4. Conduct-related risks
Conduct-related risks arise from the behaviour and actions of financial services providers. These risks include poor-value financial products and services, ineffective disclosures, poor financial advice, dishonest sales practices and unsuitable product design. In addition to describing the most significant risks to financial consumers stemming from the conduct of financial institutions, this chapter also highlights the regulatory and supervisory actions taken to address these risks in 2022 and presents information on the tools used to monitor conduct risks in the financial sector.
The third broad category of risks comprises those that arise from the conduct of financial institutions. Figure 4.1 presents a heatmap of conduct-related risks, with the placement of each risk determined by how often jurisdictions selected it among the top three conduct risks for 2022 (the x-axis) and whether those jurisdictions expected that the significance of that risk would increase, decrease or stay the same in 2023 (the y-axis). The following key findings emerge from jurisdictions’ responses to this question:
Half of responding jurisdictions selected poor-value financial products and services and lack of or ineffective disclosures as significant risks in 2022.
Poor financial advice and unsuitable product design were selected by one third of jurisdictions, and dishonest sales practices and unauthorised financial activities were selected by around 30%.
Respondents anticipated that the significance of these conduct risks, with a few exceptions, would remain the same in 2023.
While the misuse of data as a conduct risk was only selected by three jurisdictions, the outlook for it in 2023 in those jurisdictions is much more pessimistic compared to the other conduct risks.
Note: The x-axis (horizontal) presents responses to questions asking for the top three conduct risks in 2022. The y-axis (vertical) presents responses to a follow-up question asking whether jurisdictions anticipated that the risk would increase, decrease, or stay the same in 2023. The placement of the y-axis corresponds to half the number of respondents (i.e. poor-value products and services was selected by exactly half of responding jurisdictions; the other risks were selected by less than half).
Source: OECD Consumer Finance Risk Monitor Reporting Template 2023.
Policymakers and regulatory and supervisory bodies can undertake a range of actions to address risks to financial consumers, thereby strengthening overall levels of financial consumer protection. This chapter describes the top five conduct risks selected by jurisdictions and the regulatory and supervisory actions taken to mitigate these risks.
The most significant conduct risk chosen by jurisdictions was products and services with poor value. While financial scams and frauds (as referenced in Chapters 2 and 7) may lead to a sudden loss in assets, the cumulative loss of wealth caused by poor-value products and services can have a significant material impact on household budgets and contribute to a loss of trust in financial institutions and the financial system.
In contrast to poor value products and services, the G20/OECD High-Level Principles on Financial Consumer Protection [OECD/LEGAL/0394] describe quality financial products in the following passage:
Quality financial products are those that are designed to meet the interests and objectives of the target consumers and to contribute to their financial well-being. There should be appropriate product oversight and governance by financial services providers, and where appropriate, by intermediaries, to ensure that quality financial products are designed and distributed.
Whether a product or service delivers value for money or can be qualified as “quality” depends on a range of factors, which can include overall costs, pricing structures, added value for consumers, complexity, the proportion of costs that go to commissions or distribution fees and comparison of costs with those of competitors. In the context of insurance products, claims ratios (i.e. the percentage of total collected premiums which is paid back to consumers through claims) can help to assess value for money. For investment products, expected rates of return (in comparison to the costs charged and investment strategy pursued) and profitability for issuers may be considered. As noted in a report from the European Securities and Markets Authority, value-for-money is determined based on “investor utility, including the costs of purchasing a product, the expected or realised benefits, as well as other factors such as product quality” (European Securities and Markets Authority, 2023[1]).
The macroeconomic conditions of 2022 may have created additional pressure on financial service providers’ profit margins, which could negatively affect consumers if they are advised to purchase products and services that do not provide adequate value. Jurisdictions noted that poor value financial products may also be a result of not enough competition in the investment or pension markets. Germany, Indonesia, Lithuania and Slovenia referenced unit-linked insurance and other insurance-based investments as examples of potentially poor value products.1 The Financial Conduct Authority of the United Kingdom noted that the pace and scale at which firms pass through higher base interest rates to savers were slow and low, and needed to improve. Peru and the United States also mentioned that excessive fees, sometimes referred to as “junk fees,” continued to be a problem in their respective jurisdictions.
4.1.1. Regulatory and supervisory actions
Figure 4.2 shows the most common regulatory and supervisory actions taken by countries and jurisdictions in response to poor-value financial products and services. The most common action was discussions with industry participants, followed by sending supervisory letters and issuing guidelines or supervisory statements.
Several jurisdictions increased their oversight and monitoring of the imposition of fees and charges, in some cases leading to additional guidance, regulation or enforcement actions. Israel expanded the supervision of fees linked to current accounts to freeze current prices levels for certain services (Bank of Israel, 2022[2]), and Banco de Portugal performed inspections in 2022 to assess compliance with the prohibition of charging fees for the renegotiation of loan conditions, among other requirements for lenders. The Portuguese Securities Market Commission also focused on the theme of value for money in 2022 (Comissão do Mercado de Valores Mobiliários, 2023[3]), developing and applying a new methodology to supervise the value for money of structured notes, and supporting the development of a forthcoming methodology to be applied to investment funds. The Ontario Securities Commission (Canada) addressed excessive fees cases related to investments in a series of nine settlements, the most recent of which resolved in 2022. In general, the cases related to charging clients higher fees even when their account holdings rose beyond a threshold that entitled them to a lower fee rate or double-charging client fees (i.e. putting clients in proprietary funds which charged fees, while also charging management fees on the client assets).
To gather data on fair value metrics, South Africa introduced enhanced reporting indicators. The indicators are currently limited to the insurance sector, with plans to roll out this type of reporting to help assess fair value across financial institutions. A thematic review was also conducted on premium increases in the life insurance sector, and a further review is planned around fees and disclosures for banking products. In another example from the insurance sector, the European Insurance and Occupational Pensions Authority (EIOPA) carried out an extensive analysis of the unit-linked and hybrid insurance-based investment products market which resulted in a Supervisory Statement and the development of a common methodology on how to assess value for money. The Statement and methodology provide further guidance on how product governance requirements should be implemented to ensure value for money. New Zealand similarly issued value-for-money guidance in the managed investment scheme sector to support industry participants to better understand how to deliver good value financial products and services. In France, the ACPR and the AMF have been working together on increasing transparency and cost containment. In 2022, the ACPR launched a dialog with representatives of the insurance industry and public authorities (AMF and Treasury) on diagnostic elements relating to administrative arrangements designed to moderate the fees and charges of unit-linked life insurance policies.
Bank of Thailand issued regulations in 2022 setting out six guiding principles on practices and disclosures regarding interest, charges and penalties for financial products and services (Bank of Thailand, 2022[4]). Among other things, the principles dictate that the collection of interest, service charges, and penalties from customers must be appropriate, and prices and rates must be fair, not exploitative, and not redundant. In determining prices and rates, the service providers must consider the actual costs incurred from the business operations. In addition, service providers must not put excessive burdens on customers and must consider their ability to pay.
Jurisdictions have also introduced regulation or legislation to ban certain practices related to fees and charges: Ireland banned price-walking2 in home and motor insurance, while Romania made legislative changes that eliminated one of the two types of fees charged by private pension funds. The Consumer Financial Protection Bureau of the United States issued advisory opinions and guidance statements explaining how junk fees can be illegal.
While value for money risks can arise in the context of different financial products, jurisdictions are particularly concerned about excessive costs in the credit market:
Under the Australian Securities and Investments Commission’s (ASIC) product intervention powers, ASIC made product intervention orders in relation to short-term credit and continuing credit contracts where ASIC saw significant consumer detriment, prohibiting the issue of these loans. ASIC also took action in relation to predatory lending, high-cost credit and misconduct impacting borrowers experiencing financial difficulty.
Brazil enacted a new law in 2021 aiming to prevent and mitigate over-indebtedness. The law establishes a “minimum existential value” (i.e. the minimum amount a person should have in order to pay their basic expenses to live) and other responsible lending practices, including advertisement standards.
Finland reported plans to lower the interest rate ceiling for consumer loans.
Bank of Israel published guidelines on consumer credit management, which included directives related to the marketing of point-of-sale credit and guidelines related to housing loans to enhance transparency, comparability and the simplification of customer agreements.
The Bank of Italy issued guidelines on revolving credit with the aim to address market conduct issues it had previously detected resulting in poor-value financial products and services.
Peru introduced a cap on interest rates for new personal loans, personal loans of small amounts and new loans to small and micro-sized firms. Peru also introduced regulation to enhance product governance regarding interest rate monitoring for compliance with usury laws. Additionally, late fees on past-due loans were banned, and limitations were placed on the retroactive application of interest on the principal portion of past-due loan instalments or payments.
A range of jurisdictions have implemented programmes or policies in recent years aiming at expanding access to basic financial services that deliver value for money. Beyond expanding financial inclusion, these programmes may also support value for money by identifying key features that should be made available to all consumers.
In Australia, ASIC reviewed banks’ compliance with an obligation to provide low or no-fee accounts to low-income consumers. The review found that some individuals in high-fee transaction accounts, including First Nations people, were paying up to 3000 AUD in overdraw fees over a year. The review revealed that banks were aware of high numbers of customers eligible for low-fee accounts but that the majority of banks’ processes to transfer these eligible customers to low-fee accounts were ineffective. ASIC wrote to the banks outlining their key findings and expectations going forward (Australia Securities & Investments Commission, 2023[5]).
In the European Union, Directive 2014/92/EU established the right to a basic payment account for all consumers legally residing in the European Union (including consumers with no fixed address, asylum seekers and consumers who have been refused a residence permit but whose expulsion is impossible for legal or factual reasons). (Some European countries, including Portugal, have had similar programmes in place since before the introduction of the Payment Accounts Directive in 2014.) The Directive also strengthened the requirements for banks to disclose their fees, which helps customers to compare offerings and made it easier for customers to switch banks. The Directive further requires that banks provide payment accounts with basic features “free of charge or for a reasonable fee”. According to an assessment published in 2023, some European countries have transposed this into their legislation by requiring that the accounts be provided for free, while others have implemented fee limits (European Commission, 2023[6]).
In India, the Pradhan Mantri Jan-Dhan Yojana (PMJDY) programme was launched in 2014 to expand access to financial services in the country. Through the programme, individuals can open a Basic Savings Bank Deposit Account (BSBDA) (Reserve Bank of India, 2014[7]). The BSBDA has no minimum balance requirements and earns interest. The package also includes a debit card, accident insurance and an overdraft facility.
After Peru’s introduction of basic savings accounts in 2011 as a tool for financial inclusion, in 2018 the Superintendency of Banking, Insurance and Private Pension Funds (SBS) passed regulation (SBS Resolution N° 2891-2018) to enhance their definition and market conduct regulation. These accounts are subject to transaction and balance limits but can be opened by both nationals and foreign residents under a simplified KYC regime. The regulation includes disclosure requirements prior to contracting these basic accounts, including costs, obligations and channels for users to raise complaints or report loss of credentials. Additionally, within the framework of the National Financial Inclusion Policy, the Government approved the Law 31120 (2021), which allowed the National Bank of Peru (Banco de la Nación) to open a digital ID account (“Cuenta DNI”) for all citizens over 18-years-old. This product is a digital basic savings account that aims to promote citizens’ financial inclusion, simplifying social transfers and other financial operations. By 2022, 13.1 million ID accounts were created, representing 58% of Peruvian adults.
The National Bank of Serbia issued a by-law in August 2022 regarding payment services needed for everyday activities (National Bank of Serbia, 2022[8]). The by-law defines the guaranteed features of a “payment account” package and limits the prescribed price of the package. Citizens who choose this package can open a dinar current account in a bank, withdraw cash at the tellers and ATMs of their bank free-of-charge, receive a free-of-charge debit card and benefit from mobile and e-banking with an unlimited number of transactions at POS via QR codes. There is also the possibility to upgrade this package with additional services such as an FX account, credit card, overdraft or cheques, without the need to switch to a more expensive package.
In the United Kingdom, the nine largest providers of current accounts have been legally required since 2015 to offer basic bank accounts to customers who do not have an account or who are ineligible for the bank’s standard account. The basic bank accounts do not include overdraft facilities, and there are no fees for standard operations. In all other respects, they must provide the same services as a standard account. As of June 2022, more than 7 million basic bank accounts were open at the nine institutions (HM Treasury, 2023[9]).
The second most significant conduct risk selected by jurisdictions was ineffective disclosures. It is important that financial information is presented to consumers in language that is clear and not misleading. Jurisdictions noted that terms and conditions are often not properly disclosed to clients at the pre-contractual stage, the time of purchase, or during the life of the product. The lack of or ineffective disclosures may be detrimental to consumers if the consumers do not properly understand the cost and potential risks of the products and services they are purchasing. Ireland and Italy noted that this risk is heightened in the case of products and services that are not regulated and/or distributed by non-professional intermediaries, such as linked credit agreements distributed by dealers of goods and services and in the case of products such as Buy Now Pay Later. Canada and Luxembourg noted that enhanced disclosure requirements are a key focus of their financial consumer protection regulatory frameworks and supervisory actions. Jurisdictions anticipated that the impact of the lack of or ineffective disclosures would remain the same in 2023.
4.2.1. Regulatory and supervisory actions
As articulated in the G20/OECD High-Level Principles on Financial Consumer Protection, financial services providers and intermediaries should provide consumers with key information on a product’s fundamental benefits, risks and terms. Providers should communicate this information in an effective and clear manner so that consumers can make informed decisions about which products and services best fit their needs. Yet many jurisdictions noted that terms and conditions are often improperly disclosed to clients at the pre-contractual stage, at the time of purchase, or during the life of the product. As shown in Figure 4.3, the most common action taken in response to this risk was sending supervisory letters, followed by new or enhanced disclosure requirements and discussions with industry participants.
In an example of sending supervisory letters, Bank of Spain sent letters to inform institutions of possible breaches of regulations relating to the provision of information to consumers, examples of which included payment accounts, switching of accounts and mortgages. Bank of Israel also published supervisory letters and regulatory directives on the issue of disclosure to customers, for example on fees and notices sent to customers. The authority also published specific guidelines and directives on disclosures in payment applications and credit marketing.
Regarding new or enhanced disclosure requirements, the new Financial Consumer Protection Framework in Canada went into effect in June 2022 and introduced new disclosure obligations for banks, such as providing key information at important milestones in the product cycle (i.e. renewals, promo offer ending, interest rate changing). Spain also introduced new or enhanced disclosure requirements in 2022 for certain pre-contractual and in-contract information obligations regarding revolving credit products. Peru enacted regulation to improve reporting requirements concerning the fees and charges that financial institutions may impose on customers and established standardised denominations and categories that financial institutions can use when disclosing such fees and charges to clients.
Several jurisdictions described carrying out supervisory activities aimed at overseeing the implementation of disclosure requirements. The Financial Consumer Agency of Canada, for example, launched a thematic review with 12 banks in 2022 to evaluate how they have implemented new electronic alert obligations, as well as assessing their effectiveness. Securities supervisors in Europe participated in European Securities and Market Authority’s (ESMA) 2022 Common Supervisory Action and mystery shopping exercise regarding compliance with disclosure requirements for costs and charges under the Markets in Financial Instruments Directive (MIFID) II. The Financial Market Authority of Austria, for example, discussed the results of this exercise with the industry and issued administrative fines in cases of infringements. In Italy, CONSOB (the securities regulator) focused on assessing how firms complied with Key Information Document requirements related to packaged retail investments and insurance products (PRIIPs), while Bank of Italy developed a desk-based analysis of the websites of several banks and financial intermediaries to verify the clarity of the information provided to the public.
A key theme related to disclosure that has emerged recently concerns environmental social and governance (ESG) and sustainable finance. As articulated in a 2023 OECD Business and Finance Policy Paper (OECD, 2023[10]), it is important to ensure that the policy issues, opportunities and risks for consumers relating to sustainable finance are included in the broader international policy and markets developments relating to sustainable finance. In line with this perspective, several jurisdictions described supervisory, enforcement and awareness-raising actions related to ESG disclosures and sustainable finance products.
In Australia, ASIC published notices targeting financial services providers, including one titled “How to avoid greenwashing when offering or promoting sustainability-products”. ASIC also issued infringement notices (resulting in fines) against an energy company, an investment manager and a superannuation trustee for greenwashing. In Portugal, CMVM (the securities regulator) carried out in 2022 the first exercise of supervision looking into several aspects of the marketing and selling of ESG financial instruments by supervised entities. The review examined firms’ business practices, investors’ ESG preferences, training of staff, and revision of pre-contractual information to take into consideration ESG regulation and investor protection. CMVM also developed publications and content on sustainable finance aimed at investors, including a two-month campaign in social media. In Italy, CONSOB focused supervisory activity on ESG disclosures provided by asset management companies (AMCs). For new AMCs authorisations, CONSOB focusses on how sustainability issues are integrated into the investment process in relation to the type of investment funds that the company intends to manage. CONSOB also maps the sustainability policies published on AMCs’ websites, evaluates ESG disclosure practices in relation consistency between the reported ESG characteristics and the investment process, and analyses marketing communications concerning investment funds offered to the public that are characterised by ESG profiles.
Poor financial advice and the failure to perform suitability assessments was the third-most selected conduct risk. Some jurisdictions considered that, given the broader macroeconomic climate, consumers may look to reduce costs and could purchase financial products and services that are cost-effective yet not adequately suited to their needs. Consumers might also be advised to buy products and services that they do not fully understand, and which may not be properly suitable for them. Some jurisdictions are worried that consumers are getting poor advice from non-professionals such as young influencers through social media (see Section 8.1.5 in Chapter 8 for more details). Other jurisdictions point to companies and institutions themselves failing to provide appropriate products to consumers (who may lack enough knowledge to recognise that the product or service they are purchasing is not appropriate for their needs). Japan and Mozambique both noted the importance for financial institutions to have a consumer-oriented business conduct as they develop and market their products and services. Canada specifically mentioned a plan to crack down on predatory lending to vulnerable people by lowering the Criminal Rate of Interest within the Canadian Criminal Code and capping charges by payday lenders.
4.3.1. Regulatory and supervisory actions
Figure 4.4 shows regulatory and supervisory actions most frequently taken by jurisdictions in response to poor advice and failure to perform suitability assessments. Sending supervisory letters comprised the top response, followed by consumer awareness campaigns.
The Superintendencia Financiera de Colombia (SFC), for example, sent supervisory letters demanding that firms providing financial advice meet all requirements mentioned in the applicable law regarding advisory services. In addition, SFC shared best practices with entities to enhance information disclosure mechanisms and specialised advisory process. The Central Bank of Hungary (MNB) conducted a thematic review revealing non-compliance with requirements for assessing suitability; MNB followed up with investment firms to improve their suitability assessment procedures, in line with the findings from the review. In Bulgaria, some investment firms were similarly given recommendations to improve the questionnaires provided to investors when performing suitability assessments.
In Ireland, a review of some complex investment products (known as Structured Retail Products, or SRPs) found poor practices and weaknesses in firms which increased risks to investors. In response, the Central Bank of Ireland required firms to identify a sufficiently granular target market for SRPs and to drive improvements in the quality and transparency of disclosures to investors of the risks relating to these products.
In Hong Kong (China) the Insurance Authority (IA) issued codes and guidelines addressing conduct risks arising from poor advice and the failure to assess suitability of products. Moreover, IA issues periodical publications (i.e. Conduct in Focus) to examine topical regulatory issues and set out its expectations on how the insurance industry should conduct business. At the end of 2022, IA’s edition of Conduct in Focus took a “name and shame” approach in order to remind insurers, insurance broker companies and insurance agencies to get the basics right in their controls over their agents and technical representatives with respect to compliance of the Continuing Professional Development required hours.
The Banco de Portugal assesses compliance with the provision of advice and suitability requirements via inspections, including mystery shopping, targeting retail products including mortgages, consumer credit and deposit accounts. These assessments also address compliance with assistance duties applicable to the commercialisation of those products through digital channels, which presents specific challenges. The main irregularities detected are related to poor advice, irrespective of the commercialisation channel, the lack of or misleading information about product characteristics in the pre-contractual/contractual phase and pre-selected product options.
While unsuitable product design is related to the risk of poor value financial products and services, addressed above in Section 4.1, the two risks are distinct. Unsuitable product design results from a lack of adequate product governance within firms. Product governance can be defined as “The procedures and controls in place to design, approve, market and manage retail financial products through their life cycle to ensure that they meet, at any time, the interests and objectives of consumers and the relevant regulatory requirements” (FinCoNet, 2021[11]). As set out in the G20/OECD High-Level Principles on Financial Consumer Protection [OECD/LEGAL/0394] such requirements may include defining a target market for a financial product, conducting research and considering behavioural insights to understand the target market and, depending on the type, complexity and risk of the product, carry out testing before launching the product. Thus, unsuitable product design can be thought of as one channel through which poor value financial products and services come to market. At the same time, products and services may fail to deliver value simply because their costs are not proportionate to the benefits accrued by consumers.
In Luxembourg, the insurance supervisory authority, Commissariat aux Assurances, found only a few insurance undertakings testing insurance products with respect to customers’ interests either before introducing these products to the market or before modifying them. In Romania, an analysis of the terms and conditions of home insurance products revealed that many conditions relating to insured risks applied to all customers, irrespective of the type of property (house/apartment) and the area in which it is located. This resulted in a mismatch between the insured risks with the actual needs of the customers in the target market. Unsuitable product design poses a risk to financial consumers if the products and services available in the marketplace do not support consumers’ financial well-being.
4.4.1. Regulatory and supervisory actions
Figure 4.5 shows the regulatory and supervisory actions most frequently taken by countries and jurisdictions in response to unsuitable product design, the most common of which were discussions with industry participants and sending supervisory letters.
Bank Indonesia noted that consumers believe that many financial products offered in their jurisdiction are not suitable for their business or needs. This risk may also result from a lack of product detail or information. In response to these concerns, Bank Indonesia conducted discussions with industry to strengthen their product descriptions and educate consumers on the characteristics of various products.
In Poland, where 90% of mortgages are variable rate, the Office of Competition and Consumer Protection reported that while the redesign of the mortgage market is a complex issue, steps have been taken to introduce more long-term fixed-rate lending and standardised contracts, given that such products would be more suitable and beneficial to financial consumers.
In South Africa, the Financial Sector Conduct Authority is strengthening supervisory engagements with institutions to assess product design and governance processes to determine if gaps exist in the existing regulatory framework and standards. Currently, product design and governance requirements are split between one set of rules for insurance products and another for banking products. In the future, the regulator intends to introduce overarching and harmonised conduct legislation that would specifically address product design and governance issues across financial products and institutions.
The National Securities Market Commission of Spain (CNMV) reported carrying out several supervisory actions in response to data reported periodically by firms providing investment services to verify that firms had acted in the interest of the client when designing and/or distributing financial instruments. CNMV sent supervisory letters to firms requiring the adoption of corrective measures when needed. In 2022, Spain also modified an existing law regarding credit institutions, introducing a new obligation for credit institutions to develop policies and procedures, including appropriate internal control mechanisms, in relation to product governance and oversight. The modification aims to ensure that banking products and services are designed taking into account the needs, characteristics and objectives of the target market for which they are intended and are marketed through appropriate channels.
Regarding the insurance sector, Italy reported supervisory actions aimed at verifying the implementation of product oversight and governance (POG) processes for insurance-based investment products, with a particular focus on assessing value for money of the products in relation to the identified target market and the methodologies used in the post-sale monitoring. As a result of these inquiries, Italy reported that insurers were improving POG processes and revising their value for money assessment models. In some cases, insurers revised features of the examined product or even stopped selling products that had failed to meet cost and performance expectations.
In 2022, ASIC reviewed compliance with the design and distribution obligations by issuers of investment products in Australia (i.e. interests in managed investment schemes, shares issued by an investment company, preference shares and debentures). ASIC released a report in 2023 summarising its key observations, noting significant room for improvement. It also issued a stop order relating to credit and derivatives, caused nine issuers to withdraw 11 products from the market, and commenced civil penalty proceedings for alleged breaches of the design and distribution obligations. In parallel, ASIC commenced proceedings against unfair contract terms (UCT) in insurance contracts, where terms impose unclear obligations on the customer and can lead to negative outcomes The UCT protections encourage insurers to improve the level of clarity and transparency in their products, as well as encouraging insurers to consider whether terms could be potentially unfair to consumers when design their products. ASIC notes that these are important steps to help reduce unsuitable product design.
4.5.1. Dishonest sales practices
The fifth most significant conduct risk selected by jurisdictions was dishonest sales practices (tied with unauthorised financial activities). Dishonest sales practices may include unfair charges or unfair computation of charges, mis-selling and misleading advertisements. Dishonest sales practices can arise in a range of contexts, from unauthorised firms misrepresenting themselves to employees of licensed firms acting unethically and untruthfully. For example, when firms make bonuses or employment contracts contingent upon unrealistic sales targets, this can purposely or inadvertently encourage dishonest or illegal practices. Mis-selling in ESG or sustainable finance includes the risk that firms are not adequately or correctly integrating sustainability principles or misrepresenting the degree of sustainability through a process known as greenwashing, which may lead to inadequate investment decisions regarding sustainable finance. Dishonest sales practices can also be found in aggressive marketing techniques or in the use of “dark patterns”, particularly in light of digitalisation trends. Dark patterns, which were referenced by Lithuania, Slovenia and Spain, refer to a range of methods commonly deployed in digital user interfaces that lead them to make choices that may not be in their best interests, often through exploiting consumer biases (OECD, 2022[12]).
Two of the most frequent regulatory and supervisory actions taken by countries and jurisdictions in response to dishonest sales practice include issuing warnings/notices and consumer awareness campaigns. Regarding warnings, notices and supervisory letters, the National Securities Market Commission (CNMV) of Spain carried out several supervisory actions to detect aggressive marketing practices regarding complex and risky financial instruments, resulting in supervisory letters sent to firms requiring corrective measures. In some cases, the CNMV published warnings on its website. The Financial Markets Authority of New Zealand reported a deliberate increase in action against issuers of wholesale offers (i.e. not available to retail investors) who had produced dishonest or misleading disclosures. The Financial Services Commission of Mauritius suspended licenses and in other cases referred matters to its Enforcement and Settlement Committees for applicable administrative sanctions.
To address the issue of dishonest sales practices in mandatory provident fund schemes (pensions) in Hong Kong (China) the Mandatory Provident Fund Schemes Authority (MPFA) gave guidance to the industry in the form of circulars and held discussions with industry participants. Depending on the nature and seriousness of misconduct cases, appropriate disciplinary actions were taken by the MPFA, such as suspension of or disqualification from registering as an intermediary. To better understand the selling practices of intermediaries with respect to two tax-deductible products, the MPFA collaborated with the Hong Kong Monetary Authority and the Insurance Authority to conduct their first-ever joint Mystery Shopping Programme on the selling practices of these products. The authorities issued a joint circular with key findings and good practices (Hong Kong Monetary Authority, Insurance Authority and Mandatory Provident Fund Schemes Authority, 2022[13]).
Examples of consumer awareness campaigns can be found in Bulgaria, the European Union, Japan and Malaysia:
The Financial Supervision Commission of Bulgaria conducts initiatives and programmes to help consumers develop knowledge, skills and confidence to make informed financial decisions. Regarding dishonest conduct, the Commission also issues warnings to enhance consumer awareness. Bulgaria further noted that Key Information Documents conveying consumer rights can prevent consumers from being misled.
Regarding dark patterns, EIOPA carried out reviews in selected Member States and uncovered a series of dark patterns. As a result, EIOPA published online guidance for consumers (EIOPA, n.d.[14]) and shared information with relevant national competent authorities.
Japan’s Financial Services Agency monitors the activities of financial institutions to determine if they align with the “Principles for Customer-Oriented Business Conduct” (Financial Services Agency, 2017[15]). By formulating the Principles and publishing a list of financial institutions that have adopted the Principles and developed and published their own policies, the JFSA encourages financial consumers to choose financial services providers that are more likely to act honourably in their sales practices.
In Malaysia, regulators focussed on educating consumers about insurance products and provided guidance in choosing the right insurance policy that suits their needs and budget. Policy developments also centred on enhancement on disclosure and sales practices requirements for informed decision making when purchasing insurance products, as well as strengthening the roles and responsibilities of the board and senior management.
4.5.2. Unauthorised financial activities
Thirteen jurisdictions ranked unauthorised financial activities among the three most significant conduct risks in 2022. In New Zealand, authorities witnessed a rise in the number of unregistered financial products and providers, particularly in FX margin trading. In South Africa, unregulated financial institutions try to entice customers with promises of “super” returns on investments; the Financial Sector Conduct Authority (FSCA) is actively trying to educate and encourage South Africans to verify the registration of financial institutions with the FSCA before engaging in any financial activities. In Italy, the most common type of unauthorised activity reported to CONSOB (the securities regulator) relates to contract-for-differences involving crypto-assets. In Luxembourg, the Commission de Surveillance du Secteur Financier (CSSF) has received increasing number of complaints from consumers regarding suspicious or unauthorised service providers attempting to offer their services. Often, these providers are fraudsters pretending to be a supervised entity in order to steal money from victims. Fraudulent platforms are usually well-designed to trick consumers into believing they are credible.
In Chile, the Financial Markets Commission (CMF) is responsible for authorising a range of prudentially regulated financial institutions that may offer credit in the market. However, there is currently no general legal framework requiring entities offering credit to consumers to be authorised or registered before being permitted to undertake consumer credit activities. This gap limits the authorities’ abilities to supervise financial consumer protection issues. While the national consumer authority (SERNAC) can take action ex post based on wrongdoing by such entities, in a context of high interest rates and decreasing access to consumer credit from entities under CMF supervision, respondents from Chile noted that they expected the participation of unauthorised financial activities to increase in the market.
4.5.3. Additional conduct risks
Other conduct risks include lack of responsible lending, conflicts of interest, inadequate redress mechanisms and misuse of data and algorithms.
Lack of responsible lending. Seven jurisdictions ranked the lack of responsible lending practices among the top three conduct risks in their jurisdictions. Authorities are concerned about new credit products, such as Buy Now Pay Later, as products of smaller amounts and shorter durations that could lead to a relaxation of responsible lending practices. In some jurisdictions, like Australia for example, responsible lending practices have largely protected consumers from incurring unaffordable debt in the context of more mainstream products (such as mortgages and credit cards), while concerns have been raised about their lack of effectiveness in the context of payday loans/consumer leases and their absence in the context of Buy Now Pay Later products. The United States noted that the most significant financial consumer risk was irresponsible lending practices adopted by some members of industry. This may manifest itself in many ways, such as junk fees charged to consumers or through a lack of proper oversight by lenders over new products proliferating in the marketplace (including Buy Now Pay Later). Bank of Spain sent letters of recommendations to inform institutions of possible breaches of responsible lending regulations. Bank of Thailand issued new regulation on responsible lending, effective as of 2024, which aims to alleviate household over-indebtedness by ensuring that lenders treat consumers responsibly and fairly throughout the debt journey, including through setting out measures for persistently indebted borrowers (Bank of Thailand, 2023[16]).
Conflicts of interest. Conflicts of interest may occur given certain business practices and business models, particularly with commission-based sales as mentioned by responses from Italy, Germany, Lithuania, Slovenia and Thailand. In Lithuania, for example, insurance agents are the main unit-linked insurance sales channel, and they receive a large commission for the sale of such products. The Bank of Lithuania’s mystery shopping exercise on unit-linked insurance sales in 2022 revealed shortcomings in determining customer needs, assessing product suitability and disclosing pre-contractual information, all issues which may be exacerbated given the commission-based sales structure in place for these types of insurance products. Conflicts of interest can also arise in the joint sale of credit protection insurance with mortgages.
Inadequate redress mechanisms. As set out in the G20/OECD High-Level Principles on Financial Consumer Protection, complaints handling and redress mechanisms must be “accessible, affordable, independent, fair, accountable, timely and efficient”. Five jurisdictions selected inadequate redress mechanisms as one of the top 3 conduct-related risks in 2022. Regulators and supervisors in Poland, for example, are concerned with how the redress mechanism for unauthorised financial transactions (as codified in the Payment Services Directive [PSD] 2) is functioning in the banking sector.
Misuse of data. One potential misuse of data is if customers’ data is offered to third parties and then used to market and sell additional products and services without the customers’ consent. A second potential misuse of data, which is a focus of the CFPB in the United States, is the increased use of algorithmic models in financial decision making by lenders and the potential for bias in these models that may weaken access to credit to historically disadvantaged communities and communities of colour.
In addition to asking jurisdictions to rank the top conduct risks, the reporting template also collected information on the tools that regulators and supervisory authorities used to monitor conduct risks in the financial sector. As shown in Figure 4.6, the most frequently used tools to monitor risk include complaints data, assessing reporting information from regulated and/or supervised institutions, engaging with industry stakeholders, conducting surveys of financial institutions and/or thematic reviews and participating in international organisations and convenings. Mystery shopping, advanced data analytics, surveys of consumers, regulatory sandboxes and social media monitoring are less common regulatory and supervisory tools used to monitor risks to financial consumers.
4.6.1. Monitoring complaints data
Monitoring complaints data is the most common regulatory and supervisory tool used to monitor risks to financial consumers, selected by 100% of respondents. In Canada, the Financial Consumer Agency of Canada (FCAC) monitors complaints directly from consumers via a consumer call centre. Furthermore, a new Financial Consumer Protection Framework adopted in 2022 legislatively obligates banks to report individual information on complaints received, including detailed information on the nature of the complaint, on a quarterly basis to the FCAC. The first set of these reports was provided to the FCAC in November of 2022. A Reporting, Analytics and Data Team is tasked with the analysis of this reported information. In Serbia, financial institutions must provide detailed complaints data including the total number of complaints, the type of complaint, and the number of complaints granted in favour of consumers. This data may trigger on-site supervision if the number of complaints is not proportionate to the size of the bank and/or the number of consumers. At the end of 2022, SBS Peru introduced an updated regulatory framework for handling complaints, which included the obligation for financial institutions to provide comprehensive monthly reports on complaints and to provide SBS direct access to their complaint databases.
Often, complaints data was used by authorities to inform further regulatory and supervisory work such as on-site supervision and serve as a basis for quarterly or annual risk assessment exercises. Regulators and supervisors in Rwanda and Colombia found that monitoring complaints via Twitter was particularly helpful.
Certain jurisdictions use complaints data to inform their own risk dashboards and indicators. For instance, in Hong Kong (China) the Hong Kong Monetary Authority monitors complaints data and publishes a “Complaints Watch” to highlight the latest complaints trends in the banking sector and emerging topical issues. In Romania, the Financial Supervisory Authority developed a Conduct Risk Indicators dashboard at both the market and firm level. This dashboard automates the indicators calculation process. In addition, ASF developed a Tableau Risk Indicators on Complaints which, among other things, allows the ASF to analyse complaints data at the product level.
4.6.2. Assessing reporting information from institutions
Nearly all responding jurisdictions reported using information collected from regulated institutions as a way to monitor risks to consumers. The Financial Sector Conduct Authority (FSCA) of South Africa noted that the “Conduct of business” reports they receive are a key off-site monitoring tool for their supervisory functions.
The Financial Services Authority of Indonesia (OJK) OJK requires supervised institutions to submit an annual self-assessment report on compliance with consumer protection regulations through OJK’s education and consumer protection reporting system.
To assess reporting information from regulated institutions, FCAC (Canada) uses a defined and continuous process, called the Market Conduct Profile (MCP), to gather and analyse information about a regulated entity’s business model. FCAC uses this information to differentiate regulated entities based on their inherent market conduct risks and the ability to manage those risks. The main intent of the risk assessment process is to gain a deeper understanding of the adequacy of the entity’s market conduct related controls (i.e. can the entity demonstrate that it understands applicable market conduct obligations, that adequate controls are in place to be compliant with MCOs, and that it effectively deals with issues when they arise).
4.6.3. Industry and consumer engagement
Collaboration with other entities – including industry stakeholders, consumer stakeholders and other authorities – emerged as a common tool. The National Bank of Rwanda, for example, described holding meetings with the representatives on consumer protection regulations and launching a forum with other stakeholders including consumers' associations, other consumer protection regulatory authorities and the ombudsman office.
Central Bank of Ireland reported significant engagement with stakeholders including consumer representative bodies, civil society groups and industry representatives, holding 13 structured stakeholder engagements with key stakeholders between April and October 2022.
In Hong Kong (China), the Hong Kong Monetary Authority maintains close contact and collaboration with the Consumer Council of Hong Kong, primarily in the areas of policy engagement (i.e. seeking feedback and support from the Consumer Council when devising major banking consumer protection policies) and incident handling (i.e. working with the Consumer Council upon emergence of major consumer protection incidents, such as credit card scams), to gain intelligence regarding relevant consumer concerns in order to comprehensively assess and thus handle the consumer protection incidents.
Regarding surveys of consumers, FCAC (Canada) described regularly conducting public opinion research surveys to assess various consumer experiences and impressions, including experiences of hardship. For example, in November 2022, FCAC published findings on consumer vulnerability from its monthly COVID-19 Financial Well-being Survey (Financial Consumer Agency of Canada, 2022[17]).
4.6.4. Co-ordinating with international and domestic counterparts
International co-operation was another common strategy for regulators and supervisory bodies to monitor risks to financial consumers. Canada, Hong Kong (China), Italy, Japan, Portugal and Spain mentioned engagement with the OECD and FinCoNet, the International Financial Consumer Protection Organisation. Many regulators and supervisors also noted engagement with other national and local authorities to monitor risks to financial consumers and address consumer detriment. In Hong Kong (China) the HKMA participates in the Fraud and Money Laundering Intelligence Taskforce which helped retail banks identify over 19 000 previously unknown mule accounts. The HKMA also collaborates with the Consumer Council of Hong Kong when devising major banking consumer protection policies and handling consumer protection incidents.
4.6.5. Advanced data analytics
Relatively fewer jurisdictions use advanced data analytics in their regulatory and supervisory work. The Austrian Financial Market Authority (Austria) is looking at using machine learning to better analyse complaints data. At the Institute for the Supervision of Insurance (IVASS) in Italy, a new IT application for complaints management publishes a “white list” with sites and domains of authorised intermediaries in the insurance sector to help combat the spread of ghost broking (i.e. when a fraudster poses as a representative of an insurance company to sell a fake insurance policy). IVASS also worked with an external vendor to use AI algorithms to evaluate the simplicity and clarity of insurance contracts. Regulators at the CONSOB in Italy use advanced data analytics in co-operation with an Italian university to develop AI methods to detect suspicious trading activity. After having previously launched a pilot, Peru implemented in 2022 a social media monitoring tool to conduct sentiment analysis of social media posts and comments by users. The tool covers the four largest banks and the four largest credit card providers, thus providing SBS with weekly and monthly reports on the topics most commented and the institutions involved.
Advanced data analytics is also used to help monitor reporting information. In Spain, advanced data analytics are used to analyse reporting information on market conduct since a new circular from Banco de España came into force in 2022. Regulators and supervisors in Ireland evaluate social media monitoring data provided by an external vendor.
According to respondents, the most effective tools used to monitor risks to financial consumers is the ability of regulatory and supervisory bodies to monitor market prices and suspicious transactions to detect market abuses and surveys of financial institutions. National Bank of Rwanda reported monitoring market prices for certain services (e.g. deposit fees, account closing fees, early repayment charges) and prohibiting fees that seemed unfair to consumers.
As shown in Figure 4.7, surveys of financial institutions and/or thematic reviews, monitoring business conduct of financial intermediaries, monitoring complaints data and advanced data analytics are also seen as very effective tools that regulatory and supervisory bodies use to monitor risks in their jurisdictions. Social media monitoring, regulatory sandboxes and whistleblowing were considered less effective tools to monitor risks to financial consumers.
Note: N=46. The relative “score” of each regulatory or supervisory tool is determined by calculating an average of responses for the effectiveness of the corresponding tool (“very effective”, “somewhat effective” or “not effective”).
Source: OECD Consumer Finance Risk Monitor Reporting Template 2023.
In addition to the regulatory and supervisory tools discussed above, some jurisdictions are planning to add new regulatory or supervisory tools in the upcoming year.
Mystery shopping. Hungary, Israel, Italy, Romania, Rwanda and Serbia added or planned to add (or expand) their use of mystery shopping as a supervisory tool. Additionally, a legislative proposal in Spain would include mystery shopping as a new supervisory tool of Banco de España.
Advanced data analytics. Austria, Canada, Germany, Indonesia, Ireland, Italy, Portugal and the United Kingdom mentioned expanding their use of advanced data analytics to support their regulatory work. Bank Indonesia intends to create a consumer protection indicator or index using advanced data analytics to better monitor issues of consumer protection in their jurisdiction. In 2022, Banco de Portugal implemented a new SupTech tool to automate the validation of draft credit agreement, which institutions are legally required to report to the Banco de Portugal. It is currently developing a new SupTech tool for monitoring advertisements for retail banking products and services.
Social media monitoring. Ireland, Luxembourg, Nigeria, Peru and Thailand plan to increase their use of social media monitoring given the increased use of social media and the potential for consumers to access misleading information.
Whistleblowing. Authorities in Israel are writing a supervisory procedure on whistleblowing. Authorities in the Netherlands are looking into ways to reward whistle-blowers.
References
[5] Australia Securities & Investments Commission (2023), ASIC acts to ensure better banking outcomes for Indigenous consumers, https://asic.gov.au/about-asic/news-centre/find-a-media-release/2023-releases/23-183mr-asic-acts-to-ensure-better-banking-outcomes-for-indigenous-consumers/ (accessed on 25 August 2023).
[2] Bank of Israel (2022), The Banking Supervision Department is expanding supervision of current account fees, https://www.boi.org.il/en/communication-and-publications/press-releases/the-banking-supervision-department-is-expanding-supervision-of-current-account-fees/ (accessed on 19 September 2023).
[16] Bank of Thailand (2023), BOT announces new measures to sustainably address household debt problems, https://www.bot.or.th/en/news-and-media/news/news-20230721.html (accessed on 19 September 2023).
[4] Bank of Thailand (2022), Notification of the Bank of Thailand No. SG2. 7/2565, https://www.bot.or.th/content/dam/bot/fipcs/documents/FPG/2565/EngPDF/25650048.pdf.
[3] Comissão do Mercado de Valores Mobiliários (2023), CMVM publishes annual circular notes for issuers, financial intermediaries, and asset managers, https://www.cmvm.pt/PInstitucional/Content?Input=9D949DF75A4ED8339639483D370EC7C5C4A49C38E35F775433761DD51AAA6C65 (accessed on 19 September 2023).
[18] EIOPA (2023), Supervisory statement on differential pricing practices in non-life insurance lines of business, https://www.unepfi.org/wordpress/wp-content/uploads/2021/05/PRB-Guidance-Financial-Inclusion.pdf (accessed on 19 September 2023).
[14] EIOPA (n.d.), Dark patterns in insurance: practices that exploit consumer biases, https://www.eiopa.europa.eu/tools-and-data/behavioural-insights-insurance-and-pensions-supervision/dark-patterns-insurance-practices-exploit-consumer-biases_en (accessed on 19 September 2023).
[6] European Commission (2023), Report from the Commission to the European Parliament and the Council on the application of Directive 2014/92/EU of the European Parliament and of the Council on the comparability of fees related to payment accounts, payment account switching and access to payment accounts with basic features, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=COM:2023:249:FIN (accessed on 24 August 2023).
[1] European Securities and Markets Authority (2023), Costs and Performance of EU Retail Investment Products 2023, ESMA, https://doi.org/10.2856/720749.
[17] Financial Consumer Agency of Canada (2022), Consumer Vulnerability: Evidence from the Monthly COVID-19 Financial Well-being Survey, https://www.canada.ca/en/financial-consumer-agency/programs/research/consumer-vulnerability.html (accessed on 19 September 2023).
[15] Financial Services Agency (2017), Regarding the establishment of “Principles for Customer-Oriented Business Operations”, https://www.fsa.go.jp/news/28/20170330-1.html (accessed on 19 September 2023).
[11] FinCoNet (2021), Financial Product Governance and Culture, FinCoNet (International Financial Consumer Protection Organisation), http://www.finconet.org/Financial-Product-Governance-Culture.pdf (accessed on 9 August 2021).
[9] HM Treasury (2023), Basic bank accounts: July 2021 to June 2022, https://www.gov.uk/government/publications/basic-bank-accounts-july-2021-to-june-2022 (accessed on 25 August 2023).
[13] Hong Kong Monetary Authority, Insurance Authority and Mandatory Provident Fund Schemes Authority (2022), Findings of Mystery Shopping Programme on Selling Practices in respect of Qualifying Deferred Annuity Policies and Tax-deductible Voluntary Contributions in Hong Kong, https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2022/20221223e1.pdf (accessed on 19 September 2023).
[8] National Bank of Serbia (2022), Decision on the payment account with basic features, RS Official Gazette, No 89/2022, https://www.nbs.rs/export/sites/NBS_site/documents-eng/propisi/propisi-ps/platni_racun_osnovne_e.pdf (accessed on 25 August 2023).
[10] OECD (2023), “Financial consumers and sustainable finance: Policy implications and approaches”, OECD Business and Finance Policy Papers, No. 32, OECD Publishing, Paris, https://doi.org/10.1787/318d0494-en.
[12] OECD (2022), Dark commercial patterns, https://www.oecd.org/digital/dark-commercial-patterns-44f5e846-en.htm (accessed on 19 September 2023).
[7] Reserve Bank of India (2014), Basic Savings Bank Deposit Account, https://www.rbi.org.in/commonperson/English/Scripts/FAQs.aspx?Id=1289 (accessed on 19 September 2023).
Notes
← 1. Insurance-based investment products (IBIPs) mix a savings component linked to market trends and fluctuations and an insurance coverage component. Some IBIPs may have guaranteed rates and others may fully or partially expose the savings component to market fluctuations (these are unit-linked products where the market risk rests on consumers).
← 2. A form of price discrimination, often in insurance markets, in which new customers are offered preferential rates while long-time customers see their premiums rise repeatedly due to factors that are not linked to the risk-profile of the customer and the cost of service. EIOPA issued a supervisory statement in 2023 to address such practices across the European Union (EIOPA, 2023[18]).