The documents, released 30 November 2022, comprise:
- an information sheet on fair conduct programmes,
- a guide to financial institution licence requirements, and
- final standard conditions for Financial Institution licences.
This update summarises key aspects of the FMA’s information sheet on fair conduct programmes. The information sheet sets out the FMA’s expectations as to the possible content of fair conduct programmes and the process by which they should be developed and implemented. Financial institutions may find it a useful resource as they commence the process of developing their fair conduct programmes and becoming COFI Act compliant.
A fair conduct programme
The COFI Act has introduced a 'fair conduct principle', which requires financial institutions (that is, banks, licensed insurers and non-bank deposit takers) to treat consumers fairly and pay due regard to their interests.
The fair conduct principle will be operationalised by imposing a legal duty on financial institutions to establish, implement and maintain an effective fair conduct programme – policies, processes, systems and controls designed to ensure a financial institution treats consumers fairly.
A fair conduct programme must be in writing and meet minimum statutory requirements. Information on the fair conduct programme must be made publicly available. Failure to comply with these obligations may give rise to civil liability under the FMCA, including a pecuniary penalty.
There is no prescriptive form for a fair conduct programme. It may comprise a single overarching policy or framework document, or a combination of new and existing policies, processes, systems, and controls. In each case, institutions will be expected to identify all of the policies, processes, systems and controls that form their fair conduct programme, and to demonstrate how they considered all relevant legislative factors – for instance, by including commentary about this in the programme.
Clearly defined roles and responsibilities
The FMA expects the governing body (i.e. the Board) to set clear expectations for senior management about the fair treatment of consumers, and take accountability for those expectations being met.
A fair conduct programme must identify, articulate and document the responsibilities of those personnel or functions within the financial institution tasked with facilitating compliance with the fair conduct principle. Where roles are not dedicated to fair conduct, but such conduct forms part of the responsibilities of one or more roles, the FMA expects them to be documented in the fair conduct programme.
Board oversight of the fair conduct programme
The FMA considers that an effective fair conduct programme must have the support of the financial institution’s governing body. The governing body must have oversight of, and take accountability for, compliance with licence obligations and COFI Act requirements. It must also approve the final content of the fair conduct programme.
A fair conduct programme will require regular and comprehensive reporting of conduct risks (and non-compliance with the fair conduct principle) to the governing body. The FMA has indicated such reporting should include lead and lag indicators, and data from different sources, to provide a “comprehensive picture of the financial institution’s conduct towards consumers”. Governing bodies will also need “to satisfy themselves that they are receiving sufficient information from management, and be proactive about requesting what they need”.
Resourcing and expertise
The FMA expects financial institutions to obtain and maintain sufficient financial and human resources at all levels of the organisation to establish, implement and maintain their fair conduct programme. This includes:
- Sufficient investment to ensure IT systems are accurate and align with how a new product is described and marketed to consumers.
- Ensuring the Board and senior management have sufficient capability to govern and manage conduct risk. This may require additional training, or strengthening their leadership teams in the area of conduct risk management.
Responsibility for COFI Act compliance cannot be outsourced
The FMA stated that the outsourcing of all or part of the process of establishing, implementing or maintaining a fair conduct programme will not absolve the financial institution of their responsibilities as a licensed entity. Financial institutions must therefore ensure they fully understand their fair conduct programme, and have personnel who are responsible for the implementation and ongoing operation of that programme.
Employee training
Each financial institution will need to determine the frequency, delivery methods and content of initial and regular ongoing training for employees. The FMA has said that training:
- May need to be tailored for different employees, depending on their roles (for example differentiating between consumer-facing frontline staff and back-office employees).
- Should be relevant and proportionate to the nature and size of the business and the conduct risks that the financial institution faces.
- Should be reviewed and updated over time to reflect insights from assurance activities, any changes to the matters the training is required to cover, changes in the financial institution’s business, and new and emerging conduct risks.
Assurance processes
The FMA expects financial institutions to have assurance processes to assess the effectiveness of their fair conduct programme, such as internal control or quality testing, measurement against performance indicators, and/or review by an independent party such as an auditor or compliance consultant.
Existing assurance processes (including compliance assurance programmes required under existing licensing conditions) may be used or adapted to provide assurance regarding the effectiveness of their fair conduct programme. Financial institutions will need to be able to explain their approach to assurance and why they consider it appropriate for their business.
Review of the fair conduct programme
The FMA expects financial institutions to regularly review their fair conduct programme to ensure it continues to be relevant and proportionate to their business. There is no specified frequency for reviews, but the FMA says it may be influenced by conduct risks and “trigger events” relevant to the business (e.g. periods of significant change in the business or after the identification of conduct that fails to comply with the fair conduct principle).
A review of the fair conduct programme should have the following features:
- It must be sufficiently detailed in order to systematically identify and remedy any deficiencies in the effectiveness of the fair conduct programme.
- It should include consideration of the policies, processes, systems and controls that comprise the fair conduct programme (noting that some components may already be subject to separate regular review, depending on their nature and how critical they are to the business).
- It should take into account the results of the financial institution’s assurance processes, which should provide relevant insights into the effectiveness of the fair conduct programme.
Financial institutions should also be able to demonstrate they have undertaken a review of their fair conduct programme, show the outcomes of the review and detail steps taken to remediate any deficiencies. The FMA expects the outcomes of reviews to be shared with the governing body, and for that body to approve any material changes to the programme.
Next steps
Although the COFI Act may not be fully operational until 2025, financial institutions will be able to apply for a COFI licence from 25 July 2023. A successful application will require a fair conduct programme to be in place.
Given this timing and the work potentially required to develop a compliant fair conduct programme, financial institutions would be well advised to start considering how their organisation expects to meet the requirements of the COFI Act.
For more information on any of these matters, or for assistance in establishing and implementing a fair conduct programme, please get in touch with the contacts listed or your usual Bell Gully advisor.