Regulators have proposed new diversity and inclusion requirements for financial services firms. Tina Bhardwaj looks at how the changes can improve culture and mitigate the risks of groupthink.

Historically, some firms have seen diversity and inclusion (D&I) as corporate buzzwords and a tick-box exercise. But the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) are reiterating the importance of diversity and inclusion, both as an integral element of a firm’s culture and to reduce the risk of groupthink.


Challenging groupthink in financial services

A diverse group of individuals reflects a diversity of thought. This is particularly important at senior and board level where those with similar life experiences and outlooks may identify the same types of risks – effectively blinkering them to a range of possibilities outside their sphere of experience. Having a wide range of perspectives helps to reduce groupthink, anticipate difficulties or obstacles, and ultimately may help boost effective risk management. But diversity alone isn’t enough. Inclusivity is what gives individuals the confidence to actively contribute and share valuable insight.

That’s where culture comes into play. Firms need to foster a culture where individuals can bring their whole selves to work and feel safe to speak up. This will create an authentic working culture and actively nurture new talent, as well as encouraging purposeful and respectful relationships between employee and employer. There’s also Consumer Duty to consider. An organisation that reflects its consumer base can better anticipate their needs and promote good customer outcomes that aren't constrained by processes.


What are the new diversity and inclusion proposals?

The FCA and PRA have proposed new rules covering six key areas to improve culture, reduce groupthink and improve accountability. The FCA has proposed that its rules on reporting come into force 12 months from the publication of final rules, with the final rules due to be published sometime in 2024. The PRA has said that firms will be required to have published their first disclosures within three years of the publication of the regulation.

1 Non-financial misconduct

The regulators recognise that misconduct, including harassment and bullying, can directly influence an organisation’s culture and negatively impact inclusion. They propose to include non-financial elements in the conduct rules, and fit and proper requirements under the Senior Managers and Certification Regime (SM&CR), for all firms. These changes will also apply to the suitability threshold conditions.

While the FCA stops short of requiring a specific senior management function (SMF) to oversee diversity and inclusion, PRA regulated firms must allocate one. However, the PRA won’t hold the SMF accountable for missed targets. Instead, SMFs must understand why the targets are there and be able to demonstrate why the firm hasn’t met its goals.

2 Diversity and inclusion strategies

All regulated firms must develop an evidence-based D&I strategy, with oversight from the board. This includes clear objectives, backed by an action plan to achieve those goals and demonstrate how progress will be monitored. Firms must outline the measures in place to identify and mitigate any barriers to success. They must also have a plan to share and embed the strategy across the organisation.

The FCA expect firms to make the strategy free and easy to obtain, while the PRA explicitly states that it must be available on a firm’s website. This will help improve culture, mitigate the risk of groupthink and improve accountability.

3 Setting targets

All FSMA firms with 251 or more employees (excluding limited scope SM&CR firms), and CRR and Solvency II firms of any size must set diversity targets. These targets are one for the board, one for senior management and one for the whole employee population. Overseas firms may only need to set one target for the employee population, as the other elements may be outside the UK. All firms may add voluntary inclusion targets.

Targets should be unique to each firm, and consider their current diversity profile, business model and operational complexity. They should also consider the wider context the firm operates in and the diversity profiles of the UK areas in which they are based. Firms must update their targets regularly and disclose progress annually.

4 Data reporting

All FSMA firms must report their number of employees annually (excluding limited scope SM&CR firms), and those with 251 or more employees must complete an annual regulatory return. This return will cover demographic characteristics, inclusion metrics and targets, and submission is via the FCA's RegData platform. Annual reporting will enable the regulators to develop an aggregated disclosure report to help firms benchmark their progress across the sector, to improve culture and reduce groupthink.

Mandatory demographic characteristics for reporting are: age, sex or gender (firms must report on one but may report on both), disability or long-term health conditions, ethnicity, religion and sexual orientation. Voluntary demographic characteristics are sex or gender (if firms chose to report on both), gender identity, socio-economic background, parental responsibilities and carer responsibilities. The regulators recognise that some individuals may not wish to share these details, and as such, the data may be incomplete.

The reporting rules will come into force 12 months after regulators publish the final rules.

5 Data disclosure

FSMA firms with 251 or more employees (excluding limited scope SM&CR firms) must make annual, public D&I disclosures to improve transparency and accountability. This will include the same data for the D&I regulatory return, expressed as a percentage rather than whole numbers (to support anonymity), and the same categories of voluntary disclosures apply.

6 Risk and governance

The regulators are asking all FSMA firms (with 251 or more employees, excluding limited scope SM&CR firms) to view D&I as a non-financial risk and to fully embed it into their risk management and governance structures. As such, risk management teams and internal audit have an integral role to play in managing and mitigating the associated risks.


Shifting mindsets on diversity and inclusion

It'll take time to fully embed diversity and inclusion as an integral element of the risk management framework. Firms need to broaden their hiring processes to include a more diverse range of candidates – through apprenticeships, targeted recruitment drives, return-to-work schemes or even reskilling opportunities internally. The recruitment process itself needs to be inclusive and accessible, with reasonable adjustments for candidates.

Building on this, firms need to focus on cultivating an inclusive culture, where individuals can speak up and actively contribute to the business. An effective D&I Strategy can help build kinship and understanding among employees, leading to higher levels of engagement and productivity, and a purposeful culture.

Ultimately, a more diverse and inclusive culture will support good risk management processes and a sound financial system.

For more insight and guidance on diversity and inclusion, contact Tina Bhardwaj.