2017 ended on a wave of regulatory scrutiny of firms’ conduct and culture, which will continue into 2018.

In the days of the Financial Services Authority (FSA), the focus was on complying with prescribed rules and building controls around them. The FCA then sought to move the focus to a higher plane and asked firm to consider what outcomes were being delivered and how was the firm conducting itself. Whilst conduct has continued to be the focus for firms in 2017 which will continue, it is evident that material risks are still crystallising, many of these coming from activity undertaken since the creation of the FCA, a self-confessed conduct-focused regulator.

This is why, in many ways, the FCA is now seeking to move the focus away from just conduct and onto culture.  This focus on culture can be seen across everything that the FCA does and although 2017 was more about conduct, the theme of culture will become more pervasive within regulation throughout 2018 and beyond. The link already made by the FCA between the impact of culture and the effective implementation of SMCR is an excellent example of this.

Another watershed moment of the last year was the publication of the asset management market study which saw the FCA really flex its competition muscles to try and bring about cultural change in one of the biggest behemoths of a sector it regulates. Its activity in this sector illustrates just how seriously the FCA takes both competition and culture when seeking to significantly transform a sector into a more customer-centric component of the value chain.

So, what’s the most important conduct development on the horizon for 2018?

GDPR will certainly impact firms worldwide, not just within the EU, and multinational firms are facing the challenge of developing data protection policies and procedures that translate across multiple jurisdictions and are compatible with a number of different legal frameworks.

On the domestic front, many firms appear to be underestimating the impact the Senior Managers and Certification Regime (SM&CR) will have on their business models and operations. Having the right internal culture will be essential to meeting expectations in this area. Policies and procedures won’t be enough, senior managers will need to demonstrate that they are setting the tone from the top and have effective oversight of their respective areas to protect themselves.