Conduct risk and suitability: what is the next generation of PPI?

Ten years after the High Court’s dismissal of the legal challenge to the FSA’s payment protection insurance (“PPI”) rules and approaching two years since the PPI claims deadline, seems like a fitting time to pause and reflect on the evolution since that time of approaches to conduct risk in retail financial services.

As a reminder, conduct risk is “the risk that firm behaviour will result in poor outcomes for customers.”[1] There was nothing inherently wrong with PPI, which had been in existence since at least the 1970s. The conduct failings associated with the product arose from the increasingly significant revenue that could be generated by its sale. Ambitious sales targets were supported by incentivisation structures and sales processes that prioritised revenues above customers’ interests, with suitability often ignored. 

In the last ten years, firms’ focus on conduct risk – and regulatory scrutiny of how such conduct risks are identified and managed – has only increased. More recently, the circumstances of COVID-19 have led to a doubling down on the FCA’s consumer protection statutory objective in a series of recent publications, culminating in the launch of the current consultation on the new consumer duty “that would set clearer and higher expectations for firms’ standards of care towards consumers”.[2]

In the current climate one area of heightened conduct risk is the treatment of vulnerable customers and what additional safeguards and controls are in place to ensure that such customers are treated fairly. New rules have been published on the treatment of vulnerable customers that will affect all stages of the customer journey. In this context in recent years the regulator has perhaps focussed more on the treatment of customers in financial difficulty than on potential mis-selling. The regulator has challenged firms to show how they ensure that customers in default or arrears receive fair outcomes, taking enforcement action against several firms where failings have been identified. There is a real challenge for firms to ensure that their collections processes are able to identify and respond to the particular circumstances of individual customers, and this challenge is only heightened by the impact of the pandemic: firms will need to be able to respond to the impact of widespread government supported and soon to end mortgage and credit repayment holidays, job losses, and far-reaching changes in personal circumstances. A collections process that fails to adequately consider the consumer’s circumstances, is likely to be found wanting by the FCA. The pandemic has brought lending to small and medium sized enterprises to the fore; it remains to be seen how the FCA might scrutinise firms’ activity in this space. 

In the general insurance market, the FCA’s conduct risk focus has been on pricing, with the recent publication of final rules to implement a package of measures to “…stop firms price walking. Insurers will be required to offer renewing customers a price that is no higher than they would pay as a new customer.”[3] While this sits squarely in the territory of consumer protection and treating customers fairly, it is a significant step towards direct price regulation. It also creates enormous practical challenges throughout the distribution chain in implementing the measures (for example, in identifying equivalent groups for pricing purposes). This represents the culmination of a seismic shift for the general insurance industry, that started in 2018 with the FCA’s market study. 

Whatever their area of operation, financial firms need to build conduct risk into the entire lifecycle to avoid the ‘next PPI’, to protect both customers and the firm and reflect these radically changed expectations. Specifically firms should consider their exposure to the ‘key drivers’ of conduct risk (inherent, structures and behaviours, and environmental);[4] how governance models embed conduct risk prevention; and how, if challenged by the regulator, a firm is able to demonstrate that its culture, strategies and controls deliver fair treatment to their customers. Firms need to be ask the right questions at the product design stage (does the product respond to real consumer needs? Does it meet consumers’ long-term interests?); and to incorporate identificaton of possible sources of conduct risk and how these can be mitigated or addressed through the monitoring of appropriate indicators of conduct risks – for example through outcome testing, indicators such as excess income generation, and consideration of themes emerging from complaints data.

How we can help

We draw on the experience gained from both our advisory and contentious practices when advising firms on the identification, management and mitigation of conduct risk, as well as engaging with the regulator in the context of enforcement action in relation to mis-selling. If you would like to find out more about how Linklaters can help you, please feel to get in touch with any of the key contacts listed.


[1] FSA Retail Conduct Risk Outlook 2011

[2] CP21/13: A new Consumer Duty 

[3] FCA confirms measures to protect customers from the loyalty penalty in home and motor insurance markets | FCA 

[4] FCA Risk Outlook 2013