking giants progressively roll out AI. What are the implications?
2
3
Glue, chants and placards – Recent examples of activism at bank AGMs
06
The disruption caused by shareholder activism has recently intensified with a return to physical annual general meetings (AGMs) and the size, influence and profile of banks making them natural targets. This brings additional burdens for the chair, who will inevitably play a key role in managing any activist intervention on the day of the meeting. However, their role starts well before the doors of the meeting hall open. Preparation is key and it is essential the board and management team gauge the potential risks well ahead of time to set their chair up for success.
Preparation should begin well in advance of the AGM. This may include facilitating dialogue between the company and activist group, which at a minimum signals goodwill on behalf of the company and a willingness to listen. Opening lines of communication can also give insight into issues that may trigger activism and present an opportunity to resolve grievances behind closed doors. Where appropriate, the chair should be present at these meetings. It helps for the chair to facilitate constructive discussion, regardless of any aggression displayed by activist representatives. It should, however, always be assumed that information shared during these meetings may become public, even in seemingly confidential discussions.
In early 2022, a number of financial institutions in the UK had their AGMs disrupted. For example, HSBC’s AGM was interrupted by activist group Extinction Rebellion, which uses non-violent action and civil disobedience to highlight environmental issues. Protestors broke up the meeting by chanting a revised version of Abba’s song “Money, Money, Money” while holding banners with slogans. Extinction Rebellion activists also disrupted Barclays’ AGM by setting off alarms and gluing themselves to chairs to avoid removal from the meeting venue. Standard Chartered's AGM was similarly interrupted when protestors began chanting while wearing masks of board members' faces which had been photo-shopped to include devil horns. Such phenomena have also been witnessed in France during the 2022 AGM season. The AGM of a leading French bank was disrupted by environmental activists who interrupted the proceedings for about twenty minutes. In Switzerland, climate activists interrupted Credit Suisse's AGM by holding up banners that read "Human rights now" and climbing onto the building's roof to set off several alarms. These actions will likely embolden similar groups in other jurisdictions. In each of these cases, the protesters continued to disrupt the AGM despite repeated requests for order and warnings from the chair. These interruptions can cause lengthy delays and frequently require an AGM to be adjourned so protestors can be removed. Understandably, the nature of these interruptions will put pressure on the chair and cause frustration for other shareholders who wish to participate in the meeting.
Preparation is key and it is essential the board and management team gauge the potential risks well ahead of time to set their chair up for success.
Opening lines of communication can give insight into issues that may trigger activism and present an opportunity to resolve grievances behind closed doors.
ROLE OF THE CHAIR
Is your chair prepared?
Engagement before the AGM
The chair is responsible for controlling the conduct of the AGM, so it will be their role to manage the company’s response to any activist interruptions. A natural risk – and indeed potential objective of campaigners – is that the chair becomes frustrated and loses composure. Although understandable, this can have reputational and other adverse consequences for the company if the hand on the tiller slips. The activists may seek to provoke and comments made in the heat of the moment can reflect poorly on the company once stripped of nuance or context. Signs of aggression or stonewalling risk damaging relationships with activists and frustrate constructive discussions in the future – which is particularly important where activists are employees or larger groups of shareholders. Protestors primarily seek to be heard. Shutting down that opportunity too quickly or with too much force can signal a company is hostile to debate or is attempting to suppress (as opposed to address) criticism. At the same time, activists are using AGM questions as information-gathering opportunities for potential ESG litigation. Accordingly, at the AGM, a measured and proportionate response from the chair often works best.
At the AGM
Developing an ‘activist interruption protocol’ which sets out a tiered response for how the chair would respond to activist interruptions. In practice, the removal of activists will need to be reasonable and legal in all circumstances and should be an option of last resort.
Running simulations so the chair is comfortable with the approach prior to the meeting, noting that his or her ability to remain calm will be key.
Monitoring social media of activist groups to detect activity and understand their plans.
Engaging with activist groups ahead of the AGM to understand whether any steps can be taken to prevent disruptions at the meeting.
Consider limiting attendance at the AGM to ‘invited visitors’ to reduce the risk of visitors who are not shareholders or appointed proxies disrupting the meeting.
Implementing security screenings at the venue to prevent certain items being brought into the room (eg, banners, placards, loudspeakers, superglue etc).
The rise of activism in corporate life is pressing chairs to sharpen their AGM playbooks
Solicitor SYDNEY
+61 2 9322 4116
EXECUTIVE COUNSEL
+61 2 9322 4859
Lauren Selby
+44 20 7466 2327
James Palmer
UK Head of Corporate Governance Advisory
+44 20 7466 7631
Gareth Sykes
+852 21014035
RACHAEL SHEK
+33 1 53 57 74 18
Laurence Vincent
+61 2 9225 5440
Mark Smyth
Chair and Senior Partner
+61 2 9225 5500
REBECCA MASLEN-STANNAGE
Strategies which can assist a chair with managing activist interruptions during an AGM include:
07
Banks find themselves suspended between two compelling extremes. On one side is the current economic downturn, post-pandemic malaise and ongoing geo-political uncertainty ratcheted up by Russia's invasion of Ukraine. On the other looms the long-term threat of climate change. Balancing opposing forces pushing finance groups in diametrically opposed directions presents a set of circumstances as stark as any faced since the banking crisis and one for which lenders can draw on little precedent.
The environmental focus of young workers continues to grow; recent research by Accenture found that over three-quarters of young people in the Asia-Pacific region planned to have a "green job" in the next decade.
Even if hard-nosed clients allow lenders to slide on climate action, there will be less wriggle room from the governments and regulators insisting banks help customers through the tough times, while also contributing to progress towards net-zero goals. For example, the UK Financial Conduct Authority (FCA) wrote to retail lenders in June 2022 to make clear that, "With household bills expected to continue to rise into the autumn, it is important firms act now to make sure borrowers struggling with payments and customers in vulnerable circumstances can access the help they need." At the same time, the FCA and Bank of England continue to engage with banks and the wider financial sector on environmental issues, from climate change stress testing to developing standards for green product labelling. Likewise, the Hong Kong Monetary Authority has launched multiple initiatives since the start of the pandemic to support retail and SME bank customers (as well as assist banks in doing so), while at the same time progressing with its sustainability agenda, announcing its latest two-year plan to integrate climate risk into its supervisory process in June 2022. Turning to the labour force, many staff are looking to employers to provide the remuneration to sustain them through difficult times. In the UK, perhaps the clearest indicator of concern is that 'Cost of Living' has been elevated to occupy a permanent tab on the BBC news website alongside 'War in the Ukraine', 'Coronavirus' and 'Climate'. Meanwhile, the environmental focus of young workers continues to grow; recent research by Accenture found that over three-quarters of young people in the Asia-Pacific region planned to have a "green job" in the next decade.
The challenge is only sharpened as contradictory pressures are being exerted by the same stakeholders on both sides of the equation – consumers, policy-makers and staff. A customer who wants to refinance a loan because they feel financially squeezed today will in the main also expect financial providers, products and services that are committed to sustainability. Through 2022, central banks and global agencies warned of increasing consumer debt – the Q2 2022 figures from the Federal Reserve Bank of New York (NYFed) reported the largest nominal increase in non-housing balances since 2016 as total household debt surpassed $16 trillion. And while the NYFed noted that household finances appeared robust overall, delinquencies among sub-prime and low-income borrowers were rising. At the same time, the European Securities and Markets Authority has noted a strong demand for ESG funds and improving retail access to sustainable financial products has been prioritised in the European Union.
Difficult decisions lie ahead. While tough choices are common for bank boards and management, the parameters are shifting, not least due to gloomy short-term growth prospects. Like many central banks, the Bank of England forecasts sharp falls in real household income to mid-2023, wiping out all gains since 2003, while the Organisation for Economic Co-operation and Development (OECD) says that the "gradual reduction of supply chain and commodity price pressures and the impact of rising interest rates should begin to be felt through 2023, but core inflation is nonetheless projected to remain at or above central bank objectives in many major economies at year-end". Meanwhile, long-term planning puts banks squarely into the realm of transition risks, with many united under the Glasgow Financial Alliance for Net Zero working to accelerate decarbonisation of the economy in line with 2050 net-zero targets.
It will be increasingly critical for finance groups determined to succeed and thrive in years ahead to assemble the right board and senior leadership team.
Clearly, not everything is a trade-off between today and tomorrow. However hard to find, proverbial win/wins will be unearthed where today's reward also largely translates into sustainable results for tomorrow. The rush across Europe to front-load investments in renewables and energy efficiency measures to mitigate the energy crisis provides a good example. But achieving such deft balances will require institutions under intense pressure to generate short-term financial results to show leadership and rigour. And, of course, a single decision cannot stand alone, there needs to be consideration of the cumulative impact, and ongoing assessment.
Dragons today, dragons tomorrow
As ever, strategic decision-making requires analysis of large quantities of information from a range of sources but what will worry boards will be the proliferation of there-be-dragons moments amid limited reliable data. That uncertainty may be due to regulatory and legal requirements that remain unfinished, because there are no consumers or users to survey, or because there is no reliable and recognised source of information for emerging challenges. And much like the explorers of yesteryear, crossing those unknown waters safely will rely on the right crew and mix of skills. It will be increasingly critical for finance groups determined to succeed and thrive in years ahead to assemble the right board and senior leadership team.
Finance leaders face a singularly difficult trade-off between short-term risks and intractable climate challenges to come
+1 917 542 7807
Marc Gottridge
+61 2 9225 5154
Nikki Smythe
PROFESSIONAL SUPPORT LAWYER
+852 21014125
Valerie Tao
DIRECTOR OF PUBLIC POLICY
+44 20 7466 2844
Paul Butcher
REGULATORY CONSULTANT
+44 20 7466 7494
Cat Dankos
Approach across jurisdictions
08
In recent years, financial services has been made to take a broader view of culture and consider different types of misconduct when determining the fitness of individuals to do their work. This growing focus on the cultural health of institutions has seen regulators and policymakers increasingly prod the industry to address poor behaviour beyond narrow financial wrong-doing. As the name suggests, non-financial misconduct (NFM), is the general term used to describe misconduct without a narrow financial incentive, for example, bullying, harassment and violent conduct, usually outside of work. This is misconduct that now potentially impacts on an individual's fitness and properness (F&P) and equivalent licensing standards in other jurisdictions. This article sets out the challenges in assessing NFM issues and explores how regulators are addressing this rapidly-evolving area.
The extent to which regulators in different jurisdictions are expanding their focus beyond financial misconduct to include NFM varies considerably. Most jurisdictions do not yet specifically consider NFM within their regulatory framework and instead rely on existing regulatory tools (for example, guidance on culture more generally) and other, non-sector specific areas of law, such as labour and criminal law. Where there is a defined F&P requirement, however, it is in almost all cases, broad enough to encompass NFM considerations. In contrast, UK regulators have seen such broader conduct issues as a key focus for some time. The Financial Conduct Authority (FCA) considers NFM, and the failure to address such areas to be indicative of a firm's culture, risking broader conduct breaches and compliance issues generally. While this has been the case for years, more recently, the FCA has also successfully banned four individuals convicted of sexual offences, most notably in the Frensham case where the regulators decision to ban an individual convicted of attempted grooming offences was ultimately upheld by the Upper Tribunal. These are "easier" cases involving small firms but illustrate the FCA's priorities in this area generally. Regulators of other professions are starting to produce NFM related guidance, including the Solicitors Regulation Authority's guidance on sexual misconduct. While other international agencies have not been as vocal, there has been growing attention given to this area. For example, the Hong Kong Monetary Authority noted in a recent consultation paper on its Mandatory Reference Checking Scheme that sexual harassment and bullying should be considered misconduct and be included as reportable matters under the scheme's scope.
The question remains open: what other types of non-financial misconduct might impact on fitness and properness?
Drawing the line
Conclusion
It seems clear that NFM involving dishonesty impacts on F&P. If you lie about who was driving when caught speeding, you are likely to lack integrity. More recently, some regulators (most notably, the FCA) have focused on serious sexual offences. Although the UK regulator encountered evidential difficulties in Frensham that went before the Upper Tribunal, the case confirms that conviction for serious sexual offences is likely to lead to an industry ban. So, if an offence involves dishonesty or is a serious sexual offence, it is easier to say the regulator will likely seek to ban that individual. However, the question remains open: what other types of NFM might impact on F&P? It is not difficult to imagine situations where the regulators and financial institutions needing to make F&P decisions are required to make moral and value judgments about specific (and often jurisdiction-specific) offences. Here, lines are considerably more difficult to draw. Consider offences with political dimensions (for example, charges relating to rioting/illegal-protesting, climate activism, national security and regime change). Another loaded area relates to penalties subject to social divides across different societies such as offences related to homosexuality, abortion and assisted dying. Consider further circumstances where there are allegations or rumours of sexual or other misconduct, where the facts are disputed and there is no determination by a court or tribunal. How are pending charges or unresolved allegations (as opposed to settled convictions) to be treated?
Policy – enhance policies and guidelines to address NFM expressly and make clear that the institution takes all forms of misconduct seriously because of its impact on culture.
NFM is at an early stage of its regulatory journey. As regulators turn their attention to such conduct, the focus has been on obvious or stark cases (ie, cases involving dishonesty and serious sexual offences). Its full scope within financial services regulation is yet to be truly tested and there are difficult decisions for regulators and financial institutions about where boundaries should be marked. There is a real risk of a regulatory patchwork emerging where different standards apply across jurisdictions. This would present a worst of all outcomes scenario for global institutions trying to enforce a consistent standard of conduct. A proactive, harmonised and international approach by regulators and industry participants should be championed to promote standards and provide clarity. It is difficult to see how such challenges will otherwise be resolved in a coherent way. Until a global standard emerges, there are three steps financial institutions should consider:
1.
Monitoring – monitor, investigate, and track over time, all forms of employee misconduct and the actions taken by the institution in response.
2.
Transparency – be transparent with regulators about the conduct of employees that are likely to be of interest, particularly where there is uncertainty or doubt as to whether the conduct is relevant from a regulatory perspective.
3.
Global moves to tackle broader wrong-doing in finance will leave institutions grappling with evolving, ambiguous strictures for years to come
+44 20 7466 2654
Michael Tan
MANAGING PARTNER
+65 68689822
Fatim Jumabhoy
+61 7 3258 6569
Jacqui Wootton
+49 69 2222 82541
Kai Liebrich
+44 20 7466 2490
Chris Ninan
'Fear of missing out' has led to banks increasing their participation in the crypto ecosystem. In Australia in 2021, two of the four major banks sought to engage with the sector, including Commonwealth Bank of Australia’s partnership with US crypto exchange Gemini to offer crypto wallets alongside bank accounts and ANZ launching a stablecoin. UK banks' embrace of the crypto sector varies widely, with some restricting customers' access to crypto platforms and exchanges. Such measures include banning credit or debit card transactions for crypto transactions, refusing deposits or withdrawals to and from some exchanges, and even closing or freezing accounts. While we have seen some banks engaging with the crypto ecosystem, regulators' globally have remained conservative, with consumer protection being front-of-mind. The Australian examples above prompted both the prudential regulator (APRA) and the securities watchdog (ASIC) to issue guidance asking banks to be cautious and reminding them to engage with regulators before undertaking such initiatives. This is against a backdrop of legislation under consultation to regulate those who custody digital assets. Meanwhile, the Monetary Authority of Singapore (MAS) discourages and seeks to restrict speculation in cryptocurrencies and is considering further measures to reduce consumer harm. MAS sees the most promising applications of digital assets in financial services in cross-border payment and settlement, trade finance and pre- and post-trade capital markets activities.
In Hong Kong, the demand for crypto products is increasing and regulators accept that virtual asset investment is here to stay. Earlier in 2022, the Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) published updated guidance on virtual asset-related activities in response to increasing enquiries from traditional finance institutions about distributing crypto products. In 2023, Hong Kong will also introduce a new licensing regime for virtual asset service providers focused on AML and investor protection. In the UK, stablecoins will be regulated, paving the way for their use as a recognised form of domestic payment. The UK's Financial Services and Markets Bill, expected to be finalised in early 2023, will give the government powers to create a digital asset regulatory regime, and the government has said it will consult later in 2022 on bringing a broader pool of cryptoassets into regulation. Separately, the financial promotion perimeter will be expanded in the UK to capture "qualifying cryptoassets". In the European Union, political agreement has been reached on the Regulation on Markets in Crypto assets (MiCA), which is expected to apply from around mid-2024. MiCA will create a legal framework for cryptoassets that are not covered by existing EU financial services legislation, as well as establishing rules for stablecoins.
BACK TO #CUSTOMERISKING ARTICLE
