Host
Philippa Lamb
Guests
- Alan Vallance, Chief Executive Officer, ICAEW
- Baroness Margaret Ford, Chair, The Centre for Public Interest Audit
- Iain Wright, Chief Policy and Communications Officer, ICAEW
- Frances Haque, Chief Economist, Santander UK
- David Williamson, Chief Political Commentator, Sunday Express
- Paul Munson, EU Compliance Lead, Rippling
Producer
Natalie Chisholm
Transcript
Philippa Lamb: Hello and welcome to Episode 100 of the Accountancy Insights podcast. And if you’re watching us – because this is the first episode we’ve ever filmed – a special welcome to you. Now, to mark the occasion, we’re looking at a fundamental problem that’s holding back economic growth: trust. Just how deep is the trust crisis in governments and in business, and what will it take to rebuild trust in such volatile times?
To setthe scene, we’re looking at President Trump’s trade negotiations with a crack team of business and economic commentators. Next up, as Marks & Spencer grapples with its near catastrophic cyber attack, reports emerged that the government’s own flagship digital ID system, One Login, may have serious vulnerabilities, too. What could that mean for trust in this crucially important service? We’ll hear from Paul Munson, cybercrime expert, formerly with the FCA, Serious Fraud Office and HMRC and now EU compliance lead at Rippling. And finally, we’ll have Baroness Margaret Ford, chair of the newly launched Centre for Public Interest Audit, and ICAEW’s own chief executive, Alan Vallance, on high-profile corporate failures. How much damage have they done to public confidence and what needs to happen to reverse it?
I’m Philippa Lamb and here with me I’m delighted to welcome three expert friends of the podcast, Frances Haque, Chief Economist at Santander UK, David Williamson, Chief Political Commentator for the Daily and Sunday Express, and Iain Wright, ICAEW’s Chief Policy and Communications Officer. Hello, everyone.
Frances Haque: Hello, good to see you again. Thank you.
PL: You won’t be surprised here that today we’re going to talk about Donald Trump, what he’s done on trade and tariffs, what he may do in future. I mean, rollercoaster is the word everyone uses. It’s no exaggeration, is it?
Iain Wright: No, and there’s a degree of uncertainty coming out of decisions made in the Oval Office, but that’s where we are in terms of, it’s a volatile, uncertain world and businesses, indeed everybody, has to deal with that, and has done for quite some time.
PL: Would it be fair to say that the more recent announcements have been slightly more welcome?
IW: I think what you had in early April was this enormous shock when he announced tariffs across the board across the world. And now there’s been some rolling back of that, and I think we’ve been, as a country, the beneficiaries of that with the US deal. So we are sort of reverting, in a quiet way, to where we were before the beginning of April.
PL: I mean, Frances, uncertainty, it’s always talked about, isn’t it, as the new normal, but, but it was ever thus, wasn’t it?
Frances Haque: Well, yes. I mean, I think people forget that we did obviously have that period of calm. Was it the ‘great moderation’ it was called? But actually, that’s a very short period of history we’re talking about. I mean, if you think before then, and obviously now after, it is uncertain, and businesses have always managed to cope with it and thrive in some cases. So I think people have just got to go back to a bit more of that sort of mentality, which really means, you know, obviously planning, making sure that the advice that you’re getting is good, you know, from trusted sources. I think that is really important, in this case, you know, whether it’s government or whether it’s, you know, professionals, but businesses can deal with it, people can deal with it. We are actually born to be able to deal with it. So hopefully people will be able to get their head around that.
PL: And rediscover that skill set.
FH: Absolutely.
PL: But David, I mean, Trump’s policies, the constant policy changes, they are playing into this sense of anxiety, aren’t they?
David Williamson: I think so. He does delight in wrong-footing people, and always has throughout his career. And in retrospect, perhaps we shouldn’t have been surprised, but he does seem to have come back in the second term, almost as somebody, you know, he comes from a background in television as much as from business. And it’s as if he’s surprised to have got a second series commissioned. And off the back of that, it’s like, well, this one is going to be memorable.
PL: And he knows there won’t be a third.
DW: Well, commentators, to an astonishing degree, are talking up the possibilities of this still, which is terrifying for constitutional experts who thought this is done and dusted, but this is exactly the type of hares he likes to set running.
PL: Well, Iain, as you say, we’ve got this new trade deal with the US. I mean, what’s your take on that? Winners, losers?
IW: I think we are one of the first to have a trade deal with the US. I think that’s a good indicator of how we’re thought of in the White House. I’ve been on this podcast with you before, Philippa, and I’ve said, what do we sell to the States? And we sell Bentleys and Land Rovers, we sell stuff from GSK and AstraZeneca, we sell Rolls-Royce engines. And if you look at the beneficiaries of the trade deal, it’s automotives – really good deal – it’s aerospace, particularly focused on Rolls-Royce engines, and it’s the life sciences and pharma sector. So all credit to our negotiators on behalf of the UK, focused on our strengths, focused on where we can have really strong wins and have gone and delivered on it. There are some losers. So in my old patch of Teesside, there’s the bioethanol sector, and that is the raw material for a lot of other parts of the chemical industry; really important part of chemical manufacturing in Teesside. By removing tariffs and allowing the US to come in that might be at risk, so that we need to be careful of that.
PL: Yeah, but, as you say, other than that, sectors that have been identified in the industrial strategy as key for us have done pretty well, haven’t they?
IW: I think the focus on, where are we good, what are we strong on? You know, that’s to be commended from the UK government.
PL: So David, we’ve got deals with India, we’ve got news of a deal with Europe now. I mean, it sounds like things are heading in the right direction. Do you think that’s going to rebuild trust in government? Because, obviously, trust in this government since they came to power last year has been very low. It fell off a cliff almost immediately.
DW: It is. It was very interesting at a recent Prime Minister’s Questions where, you know, of course, people try and show anger and things, often it’s quite synthetic, but I think Keir Starmer was genuinely furious when Kemi calls the trade deal with the US, I think the “tiny tariff deal”, and you suddenly saw what people in law courts over the years with Sir Keir’s career must have regularly witnessed of a genuine flash of “do not call it that”. And it’s interesting with the immediate response to the European deal, it’s quite a difficult one, I think, for a lot of Conservative Brexiteers in particular, because they do want the government to keep on doing trade deals. But they are rather surprised on issues like fishing, for example, where economically, yes, it’s not a huge component to the economy at all, but there had been rumours the previous weekend that maybe Europe was pressing for five years of the continued access of EU vessels. Suddenly, it comes to be 12 years, and that’s the sort of totemic issue which reawakens the beast of it. Again, the anger on this side isn’t synthetic at all.
PL: Frances, what’s your take on those deals?
FH: Well, in an aggregate sort of view, they won’t make a massive difference to the, to the bottom line of, you know, GDP, but I think that takes away some of the positivity from it. The fact is, they are being done. There will obviously be elements that people will be happy with, and particularly with Europe, there will obviously be elements that people aren’t happy with. But I think in in general, it does show a way forward. And also I do wonder whether, given this world we’re in where we are going to have more tariffs and they’re going to be for longer and everything else, are there more deals to be done out there, even if they are small, you know, eventually they do accumulate to form something? And, and I go to the point, you know, in terms of focusing on the sectors that really matter to the UK, you know, life sciences is huge, so in some ways, in that respect, it is really positive. So whilst, as I say, in aggregate, perhaps it doesn’t shift the bottom line, I think it does show positivity. And that’s really important, because the one thing that kills growth, economic growth, is uncertainty.
PL: Yeah, exactly. And, as you say, I mean, there are, I hesitate to use the word, the phrase, green shoots, but there’s, there’s a whole array of areas now where there is hope, where there wasn’t hope before, and a new one, which is really quite fresh, is defence, isn’t it? I mean, that could be very good for the UK, more defence spending.
IW: I think, I think this is really important. We’ve probably, you know, if we’re really honest, we’ve probably traded on the US defence umbrella for the best part of 80 years. We’re doing this in the aftermath of VE celebrations. And, you know, it is quite weird that we’ve relied on a neighbour for our defence on the continent of Europe for the best part of a century. Our defence manufacturing is superb. You know, some of the defence companies we’ve got are brilliant, and some degree of one: making sure that we’ve got responsibility for our own security, as well as helping that, you know, industrial growth and potential. You know, that’s a potentially, really exciting thing, whether we can ramp up defence expenditure quickly enough, that is the big question, but in terms of play to our strengths and do what is absolutely necessary for the safeguarding of our nation’s security, it’s the right move.
PL: Conversely, Frances, I’m wondering about things like the rights and protections for the workforce being ramped up, and the anxiety that’s potentially creating amongst investors and inward investors in particular. What’s your thinking?
FH: Yes, I mean, certainly businesses that I’ve spoken to, and they generally are more on the sort of SME side of things, are very concerned about this. And it’s difficult, because, from my perspective, you want to quantify what the effect would be, that’s what people want you to do as an economist. And you’re sitting there going it’s very difficult to quantify exactly how the Bill will sort of feed through to to employment and things like that. My worry is the bottom end of the spectrum will be hit very severely, which is already struggling anyway, because of NICs, because of minimum wage, etc. So I mean that, to me, I’m sure something better could be done, but businesses are concerned about this, perhaps even more so than the NICs and the minimum wage, going back to the point that you can’t really exactly quantify what the effect is going to be.
PL: And does it play into that idea, perhaps, of overseas investors’ perceptions of trusting that the UK actually is a place that’s open for business, particularly if they come from an environment like the US, where the rights and protections of workers are generally much, much lower.
FH: Yeah, that’s quite a hard one, I think, as well, because, I mean, obviously Europe, it’s... we sort of sit in the middle, almost, in the UK. And I do think businesses understand that there need to be some protections. And I don’t think that they’re, you know, they think that that’s a bad thing. But equally, it’s just, it’s the cumulative impact of all these different things coming through. You know, if we hadn’t had NICs or maybe we had a smaller increase in the minimum wage, and we’d had the Rights Bill, maybe people would feel differently. I just think it’s this cumulative impact coming through and this uncertainty that comes with it. And, as I say, obviously businesses can plan, but we’re talking more in that respect about investment and things like that. It’s quite difficult if you don’t quite know the environment that you’re going to, you’re going to be in, which comes back to this point about trust and the fact that you need to know a little bit more about what you’re facing, both now and in five years’ time. And we don’t want to see any of this flip-flopping, which actually, from an investor’s perspective, again, that’s what they want to see. They want to see governments who make a plan and then stick with it.
DW: It’s certainly a huge dividing line, because Kemi Badenoch sees this as one of the key areas where she talks about “this is going to be yet another death knell for jobs and employment”. But that rather, people with long memories, does take you back to the 1992 election, and such things, the lead-up then to 1997 when the minimum wage was being talked about, and it turned out that voters actually weren’t scared of that. So it’s going to be interesting to see what level of anxiety there actually is in the country. I suppose the hope will be that this, if people feel that if they get into the workforce, that they’re not going to be thrown out on their first trip, that they might actually receive more training and such things, therefore you might be more engaged, that’s very much the rosy way of looking at it. But I think certainly the, a lot of the voices we hear are just, as you were saying, Frances, you know, this is the last blow we need when we are just struggling. And where do we find the money to actually invest in the research and developments and that type of thing, which we’re famously not so good at at the moment.
PL: I mean, Iain, you talk to business all the time, where is business’s trust level in government right now, having had all these things arrive on their to-do lists?
IW: I think trust in government, like trust in most things, has evaporated over the last 15 or 20 years, probably accelerated in the aftermath of COVID, you know, in terms of Downing Street parties and that sort of thing. But, you know, it’s a long-term thing, and there’s an erosion of trust in society. That’s where we are. But I think Frances’s point about, let’s try as much as possible to have a long-term plan to show the country this is where we’re going, this is the vision on a hill, and let’s try and get there as much as possible, and we need your help as businesses to get us there. I think that’s what business want. Show us the plan, and we’ll fall in line and work with that.
PL: Because that’s the thing Frances, isn’t it? Business always wants certainty, and very rarely gets it. But in an ideal world, they need to understand what they’re dealing with. But they do have to take long-term decisions off the back of data they have right now, don’t they, and obviously, with Trump’s changing his mind about a whole variety of issues and unexpected things like NICs and, you know, potential hazards in future for employers, all those things play into it’s difficult to make the decisions, but when you’re thinking about things like supply lines, trade routes, those decisions have to be made, don’t they?
FH: Absolutely and it’s like anything, you have to plan, and you also have to plan for the unexpected. And one hopes that you maybe can get advice, or at least have advisers that can help you with some of that, and they obviously need to be trusted. But equally, it’s just really understanding sometimes the risks that are involved, and mapping those out and going, right, okay, this is the plan. But we know if X, Y, Z happens, this is what we need to do.
PL: So scenario planning.
FH: It’s scenario planning, you know, and it’s understanding the risks. Now I accept the fact that sometimes the risks change, and that’s not a scenario you’ve got, but I mean, when we always say it’s, it’s a live document, you know, the, you know, every time I do a quarterly update of my forecast, I’m looking at the risks, what’s changed, what’s new, what, you know, what things should we be focusing on? It’s exactly the same for businesses.
PL: I mean, Iain, as Frances says, high-calibre advice. I mean, there’s a role, a clear role for accountants, right there, isn’t there?
IW: Can I just mention before I go on to advice, which is an important point, both you, Philippa and Frances, have mentioned risk. And one of the things I worry about in terms of the increased cost of doing business, and when you speak to members it is increased cost of doing business, the high concerns about the tax burden. But what was coming out of the Employment Rights Bill, the nervousness from businesses. No one wants to see, you know, a return to Victorian mill owners. People want protection of the workforce, of workers. That’s absolutely right. It stops risk. And what I mean by that is, I’m hearing when you’re interviewing somebody for a post, you’re going, it’s a fine decision this, I’ll err on the side of caution. I’m not going to take you on because if it goes wrong, no fault of either side, but if it goes wrong, I’m going to be lumbered. We want a government that encourages risk-taking, to incentivise growth, not take it away. That’s the concern. But actually, as part of helping to manage risk, good business advice, trusted business advice, is absolutely essential, and you do get that with a chartered accountant. You know, in all this uncertainty, all of this, you know, volatility in the world and domestically, how can I get somebody who I can trust to navigate through that? Choose a chartered accountant.
PL: Particularly SMEs who don’t have great teams of people in house to advise them, actually on the staff, as it were, so yeah. I mean, Frances, what do you think of what Iain said earlier there, it’s key, isn’t it, this idea of appetite for risk?
FH: But that’s what you need. Look at a bank, you know, we have risk appetite. It’s an actual policy, absolutely, and you are looking at that all the time. You know, how much risk do you want to take? And you have to take risk. You cannot run a business without taking risks. And that’s been the way for forever. So, yeah, I totally agree. You do need an environment where you feel you can take the risk.
IW: And the other thing, of course, and it’s very difficult culturally, just in general, in this country, but also in terms of politics, is “and accept failure”. And that’s the key, you know, in order to take risk, you will fail. And that’s not a case of, well, that was my one chance over, it’s a case of, how do we incentivise people to say, well actually, that failure means I’ve learned some lessons, next time I run the risk of having a better chance of success.
PL: The UK, traditionally, has been very bad at that, hasn’t it?
IW: Really bad. Well, forgive me for going on my hobby horse, the Industrial Strategy Green Paper is really strong on lots of things. And one of them is, why have we had such poor productivity and growth over the past 15, 20 years? And it says four things. It says we just haven’t invested enough, you know, low levels of investment. We’re too regionally imbalanced. We’re too focused on London and the South East. We don’t adopt new techniques in things like management and tech, which I think is really interesting. But the fourth thing is we don’t have good market dynamism. We don’t accept that companies are born, they grow, they mature, and then they die. And it’s a case of accepting that ultimately, in a capitalist system, it might be nobody’s fault, the market might shift. You might have made bad decisions as a director, but companies will fail, and we have to accept that. That’s really difficult, especially when jobs are lost. No one wants to see their livelihoods lost. But how do we accept that? That’s culturally really difficult.
PL: Does that cut to the heart of the trust issue? That people find it hard to trust in a future where that’s possible and the certainty they want is what’s going to give them trust. But of course, there can be no certainty. As you say, some companies don’t even make it to maturity. They fail right off the bat. It’s a cultural problem?
DW: Certainly, you look at California and the lionisation of people starting businesses in their garages, but behind all that, and, it’s funny, we now hear that some companies, they weren’t actually in the garage very long, but everyone wants to tell that story. But behind that, you have parents who are willing to put up some cash for their kids to pursue that type of dream. And, you know, in Britain, there is still very much a culture of you play it as safe as you possibly can. Everything is just about saving for the deposit for the house, not for starting some crazy tech start-up, and maybe that’s how the US has so many billionaires.
PL: Yeah, and the geographic shift, I mean, there’s the new South, isn’t there, in the States? This flourishing in Miami, Florida and Texas now, you know, industries that were never there before, like banking and finance, fascinating. I mean, we just haven’t had that, have we?
IW: I always remember my mother saying once, a long time ago, you know, my mother, salt of the earth, greatest woman. But I once told her: “Mum, I’ve got a new job.” And she always said, I’ll always remember this: “Ee, but you’ve got a job.” And that’s just risk aversion.
PL: In a nutshell.
IW: Risk aversion is absolutely a big part of our society.
PL: We could talk about all sorts of things, but I’ve got to wrap it up there. It’s the perfect moment. Thank you very much indeed. Thank you.
Uncertainty brings with it the increased threat of economic crime, and tech, especially AI and in future quantum computing, is making cybercrime ever harder to counter. The cyber attack on Marks & Spencer is perhaps the most compelling demonstration we’ve yet seen of the impact a breach can have on public and investor trust. Now, questions have been asked in Westminster about the government’s own One Login system, and whether it is as secure as it’s claimed to be. Paul Munson is here to discuss the implications. So Paul, good to see you. Thanks for coming in.
Paul Munson: Nice to see you again. Thank you.
PL: This M&S story, it’s still emerging, isn’t it? I mean, we don’t have all the detail, but what do we know so far? Just reprise it for us.
PM: So we know, I think it was, it’s a cyber attack. Some malware was downloaded on to their system. The payment rails in the, in the actual branches, were down for at least a week. It’s five or six weeks now, and there’s still no online, the online platform hasn’t come back up.
PL: And we know customer data was taken, don’t we, but the downside about that is, we don’t really know what the fallout from that will be, because it’s not really going to emerge immediately, is it?
PM: Exactly, yeah. I mean, there’s normally, like, from my experience of these attacks, there’ll be a ransom element, so the perpetrators are looking for money to unscramble the systems and potentially return that data. But I think, you know, my angle on that is, once that data is lost, you don’t really have any control about what happens to it, you know, it could then be sold, you don’t know if they’ve made copies. They probably have, to be honest, once they have access, so a lot of organisations will play down the element of the data loss because, and they may not even know if the systems are critically hindered, how would they actually know the extent of the data loss? That might even harder in itself than the incident and the investigation, to actually fundamentally know exactly what’s happened.
PL: Yeah, and of course, M&S weren’t alone, were they? There was Co-op, there were others, and Co-op initially, I think, the feeling was that they responded in perhaps a slightly bolder, more rapid way, and they recovered more, more quickly. But they’ve still got problems, haven’t they?
PM: I think they took their system down. So when I was explaining the attack, they picked up on the attack, I think a little bit quicker than Marks, took the system down, but then you have to critically rebuild the system. You know, in a very well-ordered organisation, you’ll have back-up tapes, you know, all the things that you need to go back, but you still have to rebuild. And if things like point-of-sale terminals in the shops are down, that’s more hardware. So that may take longer to come back up and running. So it’s not an overnight process to recover from something like this, obviously, however well prepared you are.
PL: And it’s a huge trust breach, isn’t it? And if people didn’t care about cyber breaches before, they do now, because these are household names, you know, people who’ve taken no interest in this sort of story in the past are now alive to the fact that retailers they use every day are subject to them. But we don’t know who the perpetrators are, do we? Do we have any sort of sense of who they might be?
PM: Part of it was I think they’ve got a social sort of agenda, but also, but also, also, you know, normally it’s a monetary agenda. Quite often it’s, it can be state-sponsored crime, you know, North Korea or Russian state-sponsored actors, certainly in terms of the data theft, because it’s a valuable commodity and a valuable asset. And it’s very often, you know, has a sort of government or quasi-government element of, sort of, foreign actors, yeah.
PL: Would it be fair to say, retailers, they’ve not been a classic target, have they? It’s quite a warning to organisations who might think they’re low risk.
PM: Exactly. You know, I work in financial services, and we’re well aware that we hold secure information, customer data. There’s rules from the regulators about how we manage that data, you know, and certainly sensitive payment data from cards and things like that. I think, yeah, I think this wider, sort of, move into general retail has, sort of, caught everybody slightly off guard and and I think as well, you know, maybe wasn’t their highest priority. I would imagine, you know, online retail, their priorities would be something like fraud, for example, you know. And you’re always battling with senior managers in a business to get money to fight any threats that you have. So I think that possibly could explain it, you know, I think this will now obviously be moving up the pecking order that it’s out there. But obviously, I mean, where does this stop? You know, you could see this moving into sort of travel booking sites, lots of other things that are online platforms would possibly be an easy... I mean, that is probably the interesting thing. Where will they go next?
PL: I mean, I’m wondering how much things like open banking, things like these frictionless transactions that we all love so much, you know, click and go, how much do they play into vulnerability?
PM: It’s a sort of two-way street, really. If they’re operating well, they should help that, because you should be proving your credentials, you know, in a trusted way online, that’s the idea of open banking. You can share your credentials securely and obviously, hopefully, prove it to you digitally. You know, that’s the advantage of something like that. I suppose, on the flip side, or the disadvantage is, if those credentials are lost or stolen, it’s more serious, because they have then access to everything about you as a person, you know, your digital identity, which can be a very valuable asset, you know, then you can open accounts, you can make or create companies, pretty much do anything you want once you’ve stolen somebody’s secure credentials.
PL: Well, that brings us to this story about the government’s One Login system and possible gaps in the security of that system, and that’s very concerning, because that’s the system that’s in use in 50 government services right now. It’s six million people using it as it stands.
PM: Particularly concerning if it’s some, you know, a trusted source, what they call a trusted source under the money laundering regulations, you know, one that’s used so widely within government. And because effectively, they’ve got the crown jewels of data, they effectively that One Login identity that you have or wallet would potentially have your passport information, company’s information, all of your banking material, you know, so you imagine how valuable that would be to a fraudster, if they could get hold of all of that information and use it in a secure fashion to open new accounts.
PL: Of course, the difference with the government system, it strikes me, you know, retailers, we could decide whether we want to, you know, leave our bank cards with them, open accounts with them. Government systems, we all have to engage with them, don’t we, so those systems, I mean, it is absolutely vital they’re as robust as they can be.
PM: Yes and obviously, you know, they have to exist. But whether the government is the best organisation to sort of run that, I think the issue sometimes with government tender products is they’re limited in the pool of providers and things like that. We know you’d obviously want the best and most secure solution you could find for a system like that, which may be, you know, a cutting edge sort of fintech or something like that, because that’s effectively what they do. And certainly what’s happening in Europe, they’re creating sort of a European-led digital wallet to be adopted across the European Union, you know, working with payments firms, banks, other holders of data, to actually have one solution that’s very secure.
PL: So a huge system.
PM: Yeah, a huge system. You have to be very careful about the security protocols, because, as we’ve said, it’s so valuable to anybody, and that trust is, you know, absolutely paramount.
PL: I mean, perhaps reassuring, as I understand it, the One Login vulnerabilities were discovered by what I understand is called a “red teaming” exercise. This is external security consultants effectively trying to breach it.
PM: Yeah, so there’s a lot of that goes on in terms of IT security. They will take ex-hackers, or people who know how to do that, but in a sort of official capacity, will then try and, from outside, break into your system, you know, using whatever methods they have. There’s often a lot of back doors in systems or in the way things are coded, and that’s how effectively a lot of this hacking takes place.
PL: Thinking about the market for the data from that potential breach or any other breach. I mean, who is buying this?
PM: So, yes, I mean, I’m not generally on the dark web and I’m sure none of your listeners will be, but I have had some demonstrations when I go to AML events. We had somebody show us the dark web. And effectively, you go through something called the tor or the onion router, and it’s a marketplace, and it looks like eBay, but you can buy stolen passports, stolen details, videos on how to commit fraud.
PL: Yeah. I mean, as you know, our podcast theme today is trust in business. And it strikes me that the breaches we’ve been talking about, even when they’re resolved, mending that trust breach, that’s a very hard thing for an organisation to do, isn’t it? M&S, Co-op, all the rest of it, even if it came to a government breach, even when things are fixed, we then all know, don’t we, that it can happen. I don’t know how they roll that back, do you?
PM: It’s very difficult, and obviously it’s, certainly if you’re in the regulated sector, I think TSB had a hack a while ago, you’re talking about a fine from the regulator, as well as that loss of, yeah, loss in confidence from customers, loss of reputation, loss of trust. I mean, we know Marks it’s had actually an absolute knock-on effect on their share price. Trust is very easily lost, as we know, and takes a long time to rebuild that reputation. And how effectively do you do that? You’ve got to sort of be whiter than white and, effectively, some of these things are very hard not to be hacked, you know, however well you do the job, but however hard you try, it’s very difficult, you know?
PL: But it’s a constant vigilance exercise presumably: upgrading, stress testing, these red teaming exercises...
PM: Yeah, which is money, you know, again, money at the end of the day. And if you’re cash strapped already, because your reputation is hit and your business has been hit, it’s going to be difficult. But I think this whole thing will put that slightly up the pecking order. And I do think IT security, it’s a good time probably for cyber people, because they’re going to be needed, and needed in numbers, you know.
PL: Yeah, certainly sounds like it. Thanks very much, Paul.
PM: Thank you.
PL: High-profile corporate failures and failings have been a feature of the past decade, perhaps most notably, the Horizon software disaster at the Post Office. Thanks to social media, books and a TV docudrama, public interest has been intense, and the damage to public confidence feels reminiscent of the Northern Rock catastrophe right back in 2007. So on top of the operational difficulties created by the low-trust geopolitical and trading landscape we’ve just been talking about, business also needs to rebuild trust among consumers. But what’s needed on management behaviour, governance, regulation and audit to restore that confidence? And how can a balance be found between freeing up companies to flourish and reining in actions likely to dent trust further? With me to share their thoughts on that, I’m delighted to welcome Baroness Margaret Ford, Chair of the newly launched Centre for Public Interest Audit, and ICAEW Chief Executive, Alan Vallance. Thanks for coming in.
MF: Absolute pleasure.
AV: Thanks Philippa.
PL: So, Alan, we don’t have the granular detail on what exactly went on at the Post Office even now. I mean, that work is ongoing. EY is being investigated over its auditing. How significant do you think that scandal has been for consumer trust in business generally?
AV: Well, I think it’s certainly been a significant issue for the Post Office. People rely on institutions, you know, they trust them. I think it’s a sort of broader question. It’s certainly had an impact on trust. And I think the fact that it’s been so well portrayed in the ITV series, I think has had an additional sort of impact. So people are much more aware of what has happened, albeit we don’t know the details. I think people need to know that the institutions are safe, that they can trust them. So I think it’s had a broader impact. These things have some form of contagion about them, but I would also say that the facts are yet to be borne out. We really don’t know what’s happened. So one of the things that I think is a big challenge right now is assuming the worst when we really don’t know what’s happened. But for the people who have been affected, it’s been a terrible situation.
PL: Yeah, and obviously tech and cyber is popping up more and more as a breach of trust issue, isn’t it, with organisations of all sorts. We’ve seen M&S, as we’re recording this, that is ongoing, the Co-op. We’ve seen what happened to M&S’s share price. We’ve now got questions about the government’s One Login system, and quite how safe that might be. Baroness Ford, this is rippling, isn’t it? People who never thought about the Cyber Security Bill, who never really thought about trust in business, are now aware that family names, household names, they’ve got problems, and they’re affecting them directly.
MF: Absolutely affecting them directly. I live in the Western Isles of Scotland, and literally, our Co-op has had nothing in it, nothing in it of fresh food or chilled food for three weeks. Now most people before that, cyber security was some kind of, you know, amorphous kind of concept they might have heard of somewhere. It’s actually very real when it impacts, you know, everyday lives. So we all, I think, now, are very, very aware of how vulnerable all kinds of organisations are to cyber attack, and that’s just a new thing for us all to deal with. But it does really destabilise people, and it can destabilise communities as well.
PL: I mean, going back to the Post Office, Margaret, you said in the Lords last year, “I’ve seen some of the best of corporate behaviour, also examples of some of the worst.” Do you want to elaborate?
MF: I wasn’t speaking about the Post Office in particular. But in my career, I’ve spent time in restructuring organisations, refinancing organisations that got into trouble, and what I was really referring to was a kind of director behaviour or board behaviour that allowed companies to be loaded up with debt that was just unsustainable, that ultimately broke the company; directors who just sat by while ridiculous remuneration schemes were put in place for senior executives that just drove all the wrong behaviours and subsequently destroyed value for shareholders and for savers and investors. So all of those kind of behaviours where the board is not exercising that distance it needs to be from the day to day, not giving that perspective and not providing that challenge, we know how that story ends. So hopefully a lot of those days are, you know, long gone. When I think back in my career, 25 years ago, I think the operating culture now is so much better, but it’s not perfect, so we still need to be vigilant, and we still need improvement.
PL: And the trading environment is very testing, isn’t it, geopolitically, these are very difficult times, and it drives reckless behaviour, even in organisations that would not think of being reckless, it’s very hard for them to operate now, bad decision-making comes from times like these.
AV: I think there’s certainly an increased risk right now with what’s going on. But also, we rely on professionals to do the right thing. Ethics plays a really important part in all of this, and just because times are bad and things are difficult doesn’t mean you should make the wrong decision. So I think it’s behoving on, you know, an individual to sort of stand up and be professional and do the right thing.
PL: Well, accountants have a role to play, don’t they? I mean, not just as CFOs and CEOs, obviously there’s plenty of those in large companies, but also as auditors?
AV: Definitely, and I think that’s true for the professions as a whole, but for the accountancy profession and auditors, they play a key role in making sure that the right thing is done, but that’s called out when they see the wrong thing happening.
MF: And I think also, Alan, one of the things that struck me, not as an auditor but as a company chair over the last number of years, we learned so much during COVID, both boards of organisations and the profession learned so much during COVID. And I think one of the things I see now, and it should stand us in much better stead when we enter kind of choppier waters, is things like the proliferation of reverse stress testing, which used just to be mandated for financial organisations, now routinely is used by all kinds of other cyclical businesses like real estate, who wouldn’t have thought of doing that before COVID, but was introduced to us by our auditors at the time of COVID, and actually has become just part of the kit now. And I think those are great improvements, and those things will be so much more beneficial for companies when we enter the kind of situation we’re in just now, where things are just a lot more insecure and a lot riskier. So I think we learned a lot through COVID that we can take forward as better practice.
PL: It’s heartening to know that corporations are taking those lessons and continuing to run with them, because a lot of things closed down straight after COVID. The “new normal” happened, lessons were forgotten, but you’re seeing that?
MF: Yeah, and during COVID, I chaired two different businesses, one in real estate, which had pubs and shops, and the other one was an independent, sorry, commercial television company. So both of those companies were immediately - in TV advertising dried up straight away, advertising revenue, and in pubs and shops, well, they were closed, we had no customers, but we still had everything else to pay. So we learned a huge amount about surviving during COVID now, hugely helped by the furlough scheme, hugely helped by the government. But companies did learn a lot about surviving. It was a bit like the banks being, you know, at the time of the financial crisis, I worked in an investment bank, and you really saw the business model stripped back to its bare bones. And so many people learned so much. If you want to think about it, I hate the phrase “you’ve had a good crisis”, I think that’s a bit egregious, frankly. But actually, when you’re in, when you’re in that kind of situation, you can learn a lot through adversity, and I’m hoping that a lot of things that companies and directors learned through COVID will be standing them in good stead right now.
AV: I mean, I’d answer that from my perspective. I was running another professional body at the time, the Institute of Architects [RIBA], and to have thought that that sort of organisation could have gone completely digital in the space of three days – without the pandemic, we would never have done that. It is an extraordinary thing. But the organisation reacted. Every other organisation did. We moved into that new world. But I think the real lesson that many of us took from that was to expect the unexpected, to think about managing risk and think about what might happen to your organisation in a much more considered and thoughtful way than perhaps we’d done before. So I think it was a wake-up call for everybody in terms of, you know, how business operates, and that lesson, I think, has really sort of carried on since, in a really good way. So I think I’m seeing a lot more organisations who are doing much more kind of risk-based work, doing more simulation work, you know.
PL: Resilience testing?
AV: Yeah, and ICAEW, we do an annual simulation test of things like IT ransomware, those sorts of things. So we actually take a day out, sit down and simulate what might happen. And I think companies are doing that, and should do that, more and more to be prepared.
PL: It’s interesting, because as I understand it, that’s how the questions have arisen around the government’s One Login system – that it came out of a testing exercise, which, you know, is encouraging.
MF: It’s kind of the point of it, isn’t it?
PL: The point of it, exactly, as you say. But Margaret, the Centre for Public Interest Audit, that has specifically been created to increase trust, hasn’t it? How are you going to do that?
MF: Well, trust is earned, and it’s earned by the organisations for who have responsibility for whatever the public want to have trust in. That might sound a bit kind of the other way around, but you see what I’m getting at. We’re interested in quality above all. And on the back of some of the corporate failures of the last 10 years, I think the profession has been very keen to really bring quality absolutely to the forefront of its thinking. To have a separate organisation that’s just focused on quality, of public interest entity audit, and public interest entity sounds like a bit of, you know, jargon, but these are really organisations that systemically matter in the country, whether they’re banks, deposit-taking institutions, public companies where people’s savings and pensions are, these are all organisations that really, really matter. So they have to be trusted, literally trusted with people’s money, so it’s important for us that we are able to work with all of the different constituencies, with directors, with boards, with the profession, with the people who use accounts, who are the readers of accounts, so the fund managers, the analysts and so on, to work with all of those constituencies to really think about how we can make the product better.
PL: And build in more accountability?
MF: Yeah. I think, again, with accountability comes, it’s one of the flip sides, isn’t it, the trust. So for me, there is certainly plenty of accountability for the profession. The Financial Reporting Council are very quick off the mark if they think there are issues anywhere, and they’re very quick to investigate, and they have the powers to do that. I would probably question whether that’s true of, necessarily, of directors of companies. I’ve been a director of a company for a very long time, so I think I know what I’m talking about, and I think it’s important that directors also feel and are held accountable for their actions, because when things go wrong, quite often the auditors are in the dock. But it’s not the auditors necessarily, who have, you know, overloaded companies with debt. It’s not the auditors who have taken mad decisions on contracts that really had very little margin. It’s not the auditors who typically make those business decisions. So those of us who are directors and who want to be directors of companies have to be accountable for our actions. It’s not for the faint-hearted stewarding public companies, for example, big organisations. It’s not for the faint-hearted. If you do it, you need to know you’re responsible for other people’s money and that they have put their trust in you. So I think it’s up to all of us in those positions to be absolutely at the top of our game and be as good as we can be in those roles.
PL: And how will you be hoping that government will assist you in these efforts? Stick? Carrot? Legislation?
MF: Well, both probably. I’m a great believer in carrots rather than sticks, and I think we’re interested in the forthcoming legislation. I think, Alan, we would all agree that we would hope that there were things there that would help both directors and auditors to do a better job before the event. I mean, none of us should really be focused on, you know, let’s just beat everybody up when it all goes wrong. If it all does go wrong, people should be held to account and should be held to account equally, whether they’re directors of companies or auditors. But I think I would really like to see some proactive things in the legislation as well: better, more timely disclosures, perhaps more, more and more nuanced tools for the auditors in carrying out the audit. So I think there’s quite a few things the government could do, and have signalled that they are inclined to do, so we wait with interest to see what the legislation will bring.
AV: I would completely agree with what Margaret’s saying, I think accountability is key. The majority of the profession, I think, is a willing profession. There are always bad actors in any profession, and that’s the whole process of regulation. But I think it’s really important that there is proportionate regulation. I think it needs to be the right size and shape. I think it needs to invoke investor confidence and public trust, and I think that needs to be put in place. But I think actually we need to see the Bill appear first.
PL: This is the Corporate Governance Bill?
AV: We’ve been expecting it but we’re yet to see it, and we understand that it’s a little while longer yet, so we’re really keen to see the details and then get on and sort of make it happen.
PL: Thinking about wider trust issues. We talked about public confidence in institutions and companies. What about inward investment, Margaret? I mean, how do you this great a focus on governance and regulation will play with inward investment? It’s a double-edged sword, isn’t it?
MF: No, I don’t think it is. No, I don’t. I mean, I take the unfashionable view that actually prudent, good governance is good for investment. I don’t believe that, you know, creating a race to the bottom is the right way to go in terms of a sustainable economy. So for me, proportionate, Alan used the word proportionate, couldn’t agree more. Proportionate regulation actually is a great safeguard for investors. You don’t want to be putting your money, if you and I had money to spare today, you wouldn’t necessarily be going, let’s run along to the high street, see we can find some bloke, you know, who’s flogging us some Bitcoin. You’d take it into a decent building society or a bank and say, what’s your rate of interest? You know, most sensible investors who care about their long-term investments are going to take a really – not that Bitcoin’s a bad investment, I don’t mean that. But you know what I mean? I exaggerate, you know, for effect. But I think the key for me is that investors coming to the UK come because there’s a rule of law here. We have great institutions. They believe we have proportionate regulation. They can trust institutions with their money. There is a great auditing profession. Notwithstanding, there have been some problems in the past, but by and large, most audits are carried out to an extremely high standard, and investors know that, and they trust that. So I don’t think any kind of race to the bottom is any way to go. I think we are in the right place in this country, and I think we’ll continue to be in the right place.
PL: I mean, views do differ, don’t they? I’m thinking about the Trump administration, that’s a low- to no-regulation administration, isn’t it?
AV: Well, I think, you know, we as the UK need to obviously consider what’s best for the UK, but you do need to see it in the context of what else is happening around the world. And sure, there are, there’s quite a lot happening in the US at the minute: the, you know, topical things such as the PCAOB [Public Company Accounting Oversight Board] being sort of folded into the SEC [Securities and Exchange Commission]. What does that mean for regulation? What does that mean for other countries? Because the PCAOB’s remit is not just the US, it’s truly global. So it’s a very complex, interconnected world.
PL: I mean, could that play well for the UK, that degree of chaos in the US?
AV: Well, I think confidence in a market is really important. So the lack of confidence, if things are moving quickly, is playing into, you know, the UK’s strengths, I suppose, but it still remains to be seen what’s going to happen. Because, you know, companies are global, they operate globally. Regulators operate not only within their own jurisdiction, but in others as well. It’s a pretty complex sort of structure and ecosystem that we’re dealing with here.
PL: And companies are agile, as you say, so they’ll go where works for them.
MF: They’ll go where works for them, but the definition of what works for you is what I’m interested in, really. And I just don’t think necessarily that some kind of Wild West works for most serious companies.
PL: Yeah, I mean red tape, as it’s always called, in a rather derogatory way, you know, it’s talked about a lot, isn’t it? SMEs here in the UK talk about it as a burden.
AV: Hmm. Not a new thing, though. When I was at the Law Society we were talking about red tape bureaucracy 10,12 years ago. So it’s not a new thing, but I think it’s always a good thing to be mindful of. You know, again, it gets back to this proportionality about the right framework. Does it allow organisations to, you know, be successful? Does it allow markets to have confidence in terms of investors? Is there public trust? It’s a very complex thing that we’re dealing with, and bureaucracy isn’t helpful.
PL: Yeah, I mean, as we’re recording this, we’ve literally just heard news of, you know, a deal with Europe in certain areas of trade, which is obviously welcome, but post-Brexit, the UK is no longer entirely aligned with Europe on regulation and audit. The regulation, the implications of that must be very widespread.
AV: It definitely is widespread. And you’ve got, I think, a series of really positive announcements about the trade deals with the US and the EU and India.
PL: Yeah.
AV: The devil is in the detail. I think the next bit is where it really starts to get interesting, and where we get into the technical issues underneath that that are going to really decide whether these deals are successful in the context of what it means for UK plc, ultimately.
PL: Yeah, I mean, it’s early days, Margaret, what’s your thinking about the deals so far?
MF: I think the Prime Minister’s taken a very pragmatic approach to this. I don’t necessarily take a political view on it one way or another. I think there’s some sensible things that have been done there that most people would recognise are pragmatic and sensible. Whether you think it’s the thin end of the wedge or whatever in terms of, you know, closer ties with Europe, just depends on your political point of view. But I’m looking at it from a business point of view, and it looks perfectly... some of it looks perfectly rational, sensible stuff to me.
PL: Meshing those regulatory environments as far as is feasible.
MF: As Alan said, it’s a very complex, connected world out there, and what we want to make sure is that companies whose base jurisdiction is the UK are not overly disadvantaged in other jurisdictions. So I think it makes sense for the government to harmonise and to align as much as it can. We’re not, we’re not especially misaligned with Europe, Alan, I don’t think, in terms of accounting standards, in terms of regulatory stuff. So I don’t think that’s the biggest, that would be the biggest area of concern to companies.
PL: Is that your sense too?
AV: To a large degree, but also the mutual recognition of professional qualifications is certainly a hot topic for the profession. And I think with that, there is a real opportunity for the UK’s professional services sector to grow. So we’ve got the industrial strategy coming along. The government have announced that professional services is one of the eight sectors that has huge opportunity, and we would echo that. But to realise that opportunity, importantly, the kind of agreement around things like mutual recognition and professional qualifications is really important to help the professional sector in the UK be an even bigger part of the UK success story than it already is.
PL: Thanks very much indeed. So Alan is still with me, and I thought it would be nice actually, Alan, given that the podcast has been all about trust, all the conversations we’ve had, it’s all been about trust running through it. What’s your thinking about that? Where do you see that trust crisis going?
AV: Well, I think what’s really fascinating is the fact that we’ve had great conversations, but what really strikes me is that it’s never over. We can’t simply assume that just because we talk about it and we do some things, and people now have trust that that will always be the case. This thing will always be something you need to focus on. The job is never done. So whether it’s the government, the regulators, the professional bodies, the firms, directors in companies, we all need to work together, because trust is so critical to the UK, to business, to the public. So I’m very much left with the impression that the job’s never done.
PL: It’s about agility, isn’t it, because the challenges just come thick and fast.
AV: But we’ve got to keep a cool head. We’ve got to be professional. You know, we are professionals at the end of the day, and I think at the heart of everything is public trust.
PL: There are no simple answers to the big challenges we’ve discussed today, and especially that core question of how to build trust, but I think our guests shed a lot of light and we’ll continue to bring you expert analysis as events unfold. If you’re a new listener to the podcast, why not subscribe? You can listen on any app or the website. Turn on notifications, and we’ll send you an alert for every new episode. Listening to the podcast not only keeps you up to speed with news and views you can use in your work, it also counts towards your CPD. If you listen on the ICAEW website, you can record each episode you listen to by just clicking on the “Add CPD” button on the bottom right of your screen. If you would rather listen on a favourite podcast app, no problem: just visit the CPD records section of your online dashboard to log your listens. Thanks for being with us.
