As set out in our Initial Observations on the Central Bank of Ireland's Consumer Protection Code Consultation Paper, the Central Bank of Ireland ("Central Bank") has proposed a revised structure for the Consumer Protection Code ("CPC") under CP158 - Consultation Paper on the Consumer Protection Code ("CP158") comprising:
(i) the Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations, ("Standards for Business Regulations");
(ii) the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Conduct of Business Regulations) ("Conduct of Business Regulations");
(iii) the Supporting Guidance on Securing Customers' Interests ("Guidance"); and
(iv) the Supporting Guidance on Protecting Consumers in Vulnerable Circumstances;
(together the "Revised Code").
Our previous Insight provided an overview of the Standards for Business under the Revised Code which all regulated financial service providers ("RFSPs") must comply with in their dealings with customers. While a number of the Standards for Business align with the existing general principles under the CPC and other legislation, one of the new Standards for Business that RFSPs will need to consider is "Securing Customers' Interests".
This Insight will focus on Securing Customers' Interests.
Scope
Securing Customers' Interests is a Standard for Business that applies to all RFSPs under the Standards for Business Regulations, other than those providing MiFID services and crowdfunding services (for which there are equivalent regimes in EU legislation) and credit unions ("Excluded Firms"). This includes both existing and potential customers.
The Securing Customers' Interests Standard for Business is limited to RFSPs when dealing with a customer who is a 'consumer' in Ireland. Under the Revised Code, a consumer includes individuals, groups of individuals (such as partnerships) and small corporates in Ireland, (which have turnover of up to €5 million). Therefore, Securing Customers' Interests will not apply to RFSPs carrying on non-consumer business in Ireland or business outside of Ireland.
While the Standards for Business Regulations and Guidance do not apply to Excluded Firms, the Central Bank has nonetheless noted its expectation in CP158 that these Excluded Firms would consider and apply the Guidance in the context of their obligations to 'act honestly, fairly and professionally in accordance with the best interests of its clients' in equivalent regimes in EU legislation when dealing with Irish consumers.
In addition, the Central Bank intends to consider the application of the Revised Code to credit unions in due course.
Securing Customers' Interests
In introducing this new Standard for Business and Guidance on Securing Customers' Interests, the Central Bank is seeking to address the lack of clarity that exists in terms of what it means to "act in the best interests of customers" and how this can be balanced against the commercial objectives of a regulated firm. In particular, the Guidance sets out the Central Bank's expectations as to the actions RFSPs should take and the mindset they should have in order to comply with this new Standard for Business, through a number of case studies and illustrative examples.
It is worth noting that the Revised Code itself seeks to provide RFSPs with an outline of the legal framework required to deliver on the obligation to secure customers' interests. Therefore, effective implementation of the Revised Code and other existing customer protection requirements should go a long way to assisting RFSPs in meeting this Standard for Business.
In addition, Securing Customers' Interests builds on the culture and conduct requirements under the Individual Accountability Framework. As such, RFSPs that place the customer at the heart of their business model and are focussed on delivering positive outcomes for customers in their actions and decisions may find little change in practice in seeking to implement this new Standard for Business and Guidance.
However, the challenge may be ensuring that the overarching governance and risk management framework of a firm appropriately documents and reflects how the requirements are implemented in practice.
What Securing Customers' Interests means in practice
Securing Customers' Interests will require RFSPs to:
(i) ensure that its culture, strategy, business model, decision-making, systems, controls, policies, processes and procedures take into account its customers' interests;
The Guidance states that "Firms exist in the first instance to pursue their commercial objectives. However, while pursuing them, financial firms are required to do so in a manner that places their customers' (and potential customers') interests at the heart of their culture, strategy, business model, decision-making and operations." Therefore, customers interests are not required to be placed ahead of the commercial objectives of a firm. However, RFSPs must be able to demonstrate how they have given due consideration to securing customers' interests in all of their actions and decisions.
RFSPs are expected to take ownership of this obligation with clear individual and collective responsibility and accountability evident within the firm. Customer-focused attitudes and behaviours should be promoted from the top down and a collective understanding of the actions and mind-set required to comply with this obligation should be visible throughout the firm.
Commercial decision making and strategy should properly incorporate consideration of customers' interests. This is particularly important in the area of business model changes and innovation, where the full impact of any such changes on and outcome for customers should be taken into account. This will be considered further in a later Insight on Digitalisation.
Effective management of consumer protection risks should be reflected in the governance and controls of a RFSP. In addition, the systems, controls, policies, processes and procedures put in place to execute and deliver a firm's strategy and business models should be designed in a way that properly considers customers' interests.
(ii) act in accordance with the reasonable expectations of customers;
The Central Bank notes in the Consultation Paper that "trust and confidence that firms will act in their customers' interests is essential to the effective functioning of the financial system".
The Guidance does not specifically set out examples of how RFSPs are expected to demonstrate that they have acted in accordance with the reasonable expectations of customers. However, it seems to us that this aspect of Securing Customer's Interests has broad application across all obligations of a RFSP under the Revised Code. Therefore, RFSPs who seek to understand the expectations of their customers and implement effectively the requirements of the Revised Code should have little difficulty in meeting this obligation.
(iii) take into account the interests of its customers when designing products and services, and the methods of delivery;
This aspect of Securing Customers' Interests is closely aligned with existing product oversight and governance ("POG") obligations of RFSPs in sectoral legislation and the Central Bank's Guidance Guide to Consumer Protection Risk Assessment ("CPRA"). As such, this should not represent a new compliance obligation for RFSPs. However, we have found that POG frameworks are not always fully aligned with the relevant sectoral requirements and expectations of the Central Bank and can lack practical guidance to ensure effective implementation Therefore, RFSPs should use this opportunity to review their existing POG arrangements to ensure that the requirements are holistically implemented across their business from documentation, governance, control, monitoring, review and reporting perspectives.
RFSPs may also find the Guidance useful in further illustrating the Central Bank's expectations with respect to POG and the particular examples of practices, which the Central Bank considers as requiring further POG scrutiny, in light of their own business models, products and delivery channels:
(a) product incentives such as mortgage cashback in circumstances where that incentive ultimately results in a more expensive product over the life time of that product; or
(b) complicated investment products that may only be appropriate for a narrow target market under an advised sales process, where a firm can determine the suitability of the product and level of understanding.
(iv) ensure that its products and services are not designed to unfairly exploit the behaviours, habits, preferences or biases of customers leading to customer detriment;
RFSPs operating in the home and motor insurance sector will be familiar with this obligation under the existing differential pricing rules, which banned so-called 'price walking' for providers in this sector (i.e., where customers are charged a higher premium when staying with the same provider)
The Guidance states that "firms can pursue commercial goals, but they cannot seek to generate inappropriate gains or advantages by leveraging consumer susceptibilities created through consumer behaviours and habits such as inertia or 'stickiness' which result in customer detriment".
The Guidance further states that "exploiting customer inertia to apply differential pricing is an example of the types of scenario where firms should ask themselves what are the assumptions and drivers underlying their approach and challenge themselves on whether their approach is aligned with their responsibility to secure the interests of customers (and potential customers)".
The differential pricing rules have been incorporated into the Revised Code under Part 4 (Insurance) and remain limited to home and motor insurance products. However, it seems to us that the Central Bank has de facto broadened out the application of these requirements (and other similar practices that may take advantage of customer behaviours) to all RFSPs under the securing customers' interests Standards for Business when dealing with Irish consumers.
In the context of digitalisation, the Guidance provides that RFSPs cannot use data, AI, algorithmic profiling, dark patterns or choice architecture to identify behaviours, habits, preferences or biases for the purpose of exploiting these to target customers and cause customer detriment.
(v) ensure effective resolution and disclosure of complaints and errors in an efficient, fair and timely manner;
Similarly to the existing CPC, all RFSPs will be subject to general obligations with respect to the handling of consumer errors and complaints under the Standards for Business.
A number of additional changes have been proposed by the Central Bank to the complaints and errors handling requirements in respect of consumers under the Revised Code, which will impose enhanced governance obligations on RFSPs. The specific changes will be explored in a later episode of our insight series.
(vi) clearly distinguishing for customers between the firm's regulated activities and its unregulated activities including by taking all appropriate steps to mitigate the risk that a customer will understand an activity to be, or to carry the protections of, a regulated activity where this is not the case;
The Central Bank has for some time been concerned with the potential 'halo effect' of RFSPs offering unregulated products or services and the lack of understanding by customers in the differing protections available.
The Revised Code imposes enhanced obligations on RFSPs carrying out unregulated activities with respect to how information on regulated and unregulated activities (in particular the differing protections available) is presented on websites, advertisements, digital platforms, written correspondence.
The Guidance specifically considers the use of identical or similar branding across regulated and unregulated activities as contributing to confusion or misunderstanding on the regulatory status of a product or service and requires RFSPs to take appropriate steps to mitigate against this.
These measures should not be seen as an absolute prohibition on RFSPs offering unregulated products. Rather, they are focused on ensuring customers are not misled into believing that unregulated products carry the protections of regulated products. In our view, RFSPs should focus their systems, controls, processes, policies, procedures and disclosures on ensuring that outcome.
However, the Central Bank has noted in the Consultation Paper that in order to remove any confusion as to whether a product is regulated and eliminate any risk that customers think they are in "regulated territory" in many cases "it will not be possible for a regulated firm to offer unregulated products or services". The Central Bank further notes in the Consultation Paper that "a firm securing customers' interests will not seek to avoid the new Supporting Standard for Business by setting up a new unregulated entity or subsidiary, which may be designed to sell unregulated products and services under the branding of the regulated firm".
The Central Bank intends to issue guidance to RFSPs on the use of branding, which may reflect the above commentary in the Consultation Paper. However, this is an important point for RFSPs offering unregulated products to Irish consumers to be aware of, as it represents a significant shift in the landscape for RFSPs offering unregulated products and could have a critical impact from an operational and commercial perspective. Ultimately, it will be a matter for RFSPs to determine whether, in the course of offering unregulated products, they can reasonably conclude that consumers understand that such products do not carry the protection of the RFSPs' regulated products.
(vii) deliver fair outcomes for customers
The Central Bank notes in the Guidance that the way in which a business measures its success should include consideration of outcomes for its customers.
This aspect of Securing Customers' Interests has broad application across all obligations of an RFSP, such as product design and delivery, communication and engagement with customers and protecting vulnerable customers.
This obligation requires RFSPs to consider how to apply the Revised Code to their actions and decisions in a way that optimally secures customers' interests by focusing on fair customer outcomes.
Neither the Standards for Business Regulations nor the Conduct of Business Regulations go so far as to specifically require RFSPs to deliver fair value. However, firms are expected under the Guidance for Securing Customers Interests to ensure that pricing practices do not result in unfair outcomes for customers. In CP158, the Central Bank has also commented that "a well-functioning market exhibits... fair and transparent price formation". Therefore, it seems to us that firms may nonetheless be expected to consider the fairness of pricing in seeking to secure customers interests. However, this is an area that would merit further clarification from the Central Bank.
Securing Customers' Interests is a fundamental obligation of all RFSPs when dealing with Irish consumers and will need to be incorporated into all aspects of a firm's operations and decision-making processes. A root and branch review should be undertaken as part of the implementation of the Revised Code to consider and document how the firm meets this obligation.
Upcoming
Keep an eye on Matheson's Insights page for our next Insight in this series.
Insight Series on the Central Bank of Ireland's CPC Consultation Paper
1. Initial Observations on the Central Bank of Ireland's Consumer Protection Code Consultation Paper
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.