What makes good conduct regulation?

Speech by John Griffith Jones, Chairman at the FCA, delivered at the Cambridge Judge Business School.

john griffith jones speeches migration.jpg

Speaker: John Griffith Jones, Chairman
Event: Cambridge Judge Business School, Cambridge
Delivered: 13 February 2017
Note: this is the speech as drafted and may differ from the delivered version


  • Good conduct regulation is built upon government policy, clear objectives and perimeters, shared understanding of risk tolerance, operational excellence, and efficient measurement of outcomes.
  • Our future success as a good conduct regulator is dependent upon continuing to hone these blocks so that they are individually sound and properly joined together.

Thank you for inviting me to speak at the Cambridge Judge Business School this evening. It is a pleasure to be here and to share with you some thoughts on what good conduct regulation looks like, especially financial conduct regulation, and how we can make it better yet.

This is a challenging task, as we have all experienced regulation in one form or another, and probably fancy ourselves as expert in pointing out what we consider to be bad regulation.

Good regulation is however more elusive. It is also my job!

Now is a propitious moment to have this conversation. Our direction of travel for the past forty years, and especially since the financial crash, has been closely harnessed to EU and to global initiatives. And whilst the next two years will necessarily be focused on achieving Brexit in accordance with the Government's negotiated outcome, there will come a time when we will need to step back to reflect on what we have and to step forward with what we need.

The FCA has been consulting on its own Mission, which, together with the input received from respondents will provide crucial input to our future success. I will not in any way preempt the end product, rather set it in context with the other building blocks that will create an optimal outcome for conduct regulation.

What are these building blocks? I suggest there are five:

  1. Government policy
  2. A clear set of objectives for the regulator, and a clear perimeter of coverage
  3. A well developed and shared understanding of risk tolerance
  4. Operational excellence
  5. A basis of measurement of inputs, outputs and outcomes, including intended and unintended consequences, with transparency of results

Each of these provides challenges to the FCA, and no doubt to the regulatory community at large.

So let me tackle them one by one.

Government policy

As a general principle, regulation is appropriate where, left to its own devices, the free market produces an outcome that is not in line with the elected government's policy, and where intervention will produce a better result. Typically, such interventions are in respect of:

  • social policy, for example universal access to the banking system, or protection of the vulnerable from being exploited
  • economic policy, control of natural monopolies such as the payments systems or support for chosen industries such as fintech or of safety or well-being, cyber security or financial stability

In some instances policy is relatively stable, enjoying cross-party agreement, and the support from regulation is more straightforward. But in others it is not, typically with a change of the party in power. We have our own examples of change in the FCA universe. The Government decides to change the pensions regime, the regulatory regime must follow suit. The Government wants a cap on the cost of pay day loans, the regulator is asked to implement one. With Brexit in train, we should not seek to hide from change rather than co-opt it, and clarify its impact on the regulatory regime as quickly as is possible.

Sometimes policy objectives compete. The politically desirable outcome of ‘have cake and eat it too’ is seldom available. We want universal access for our citizens to the banking system, but we want to prevent fraudsters from having access.

And sometimes we all wish, with the benefit of hindsight, that the Government had had a clearer policy when something happens which had not been anticipated.

What can we learn?

Policy is for elected government not for the regulator. This is not to say that the regulator should be passive in any sense; the FCA is perfectly capable and willing, to draw government's attention to the consequences of policy change. But experience tells us that regulation acts most effectively as a support for government policy not a substitute. It also makes clear that regulation cannot be independent of government, although regulators most certainly should be in discharging their duties.

Objectives and perimeters

We have come to realise that the more detailed regulation that we have the greater is the challenge of keeping it all current.

The FCA has an overriding strategic objective of ensuring that markets work well, supported by three operational objectives, all written into statute, of protecting consumers, promoting competition and enhancing integrity. Clear they certainly are, and valuable for that, particularly when they knit closely with specific policies. But they are somewhat high level, and it is difficult to divine the FCA’s likely response to individual issues based on these alone, hence the objective of our work on the Mission to close some of the gaps.

The question of the perimeter, what firms, what transactions and which products or services are covered by regulation has proved more problematic than you might have expected. The process for setting LIBOR fell outside the perimeter; physical trades in commodities are outside the perimeter, futures fall within; many small businesses feel aggrieved that they are not better protected from some of the actions of their banks, in part because they are excluded from the ombudsman's regime.

The problem is exacerbated further by the remorseless march of technology. Rules that were designed for the paperwork era do not work necessarily for the online one. The distinction between advice and guidance, once reasonably clear, has become much greyer with the advent of platforms and the potential of robo-advice. High frequency trading is a million miles from open outcry trading on an exchange. Artificial Intelligence puts the pooling of risk via insurance under pressure as individual odds become increasingly forecastable. An additional challenge comes from the differential pace of take up of new ways of doing things by the general public. Our children’s knowledge of cheques stretches little further than Christmas presents from grandparents. Many of them are uncomfortable with online banking.

There is no silver bullet for this state of affairs, it is for a good regulator to keep up and cope with change. The financial sector may have something to learn here from other regulators - telecoms and pharmaceuticals come to mind. The FCA is seeking to embrace technical developments through its Project Innovate and Sandbox initiatives. We have come to realise that the more detailed regulation that we have the greater is the challenge of keeping it all current.

Risk tolerance

Sometimes we can foresee issues before they surface, but more frequently it is the speed of response to early signals that is key to containing the scale of the damage that might otherwise occur.

If the first two building blocks were not entirely within the regulator's control, the next two largely are, though none the easier for so being. The expression ‘risk tolerance’ covers a multitude of sins, but at its uncomfortable core lies a recognition that we do not live in a perfect world, that our rules are going to be broken periodically and that we shall be accused of being deficient in allowing, or not preventing, such infringements to happen.  For some regulation there is a natural zero tolerance regime, air traffic and nuclear power safety being examples in point, but this cannot be the case for conduct regulation.

On the other hand, attempts to quantify ‘acceptable’ detriment, typically numbers of people affected or amounts involved, unsurprisingly cut no ice with the people disadvantaged. The approach adopted by the FCA has evolved over its short four year life, but there is more debate to be had. In essence, we have to distinguish between ex ante and ex post.

Ex ante we seek to anticipate the more material things that are more likely to go wrong, and to pass rules, conduct supervision, or occasionally to ban practices in order to reduce the likelihood of such events crystallising with detriment. Sometimes we can foresee issues before they surface, but more frequently it is the speed of response to early signals that is key to containing the scale of the damage that might otherwise occur. Sometimes, regrettably, it has to be a case of learning with hindsight, but this is still better than letting history repeat itself.

Given these inevitable fragilities we need ex post to have a system of safety nets. And we do: redress programmes, the Financial Ombudsman Service, the Financial Services Compensation Scheme, which are designed to protect those within the perimeter up to certain limits, and of course access to the law courts. We have learned from experience that ex ante prevention is much better - and much cheaper - than ex post cure. PPI is the ultimate case in point with a cumulative cost of rectification to date of over £25billion, for what was in essence an add on product.

Operational excellence

We need to understand psychology as much as being financial analysts. Behavioural economists have shed light on the way that real people behave, and it is not necessarily in line with econometric models.

It is a sobering fact that bad regulation can be more damaging to the economy than no regulation. Because financial conduct is as much about behaviour as it is about processes there is a high degree of subjectivity in what we do, and a corresponding risk therefore that we choose or execute poorly.

At a macro level, effective deterrence lies at the heart of operational excellence. Creating a regime where firms self-regulate to promote ‘good finance’ is the ideal to aim at. For that to happen we need to design our activities such that the proportionality of our rules, the chances of being caught breaching them and the  consequences of so doing, align firms' self-interest with the desired regulatory outcome. The greater the divergence of interest, the higher the costs of the regulator doing sufficient work to secure a given outcome and/or the greater the likely detriment being incurred. Effort and effectiveness need not be in linear alignment. A powerful example of this in practice recently has been the introduction of the Senior Managers' regime. Done at a comparatively modest cost, the regime has resulted in senior management concentrating on their firm's conduct in a much more focused manner, without the need for greatly enhanced supervision.

We need to understand psychology as much as being financial analysts. Behavioural economists have shed light on the way that real people behave, and it is not necessarily in line with econometric models. Human bias, over optimism, herding, hindsight and, dare I say it, apparent irrationality are alive and well in some consumers. So, unfortunately, are the asymmetry of knowledge, market power, and regrettably the temptation to cheat in some firms.

At the micro level, there is no electronically shrink wrapped manual that can tell a conduct regulator how to deal with each situation, the exercise of good judgement can be aided by technology, but not supplanted. Do we authorise that firm, allow this product to be sold, investigate that whistleblowing report, conduct this competition market study, pass such and such a rule, or initiate enforcement proceedings? These are ‘micro’ decisions that have to be made every day. It is a fact that the public perception of the regulator rests as much on these individual decisions as it does on the big picture. This we have to cope with - as the Chairman of the BBA said to me shortly after arrival in post ‘the regulators' lot is not a happy one’. Be that as it may, it is not as I would wish it to be. It is not just in the interests of the regulator, but of society as a whole, that the costs and consequences need to be measured in the round rather than by sensational headlines. After all it is the public who ultimately bear the costs of regulation as well as benefit from its outcomes.

Measurement and transparency

And so to my fifth and last building block, measurement and transparency. In their recent paper, Performance measurement by regulators’, the National Audit Office have set out some key concepts for the measurement of regulatory success or failure. The three principles of economy, efficiency and effectiveness can be broadly measured as inputs, outputs and outcomes. In the case of conduct, the last of these is not readily capable of quantitative evaluation, particularly when seeking to measure misconduct that was prevented. Equally, the apparently ideal state of nothing having gone wrong in a period may be due either to the excellence of the regulator or to the inadequacy of the detection system, time eventually tells! But some sort of measure is valuable, not least because it gives confidence over time to the public that the job is being well done. Proxies such as surveys, reported complaints, suspicious activity levels help to paint a picture, and become more persuasive if consistently measured over time. Aged only four, it is dangerously early for the FCA to claim any sort of success, but at least the soft measures that we have suggest that we are headed in the right direction.


The separation of the old FSA into its two component parts has had the consequence of giving conduct regulation a status and focus that it previously never had. Unlike the prudential environment there is a relative dearth of academic research into what works best. Not surprisingly, the building blocks that I have described tonight were not sitting in some intellectual builder's yard pre hewn to exactly the right dimensions. There is still, in my opinion, some way to go before we get them all where they need to be. We should also be cognisant of the fact that success is not siloed into these five compartments. Regulators need no reminding that we are only as good as our weakest link. Rome may not have been built in a day, but built it was.  We should be ambitious for our future, if a little patient with our rate of progress.