Increasing customer and community expectations and regulatory pressure are pushing retail banks to rethink their business models. How banks prepare for and respond to heightening expectations will be a differentiator. The downside is huge, with direct impact on sales productivity, threats to trust, and large penalties.
Banks that can thread the needle and deliver good customer and shareholder outcomes will have the advantage. This requires rethinking business models at the intersection of risk, sales, and customer outcomes. Banks should take proven actions underpinned by clear standards and disciplined, systematic execution.
Increasing scrutiny of banks—a global trend
In various markets around the globe, banks have in recent years been the focus of increased scrutiny. As customer, community, and regulator disquiet grows, it is crossing borders and becoming a dominant theme for banks worldwide.
Few developed markets have been immune. In the UK, the exposure of mis-selling of Payment Protection Insurance at a handful of institutions in 2005 became an industry-wide enquiry resulting in some £40 billion in compensation being paid to customers to date.
In North America in 2013, what were initially thought to be isolated cases of fraudulent account openings became a full-scale conduct investigation (involving the FBI and the Federal Reserve), finding evidence of misconduct in sales practices in mortgages, credit cards, and insurance.
In 2017, the Australian government announced the launch of the Royal Commission into the Banking, Superannuation and Financial Services Industry. The year-long enquiry identified significant conduct issues across the financial services sector, including mis-selling and fraudulent charging of fees. Regulators are now stepping up enforcement measures, including launching a number of legal cases against some of the largest institutions in the country. The estimated cost of fines and customer remediations for the largest four Australian banks alone has now reached over A$8.5 billion.
Most recently, a series of actions by New Zealand’s prudential regulator against the largest banks in that market have also escalated, with public sentiment towards banks there also beginning to turn.
The value at stake
For banks, the value at stake as scrutiny increases is proving to be huge. Fines are only the beginning. The immediate impact on sales has been significant and the impact on reputation and trust may be lasting, opening the door to greater disintermediation by fintechs and large tech companies, who were already looming as a threat.
Implications for share-price momentum have also been severe. As an example, over the period of the enquiry into misconduct in the financial services sector in Australia through 2018, only a handful of institutions were spared significant share-price re-ratings, with the largest institutions experiencing between 20 and 50 percent overall reductions for the year. Meanwhile, the toll on employee engagement is yet to be calculated.
Why banks, why now?
The decline of community and customer sentiment towards banks continues to gain momentum, and regulator focus appears to be growing sharper. So, what are the drivers of these trends, and why are they coming to a head now?
- The focus on growth: In most large economies, housing-led growth has supported strong sales of residential mortgages and growth in consumer-led demand has fuelled growth in sales of other financial products. In the effort to maintain this commercial momentum, banks have been challenged to consistently balance meeting targets and delivering good outcomes for customers.
- An increase in complexity and the proliferation of financial products: As the complexity and proliferation of financial products has increased, supporting systems architecture has not kept up, a situation that can exacerbate the challenge of maintaining good risk management practices.
- Growth in use of financial incentives to improve performance: Historically, banks created incentive structures designed to boost sales as a priority, often to the detriment of customer outcomes, and have been overly focussed on financial rewards in the absence of alternatives (e.g., recognition, advancement, access to training and development).
- Challenges in non-financial risk capability: Retail banks globally have historically demonstrated strong credit risk management capabilities. Management of non-financial risk in contrast has not been well developed.
- Increased regulation and an increase in regulatory action: Banking regulation is increasing globally, with a focus on data security, capital adequacy and consumer protection, coupled with the increasing extent of supervision and active enforcement by regulators.
- Erosion of trust: Increased publicizing of risk failures through traditional and social media have eroded trust in the banking sector globally, and banking risk failures in some markets are having a tangible impact on regulator, community, and customer attitudes in other markets.
As a result of these trends, the banking sector has been playing catch-up in terms of identifying and addressing root causes of poor outcomes. This is in contrast to industrial sectors, which now have decades of experience systemizing improvements aimed at “engineering out” defects.
And the challenge for banks is immense. The current crisis in non-financial risk management spans failures in products, people, systems, and processes, down to product design, to the way that people are incentivized, and to how systems are developed and processes implemented. In addition, historically, banks have managed non-financial risk by designing policies and inspection of metrics and/or controls—not by redesigning core business activities and processes.
Banks need a systematic approach which aligns all of the inputs to quality outcomes and to higher standards across customer experience, product design, incentives, systems, and processes.
A bank’s response is a differentiator
Banks that can thread the needle and deliver good customer outcomes and good shareholder outcomes will thrive, not just survive, in the evolving environment. Challenged by rising compliance costs, and lack of customer and community trust, banks need to rethink business models at the intersection of risk, sales, productivity, and customer outcomes. This will require a mind-set and organisational re-set, underpinned by disciplined execution:
- Survive: Quickly identify and contain the biggest risk areas
Survival alone for most banks is the most immediate priority. Establishing a baseline for rising expectations is the first step, enabling understanding and prioritizing actions based on the evolving regulatory environment. This involves assessing not only regulatory momentum in a bank’s own market, but as regulation accelerates, knowing what may have come before in other markets. There is a relatively high level of consistency between regulatory actions across most developed markets, with a focus on a handful of dominant themes across sales practices, incentives, product design, conflicts of interest, security, capital, and culture and governance (Exhibit 1). These provide a useful starting point for assessing potential gaps.
The second step is identifying the areas where the bank is most exposed—this is critical to prioritizing a response. Banks should be prepared for the journey to be longer and more expensive than they anticipate at the start, and that issues will likely only increase for a period as they better understand the risk and control environment. Knowing where the largest areas of exposures are from the outset—and their root causes—enables a bank to make effective use of resources and investments. Incentives can be a good starting point. A common root cause of poor conduct outcomes are employee performance incentives that are overly linked to financial outcomes for the bank, and not to customer outcomes. To solve this, a number of institutions are redesigning incentives structures that include a balance between financial and non-financial incentives, and incorporating performance metrics linked to activity and customer relationship metrics rather than sales volumes alone.
- Thrive: Rewire the business model for an evolving environment
Rewiring the business model at the intersection of risk, sales, and customer outcomes is critical to deliver the strategic re-set required to compete. Organizations should prioritize those actions that enhance resilience and advantage and which have the largest potential for impact. Banks should balance solutions that address immediate root causes of poor outcomes with structural solutions that can help them compete over the longer term (e.g., bold decisions to exit product and business areas where there is no clear pathway to delivering good customer outcomes). Some Australian banks, for example, have exited product categories (e.g., credit insurance products where banks have been unable to distribute the products safely and consistently) or entire businesses (e.g., wealth management activities where conduct challenges have been pronounced).
Meanwhile, the rewired business model must be anchored in meeting rising customer, community, and regulator expectations. There has been significant recalibration of what constitutes a “good customer outcome” across the range of experience, safety, and financial outcomes—and banks need to be clear about how they define it (Exhibit 2). At the same time, a clear understanding of what makes for a bad outcome, in the context of specific products, can help banks focus on where to make targeted changes in their business model.
Trust has the potential to become a key point of advantage for banks. Delivering good customer outcomes underpinned by good conduct and a sound culture is now a base expectation, and trust is at the heart of how banks deliver these outcomes authentically. Given this context, banks must deeply understand how to build trust and commit to taking the steps to maintaining and building that trust with their customers (Exhibit 3).
- Sharp execution: Build a strong foundation for improvement and rapid change
A banks’ response plan must become the nerve centre that enables structured and disciplined execution which is both ambitious but pragmatic. A robust response plan includes:
- Be clear from the outset on the two to three shifts you will prioritize and carefully orchestrate plans to deliver: Start by identifying the areas which are likely to have most impact quickly. Shifting incentives, reducing product complexity, and investing in digitization are examples of areas which can both drive rapid transformation and support longer-term plans. Plans should be flexible enough to evolve as the organisation learns new things about how risk manifests and what interventions work best. Meanwhile, banks should be pragmatic about designing program cadence and targets. Remediation can be a long game. Being pragmatic and open with stakeholders about what can be achieved in a specific time period will be critical in regaining and maintaining trust.
- Be disciplined in tracking outcomes and holding people to account: Ensure that accountability starts at the top and role-model behaviours and expectations from the top down. Ensure there is a regular cadence and mechanisms to track activities and outcomes, and hold people to account. Stay close to your customers and employees and seek continuous feedback—many leading indicators of a rise in non-financial risk “hide in plain sight” in data sets that are poorly interrogated (e.g., customer complaints). There are examples of financial institutions in North America where a thorough analysis of customer complaints in the period leading up to significant investigative findings would have flagged incidents of mis-selling.
- Engage with regulators proactively: Banks should work with regulators to identify practical, safe, and sustainable ways to deliver good customer outcomes, underpinned by a thoughtful assessment of risk and consideration of controls. Banks should also offer to work with regulators as they consider how their recommendations will be enacted, to help avoid often unintended consequences of regulation.
Importantly, banks will need to be prepared for the long game. What took industrial companies decades to address, global banks are only now facing—and they are doing so under the high-pressure spotlight of traditional and social media. Regulatory scrutiny of conduct and of customer outcomes will likely continue to grow and extend to other markets. Forward-thinking banks should work now not only to survive this scrutiny but to thrive, by proactively linking customer, risk and shareholder outcomes, enabling a step change in customer experience and trust.
 McKinsey’s 2018 Compliance Benchmarks Survey found that nearly half the sample of banks in North America and Europe saw compliance costs rise by more than 20% during 2014–16. The cost of compliance for banks where more acute issues have emerged more recently (e.g., Australia) continues to rise. See our report here: https://www.mckinsey.com/business-functions/risk/our-insights/the-compliance-function-at-an-inflection-point