financial-services-internal-audit-conduct

Expertise

Conduct, Collections & Recoveries

Financial Services Internal Audit Planning Priorities 2021

Below we highlight new areas relevant to Internal Audit but also those areas we believe will have greater focus in 2021. We hope this informs your 2021 planning and assurance approach.



5.1. Collections and Recoveries



The risk of consumer harm is inherently greater for customers that are experiencing financial difficulties and the EU regulators have consistently championed the importance of consumer protection in this area, and the requirement to agree payment arrangements that are affordable and forbearance solutions that are appropriate. The wider economic impact of the COVID-19 pandemic has increased the scrutiny placed on a firm’s Collections arrangements as the regulator and organisations alike anticipate a significant increase in the number of customers that are likely to fall into arrears. It will be critical that organisations are able to respond effectively to an increase in the volumes of customers entering the Collections and Recoveries customer journey and ensure that these customers receive fair outcomes throughout all their interactions.

  • The COVID-19 pandemic is causing widespread concern and economic hardship for consumers, businesses and communities across the globe. The European regulators has announced several temporary measures in response to the pandemic that focus on supporting consumers whom are experiencing financial difficulty as a consequence of the pandemic.
  • Throughout the EU individuals continue to be affected by job losses, contract adjustments or furlough, and the EU regulators’ COVID-19 guidance is clear that it expects lenders to support customers throughout this period through the offer of payment holidays and placing a halt on repossession and litigation action until 31 October 2020.
  • The EU regulators have been actively liaising with firms, including requesting customer files for review, to understand the approach to the implementation of temporary measures and it has taken steps to understand what forbearance options are being offered to those customers that are unable to resume payments when a payment holiday comes to an end.
  • The European regulators have also issued a call for input regarding ongoing support for customers who have benefited from the temporary measures introduced as a result of COVID-19 but remain in financial difficulties.
  • In addition, Collections and Recoveries has been the subject of recent enforcement activity with areas of focus including; policy and procedures, agent competency, MI and oversight and outcomes testing.

Assessing affordability and suitability of forbearance arrangements:

  • Review amendments made to firm’s policies and procedures as result of the COVID-19 pandemic to ensure customers are being supported in line with the EU regulators’ expectations.
  • Assessment of the firm’s Income and Expenditure process to ensure that these are being performed for those customers that have requested payment holidays and that they are being used to determine whether other forms of forbearance should be offered.
  • Review of the MI in place to ensure it provides adequate oversight of those customers falling into arrears, the forbearance treatments applied and whether fair outcomes are being delivered.
  • Internal Audit should also continue to assess customer outcomes at each stage of the customer life-cycle: pre-arrears, early arrears, late arrears and litigation.

Tailored vulnerability management: Lenders will need to be flexible in their approach to forbearance, particularly for Vulnerable Customers. Oversight of this will be key. Assess whether consideration has been given to any enhancements that may be required to the policies, processes and controls that are in place such as system flags, mandate structures and appropriate MI.

Staff competency: Review the resourcing arrangements in place to deal with a potential spike in volumes of Collections and Recoveries and ensure teams are adequately skilled and trained in the provision of repayment plans, forbearance treatments and vulnerable customers in the event of a material increase.



5.2. COVID-19 Regulatory Internal Audit Considerations



The COVID-19 pandemic is causing widespread concern and economic hardship for consumers, businesses and communities across the globe. The European Governments have set in place social-distancing measures aimed at preventing the spread of COVID-19 and the pandemic has already had a significant impact on the EU and the global economy. Due to the ever-changing risk landscape shaped by COVID-19, it is imperative at this time that Internal Audit continue to consider the retail conduct risks that are emerging as a result. We have summarised some of the key retail conduct considerations that Internal Audit teams should consider when determining how to plan and shape its response to COVID-19.

The European regulators have reacted quickly to the current crisis issuing a number of temporary and targeted measures lenders should consider in order to support customers that may be experiencing financial difficulty. The EU regulators’ COVID-19 guidance is clear in that it expects lenders to make use of any flexibility within its rules to support customers, bearing in mind customers’ individual circumstances, and that it welcomes lenders taking initiatives that go beyond usual business practices. Lenders are, however, expected to notify the EU regulators of any initiatives that go beyond usual business practice to allow it to “consider the impacts and offer support as appropriate”.

The expectation is that lenders take reasonable steps to ensure they are prepared to meet the current and evolving challenges which COVID-19 could pose to customers, staff and the business. To manage the likely increase in customer contact, organisations are leveraging staff from other teams and departments. To quickly mobilise and empower staff to make appropriate decisions at all stages, they will need to ensure their approach, policies and procedures are clear.

Area of Focus

Vulnerability

Description

  • Has the VC policy been reviewed in light of COVID-19?
  • Has the impact of an increased volume of VCs been considered to ensure adequate resources are in place to meet customer contact demands, and that quality assurance (QA) will be sufficiently resourced and targeted on the right areas?
  • Does VC MI provide adequate visibility of the number and categories of VCs, and whether this is COVID-19 related?

Financial difficulty and Forbearance

  • If pre-arrears triggers have been identified and considered in light of COVID-19, is MI in place to support how these are monitored and tracked?
  • How is information on temporary measures such as payment holidays and freezes being captured?
  • Is analysis on customer cohorts taking place in order to determine effective customer contact and/or collections strategies when payment holiday/freezes comes to an end?
  • Is there robust governance and oversight in place regarding how key decisions are being made in relation to customer cohort analysis, and ensuring effective forbearance is in place?
  • Are plans in place to help manage an increase in arrears taking into account resource capacity and capability?
  • What are the arrangements in place to determine if fair customer outcomes are being delivered? Does QA and/or check the checker provide adequate visibility of this?

Effective communication

  • Is the communication strategy, as it relates to the EU regulators’ temporary measures, documented and clear? Has it considered the key operational and conduct risks that could arise, such as where customers hold multiple products and / or an increase in complaints? and is there appropriate oversight?
  • If digital programmes are being accelerated such as online portals, is there appropriate oversight and governance in place?
  • If aspects of the customer journey rely on face-to-face contact, are plans being put in place to adapt these communication strategies in light of COVID-19?

Governance​​

Ensure governance, controls and internal reporting are effective in the new environment, with an emphasis on overlay/post model adjustment governance processes.



5.3. Vulnerable Customers



Vulnerability continues to be high on the agenda of the industry and the regulator and whilst progress is being made there remains a number of challenges. Vulnerability is a ‘state’ not a ‘trait’ – many people will experience some form of vulnerability at a point in their lives and firms have to be flexible and forward-thinking in their approach to identifying these changing vulnerabilities and have operations that are designed to address them. Given the existing circumstances surrounding the COVID-19 pandemic, there may be enhanced volumes of customers that are in a ‘state’ of vulnerability and therefore require enhanced levels of support from firms.

  • Vulnerability continues to be of paramount importance to the regulator to ensure that the most vulnerable are protected. The EU regulators want to drive change and focus firms’ attention on what they should do to make sure the fair treatment of Vulnerable Consumers is properly embedded by firms in their culture, policies and processes throughout the customer journey.
  • The COVID-19 pandemic is likely to lead to an increase in the number of Vulnerable Customers and many of those customers may have multiple drivers of vulnerability. In light of this firms need to ensure that they have adequate levels of staff in place to deal with the increased volume alongside robust MI to track and monitor the outcomes delivered for these customers.

Area of Focus

Policy and procedures

Description

  • Assessing whether the firm’s policy and procedures have been reviewed in light of the COVID-19 pandemic to ensure the fair treatment of Vulnerable Customers that have been impacted as a result of the pandemic.

Management information​

  • • Ensure that appropriate MI is provided to senior Management and the Board so that they can continually monitor the fair treatment of Vulnerable Customers across the firm. Consideration should be given to whether the existing MI suite provides adequate visibility of the number and different categories of Vulnerability and whether there is sufficient MI in place to assess any changes to the conduct risk profile at firms due to the impact of COVID-19.

Quality assurance

  • Review the robustness of Quality Assurance and Compliance Monitoring frameworks to ensure there is appropriate coverage of Vulnerable Customers and that any treatment of Vulnerable Customers that falls below the FCA or firm’s expectations is identified and escalated accordingly.