The UK financial regulators’ proposals for creating a new regulatory framework for diversity and inclusion (D&I) in financial services are wide-ranging and detailed but have at their heart a few consistent themes. Considering the proposals against the backdrop of these themes is a useful way to appreciate the rationale behind them and the best way to implement changes.
The UK Financial Conduct Authority (FCA) and UK Prudential Regulation Authority (PRA) have each published consultation papers which contain proposals to support their ambition of creating a more diverse and inclusive financial services industry. Both regulators have outlined ambitious frameworks for embedding D&I across all aspects of firms’ governance, incentives, culture and risk management, as well as requiring greater public transparency over their targets and progress. These include requirements for firms’ D&I strategies, collection of data and target setting as well as amendments to FCA and PRA rules and guidance on non-financial misconduct.
Inclusion
Whilst diversity focuses on the composition of an organisation, inclusion is a much broader concept. A firm which is diverse but not inclusive runs the risk of such diversity being seen as tokenistic – both internally and externally – and losing diverse talent where staff feel their voices or experiences are not heard.
In our recent research into organisational culture in financial services, respondents cited a continued lack of diversity at all levels as a key challenge over the next two to three years. While many firms take positive steps to improve diversity at entry level, a lack of diversity at a senior level can be perceived as evidence that a firm does not value or promote inclusion, and that there are barriers preventing employees from different groups from advancing to higher positions.
Speak up culture is a key indicator of an inclusive organisation. Where individuals do not feel safe or encouraged to speak up, or do not trust the firm to take appropriate action, misconduct is more likely to go undetected, preventing firms from addressing issues before they escalate to legal claims or regulatory issues. Failure to escalate information appropriately was identified as an issue in 67% of FCA final notices published between January 2022 and October 2023. Improving inclusivity and creating an environment that encourages constructive challenge should help to reduce this risk for firms.
Personal conduct and individual accountability
The proposals set greater expectations of boards and senior management in relation to driving D&I ambitions. The proposed shift in terminology from D&I ‘policy’ to ‘strategy’ is reflective of the regulators’ expectation that leadership will proactively drive and monitor these commitments. Boards are expected to hold senior management to account for their delivery on D&I, including promoting the open exchange of ideas, constructive debate and sound decision making, and boards should consider appropriate incentives for senior managers. Role modelling behaviours will be a key consideration for leadership and middle management, and one where our research indicated much work is still to be done, with 75% of respondents giving an unfavourable rating when asked how their leaders role-modelled expected behaviours.
The PRA’s proposals include plans to extend the scope of certain current Prescribed Responsibilities so that Senior Managers can be held to account for the success or failure of D&I strategies. Whilst the FCA and PRA adopt different tones in relation to individual accountability relating to their proposals, the changes envisioned by those proposals will ultimately require careful consideration and present the need for significant changes, the implementation and operation of which will require careful oversight.
Given the importance of healthy cultures and psychologically safe working environments, the regulators are focused on addressing non-financial misconduct and, as a result, are proposing to explicitly include guidance on the potential implications of non-financial misconduct within the Code of Conduct, their fitness and propriety criteria, as well as suitability guidance on the FCA’s Threshold Conditions. Perhaps influenced by recent enforcement outcomes, the FCA seems particularly keen to clarify its position as to when and the extent to which misconduct outside of the workplace may be capable of impacting an individual’s fitness and propriety to perform their role for a regulated firm.
Risk management
As the 2008 global financial crisis emphatically demonstrated, culture risk needs to be understood, managed and mitigated as a core part of every firm’s approach to risk management. Our research revealed that 40% of the respondents do not consider their boards or senior leadership to be fully committed to maintaining positive culture in their businesses. The consultations aim to address this shortcoming, through proposing that firms should explicitly recognise D&I as a non-financial risk and embed management of this risk within governance structures and second and third line control functions.
In turn, this should support the focus on accountability by supporting boards and senior management in monitoring effectiveness of the D&I strategies in practice and identifying where targeted interventions may be required.
Beyond culture risk, reducing groupthink is expected to have benefits for the firm’s wider risk management and decision-making. Groupthink and a reluctance to challenge within firms has been identified as a significant facilitator of many of the failings that led to the global financial crisis. Consequently, both regulators have been focusing on this aspect of firm culture for some time.
Data-led regulation
It should come as no surprise that the proposals include significant focus on the collection, monitoring and benchmarking of data. In the FCA’s multi-firm review of D&I within financial services firms, it was noted that existing D&I strategies are not always informed by an effective diagnostic process and tracking of initiatives, which can lead to the risk of resource inefficiency and low impact.
To help address this challenge, the new proposals require firms to “take the temperature” on their own organisation by collecting data on a range of demographic characteristics, before setting targets to address under-representation at all levels. Firms are also required to collect data on inclusion by assessing how employees feel in relation to a range of inclusion measures, including speaking-up, challenge and discrimination. Challenges for firms will include ensuring sufficient employee engagement with any data collection exercise, which will require them to disclose sensitive information, and navigating any related data privacy issues.
As this series progresses, we will explore these reforms more closely and discuss the main legal and practical issues firms may face when implementing them if the regulators proceed with their current proposals.