Finally, a deadline has been set for consumers to make claims for payment protection insurance (PPI). The regulator, the FCA, has said it wants to bring the matter to an “orderly conclusion”, helping banks to manage their liabilities and no doubt hoping the public will regain confidence in financial services.

After 29 August 2019, it will be too late to obtain compensation for being mis-sold a product that has brought shame to the financial services industry and is one experience that risk managers will never want to see repeated.

Although there are proponents of the insurance who say it has a place, too often it was recommended to people who did not need it. Premiums were often steep and many did not even realize they were paying for it, in fact there are many examples of it being bundled in with little or no customer consent. Equally, it was sold to those with pre-existing health conditions or those who were self employed and so would be ineligible to claim.

The mis-selling has reflected badly on the banks and prompted many to ask why the product was sold with such poor supervision, guidance and risk management control. Why did bank staff continue to be incentivized for mis-selling even when reviews were taking place and why was the problem so endemic?

PPI was a governance failure, of banks failing to regulate their procedures and its legacy will live on after the August deadline. Has behavior changed? Many would feel there have been improvements, but complacency is dangerous.

There are products similar to PPI springing up, for example those styled as ‘debt freeze’ plans, but now is the time to make sure standards are not allowed to slide again. There are also other areas such as annuities and packaged banks accounts, which have raised concerns.

So, have the lessons in Risk Management been learnt?

In terms of regulation, the FCA certainly appears to have a much more rigorous approach in comparison with the then FSA and its often suggested “light touch” attitude.   Under the FSA there were indeed reviews and there were fines, but these failed to have much impact. It was easy money and so the regulator was ignored.

Much of the blame has been aimed at Financial Institutions having a culture that focused on short term profit maximization with little regard for the future implications or risk management.  PPI sales staff were often under pressure to hit targets and there is anecdotal talk of employees facing bullying and humiliation if they failed to perform.

Equally those at the top need to have a better insight into what is going on – some banks claimed that boards and even senior managers, including risk specialists, were unaware of sales practices.

Changes such as a the FCA Senior Managers Regime, are aimed at ensuring that the leadership has a better understanding of operational reality. In addition, the FCA has a significant focus on having the right culture in place within their compliance regime.

Regulatory action is a good starting point but it needs to backed-up internally with an effective risk management program of controls and policy enforcement, as well as, meaningful reporting at board level.

Clearly banks and other providers are by no means out of the water – so they need to ensure that they put operational risk and governance at the top of their agenda. Failure to do so will ultimately lead to a much harsher regulatory touch to bring culprits to account.