Culture and governance

Speech by Mark Steward, Director of Enforcement and Market Oversight at the FCA, delivered at the MetricStream Governance, Risk and Compliance Summit in London. This is the text of the speech as drafted, which may differ from the delivered version.

mark steward speeches 340 180 migration.jpg

Thank you for inviting me here this morning.

Just across the road from here is Lancaster Gate tube station and, around us, the visible remains of nineteenth-century London’s burgeoning middle class: a century of industrial business, around the corner from London’s first department store and the beginnings of retail shopping trade – i.e. the birth of the retail customer.

Not long afterwards, Westbourne Grove, a block or so away from here, became known as ‘Bankruptcy Avenue’. However, by the 1870s, Westbourne Grove was back in business.

By the 1890s, Oscar Wilde described the cynic as the man who knew the price of everything and the value of nothing.

Today do we fully grasp Wilde’s wit? The man who knows the price of everything – in today’s terms – might well be the most highly prized.  But if he knows the value of nothing, what is he really worth?

Culture and governance

Today I would like to speak about culture and governance, but mostly culture. Culture is in danger of becoming a buzz term, an integrated ideal of good governance, regulatory compliance and fair process. Intangible, theoretical, in danger of becoming merely regulatory, and yet another catchphrase, it cannot be bought, nor sold. Wilde’s cynic would be unable to tell what the price is and he would still not know its value.

Yet there is value in culture and without it there is cost, as we have seen in recent years.

So what is it really? How to make it more than regulatory? How to make it easier for those who know the price of relying on the wrong values?


From a regulatory standpoint, we can start with rules and standards. Good rules and standards describe the expectations and set the boundaries. But they’re not like the rules of a board game: they don’t determine the moves made by every player. Alone they cannot create the environment in which good governance, regulatory compliance and fair process magically appear – more is needed.

What then is the more that is needed?

First, a detailed understanding of the nature of the business. I remember once asking to see board papers of a bank suspected of mis-selling a financial product. What papers had been laid before the board about the sale of this product to its largely retail customers? One might have expected evidence that a detailed due diligence of the product (which in fact was a complex structured product) had been conducted, an assessment of its risks, a study of the kinds of customers for whom it might be suitable, a plan for how the product would be sold, including how frontline staff would be trained etc. What came back to the board was a single slip of paper that calculated the profits that would be earned if the product could be sold widely from commissions that were being offered by the issuer. A good effective understanding of the nature of the business means knowing how the front line, the middle management and the senior management actually operate.

Secondly, because senior management cannot be watching everything all the time, there need to be effective systems and controls to ensure the business is operating effectively and in accordance with standards of conduct that have been designed and approved by senior management. I remember another institution that created terrific systems and controls – but they were all on paper, not implemented. In yet another case, effective systems and controls had been implemented, but they were not maintained – no upkeep, no training for new staff, no repair, review or reporting. All of these mistakes were fatal ones.

Thirdly, there needs to be a healthy dose of reality. The paradox of systems and controls is they can lull senior management into a false sense of security. Systems and controls cannot be ‘set and forget’. In fact, let us not forget that systems and controls are predictable, which means they have gaps that can be exploited. Think of the number of rogue trading cases where the trader has exploited past back-office expertise. So what is needed is a risk-focused counterfactual or counterintuitive audit from the perspective of the cynic who is able to exploit the price of the system’s gaps – yes, the cynic’s perspective is not without value.

What is needed for this?

There can be no complete prescriptions. Clairvoyance would help but is generally not available or reliable. Prudent forethought is better but is not enough unless it is accompanied by:

  • a sense of not only what should be done but a compulsion to set about doing it
  • an interest in execution – being able to think through what is needed and to actually perform it
  • an ability to lead and to engender leadership across an organisation.

A dose of reality?

A key challenge in making culture a pragmatic reality is the difficulty in knowing whether the culture that exists is good or even working.

There is no standard regulatory metric, nor is there any prescription. Is culture about the right ‘vibe’? If so, that’s not very satisfactory.

One way of knowing when culture has failed is when things go wrong and get worse or just go wrong again. This may be worth some thought.

  • How quickly does it take for problems to escalate to the right person or group of persons for effective decision making or action?
  • How many problems linger in the inbox or the draft box or the bottom drawer beyond their easily fixable date?
  • How difficult is it to fix things once they are detected?

How long? How soon? How hard? These questions beg qualitative or numerative answers that may be capable of measuring and, in a proxy sense, giving us a metric for how well an organisation is able to deal with things that don’t go well or don’t go according to plan. 

We know problems that don’t get resolved get bigger or more toxic, so the ability to nip things in the bud should be a vitally important organisational imperative. If so, can this not become the insight for a series of effective cultural metrics? I think this is achievable.

In another context, and in the wake of Volkswagen’s admissions of cheating US emissions, Bern Osterloh, Chairman of the General and Group Works Councils of Volkswagen AG, said to Volkswagen staff that 'we need in future a climate in which problems aren’t hidden but can be openly communicated to superiors'. I agree; it pays to listen to what is said from the depths of crisis.

Regulatory enforcement

Let me now put this into the context of my world also.

The fact of misconduct in our markets should not surprise or scandalise us: some misconduct is inevitable. I am referring to fault-based wrongdoing rather than the inevitability of things just going wrong, so how we react is important.

Misconduct that is detected quickly and effectively uprooted should engender confidence in our market, demonstrating the system is up for the task and users of markets and financial services, including consumers of all hues, can have confidence that the risks they bear do not include the risks of misconduct.

The benefits of nipping things in the bud, especially where there is or may be a misconduct issue, are real and tangible ones: but the balance is a delicate one – missing the opportunity and allowing a problem to grow unchecked will erode confidence far more quickly than it can ever be engendered. This is why an organisation’s culture is so important.


Let me now finish on this note. First, confidence and integrity in our markets and financial services are not abstractions. They can be made real and tangible if the will and imagination is there. Of course Wilde’s cynic will miss the point and see that it is all about fines when it is really about the importance of our values.

Secondly, there is no point knowing the price of everything if only the most important things are worth knowing.

Thirdly, I think this is achievable.