The Central Bank of Ireland (CBI) published its annual Consumer Protection Outlook for 2022 on Monday, 14 March. In its report CBI, as part of their supervisory workstream, identify the primary drivers of risk for consumers in financial services.
This year’s report launches against the backdrop of the CBI’s Strategy that was launched in September 2021. The report identifies 5 key cross sectoral risks:
1. Poor business practices and weak business processes;
2. Ineffective disclosures to consumers;
3. The changing operational landscape;
4. Technology-driven risk to consumer protection; and
5. The impact of shifting business model.
The CBI describe poor business practices as those which result in the sale of products with features, charges and risks that are unfit for the needs of the purchasing consumer. These practices disadvantage consumers and often seek to capitalize on the lack of understanding the consumer might have in relation to the cost and function of the financial product. The CBI referenced differential pricing as an example of such practices. The CBI also categorise weak business processes as ones that might result in errors on customer accounts such as over-charging, incorrect application of interest rates and incorrect migration of consumers from one product or provider to another.
The CBI expect firms to:
- Put in place robust product governance and oversight arrangements covering the design, sale and delivery of the product.
- Design and bring products to market in a responsible way that meet the needs of the individual consumers identified for the product.
- Comply with the legislative requirements to assess the suitability of their products.
- Be clear on the reasons why a product or service is being offered to a consumer and why it is suitable for that consumer.
- Monitor products over time to ensure the product is performing as intended and remains suitable for the target market.
- When errors or operational incidents occur, ensure that consumers are treated fairly and put back in the position they would have been in had the error or incident not occurred.
- Ensure proper resources are deployed to deliver a high quality service.
- Place the best interests of consumers at the heart of their commercial decisions and how they provide services to consumers.
CBI also refers to the risk of ineffective disclosures, whereby that failure to provide clear information to consumers at any point in the lifecycle of a product of service might impact the decision-making ability of the consumer. The CBI emphasise the particular importance of disclosures in respect to complex financial products where the risk is high that a consumer might choose a product that is not suitable for their needs. While the CBI do acknowledge the benefits associated with the digital delivery of products to consumers including the ability to shop around, they also allude to the risks of information overload, specific risks relating to the gamification of online investment services as well as novel informational risks arising from unregulated cryptocurrencies. The CBI noted the particular importance of explaining what a product does not do and that communication of exclusions are needed in order to meet the reasonable expectations of consumers particularly so in relation to insurance investment products.
The CBI expect firms to:
- Provide clear information in a timely manner to consumers, disclosing the key information upfront (i.e. risks and benefits, fees and costs).
- Support consumers in making fully informed decisions by ensuring that information is provided in a way that it can be easily understood.
- Ensure that statements of suitability and other disclosures provided to consumers are fully compliant with legislative requirements.
- Disclose exclusions to financial products in an effective manner at the outset to support consumers in making good decisions.
- Ensure disclosure is as clear on digital media as with more traditional communications channels.
- Avoid greenwashing by producing disclosure documents that are clear, not misleading and fully compliant with the most recent legislative disclosure requirements.
The CBI acknowledged the changing financial environment which regulated entities operate in as a result of new business models, globalization, digitalization and a move towards sustainable finance. A risk lies in firms who cannot keep pace with the changing environment and risk failing in the service to customers with respect to commercial decision-making and in their guidance to consumers. The low interest rate and the financial innovation within the market have resulted in consumers being offered increasingly complex products which they may ultimately fail to understand completely. Particular concern was noted from the CBI that consumers may unknowingly move between regulatory regimes and beyond the regulatory perimeter and the protections it affords.
The CBI expect firms to:
- Actively identify and address risks to consumers that may potentially emerge from changes in the landscape within which the firm and/or its consumers are operating.
- Have sufficient operational resilience to manage change without creating risks to consumers.
- Engage with financial innovation from the perspective of consumers’ needs and best interests.
- Clearly delineate for the consumer between regulated and unregulated products, especially where they are offered within the same digital environment. This is especially important in the case of unregulated products carrying special risks such as virtual assets.
Technology-driven risks were also observed by the CBI. These include system weaknesses, outages and cyber vulnerabilities. These outages can lead to serious harm for consumers and a risk to data integrity might develop where poor data management and oversight is exhibited by a firm. The CBI also noted that entities are becoming increasingly exposed to cyber-attacks with the financial sector one of the most frequently attacked. Digital finance products also raise risks of increased numbers of scam and frauds experienced by consumers. Finally issues of accessibility and inclusion also arise where consumers lack digital literacy.
The CBI expect firms to
- Have well-defined and comprehensive information technology and cybersecurity risk management frameworks, supported by sufficient resources to achieve resilience and protect the interests of consumers.
- When designing and providing financial products digitally, ensure consumers’ needs and interests are central to the firm’s considerations and that the product will only be provided to consumers for whom it is suitable.
- Have effective measures to mitigate the risk of fraud and scams, and be proactive in identifying and dealing with cases of fraud or scams including engaging effectively with consumers affected.
- Demonstrate that they have appropriate oversight of any delegated or outsourced arrangements and can provide evidence that the risks associated with outsourcing and delegation have been appropriately considered and are being managed effectively.
The CBI have noted that the changing environment has led firms to re-evaluate how they provide their services. They noted that changes to business models should be responsible, transparent and fair and that a consumer centric approach should be taken. The CBI expect firms to have regard to the impact changes to and withdrawals of services are products might affect consumers and that cost benefit analysis should be undertaken. Timely communication to consumers of these changes is also paramount according to the CBI, to allow for sufficient consumer support during the transition. Where this is done benefits to consumers may be seen. CBI noted the particular importance for consumers to be able to access in-person engagement (face-to face or virtually) where they have a query or complaint even if the service has been provided digitally.
The CBI expect:
- Proactively assess the risks and consumer impact a commercial decision may pose to new and existing customers, and develop comprehensive action plans to mitigate these risks whilst ensuring that customers understand what changes mean for them.
- Have the customer service capacity and structures in place to meet expected service levels to provide a timely and customer focused service through all channels.
- Consider the impact of their decisions on vulnerable customers and provide the assistance necessary. This should include specific and effective processes and communication plans to support vulnerable customers.
- Only design and bring to market products with features, charges, and risks that meet the needs of consumers identified for the product.
Banking and Payments Federation Ireland Creditor Engagement on Consumer Protection:
In addition to this Insurance Ireland, also received correspondence from the Banking and Payments Federation Ireland (BPFI) with respect to Ulster Bank’s intention to withdraw from the Irish banking market commencing this year. As a result of this withdrawal mass movement of customers from one financial services provider to another by consumers and SMEs will occur. This might be done by the closing and opening of new accounts by consumer/SMEs or the affected entity may avail of a switching service as prescribed by the CBI’s Code of Conduct on the Switching of Payment Accounts with Payment Service Providers.
In the context of this the BPFI have identified the risk associated with updating account detail by creditors. From its experience creditors do not always accept instructions from customer’s bank to amend or update these details and further customer intervention is needed. In instances where they do accept instruction this might lead to a significant workload for creditors. As a consequence to the potential increase in switching requests, BPFI wish to engage with creditors in general on the potential impact this might have on customers and to agree possible steps that might limit or prevent undue consumer impact.
BPFI will hold meeting with creditors on Tuesday, 22 March at 10am via MS Teams to discuss the above. If your firm would be interested in attending and engaging on this topic you may contact email@example.com with the name and address of your nominee.