Conduct RiskWHAT IS CONDUCT RISK?
© 2014 MetricStream, Inc. All Rights Reserved.
Today’s Discussion Points
• What is conduct risk?
• What does FCA say about conduct risk?
• Defining conduct risk strategies and objectives
• How to make conduct risk a part of ERM framework?
• Role of technology in managing conduct risk unambiguously a part
of ERM framework
• Q&A
3
Conduct Risk
What is Conduct Risk?
1. What is Conduct Risk ?
4
Conduct Risk
What is Conduct Risk?
Conduct Risk is currently of concern not only to the UK Regulators, but regulators worldwide.
Due to repeated and wholesale mis-selling or market manipulation debacles in recent years, the whole question of market-place conduct has been brought into question.
5
Conduct Risk
What is Conduct Risk?
Various initiatives have been tried across
the various jurisdictions, notably the
Treating Customer’s Fairly from the FSA
and the “Whistleblowing” incentive
scheme by the SEC in the USA, both in a
bid to combat poor behavior's.
6
Conduct Risk
What is Conduct Risk?
Recent UK conduct risk issues examples (and we are not alone)
1: £22bn+ compensation bill for Payment Protection Insurance (PPI)
market Britain's five biggest banks – Lloyds, Barclays, Royal Bank of Scotland, HSBC and
Santander are responsible for about £19.6bn
2: CPP (Card Payment Protection) fined £10.5m and to pay redress of £14m
3: Restrictions to sale of “add-ons” for motor distributors consumers
might end up buying inappropriate or unsuitable products, or receive poor value for
money or both
4: Large-scale mis-sale of interest rate swap mortgages to Small and
Medium-sized Enterprises (SMEs)
7
Conduct Risk
What is Conduct Risk?
PPI is Britain's biggest mis-selling scandal.
The amount set aside is almost double the
£11.8bn (US$18.65) bill for misleading
pension sales, and dwarfs the £2.7bn
(US$4.25) for mortgage endowments mis-
selling.
8
Conduct Risk
What is Conduct Risk?
Common issues in the FS markets
Product design; Terms &
conditions; Mis-selling; Charging
practices; Servicing standards;
Complaints handling; Outrageous
Incentive schemes & pressure selling
9
Conduct Risk
What is Conduct Risk?
Additionally Libor and other indices
manipulation has been covertly
conducted and now created new
issues for the markets and banking as
a whole.
10
Conduct Risk
What is Conduct Risk?
In the same way that Fraud is not a
“Victimless Crime”, Conduct Risk
when crystallised has major
consequences and presents Solvency
and/or Liquidity Risk for all sizes of
financial firm.
11
Conduct Risk
What is Conduct Risk?
The resources required to manage;
Complaints
Remedial Compliance work
Training & Competence
Additional monitoring
Senior Management Time; and
12
Conduct Risk
What is Conduct Risk?
The cost of reparations is a constant
drain on any size of firm from small
adviser practices to international
banks.
13
Conduct Risk
What is Conduct Risk?
However there is no actual definition
of Conduct Risk.
The UK regulators prefer each
company to define their own
meanings and act accordingly.
14
Conduct Risk
What is Conduct Risk?
Checking in the FCA Handbook
Glossary …
Nothing can be found between
“COND” and “conflicts of interest
policy”.
15
Conduct Risk
What is Conduct Risk?
From the various speeches and publications, a number of focus areas become evident and include;
Strategy & Business Model
Board Engagement
Risk Management & Controls
Operations and Regulatory Controls
Customer Journey
Incentives & Rewards
16
Conduct Risk
What is Conduct Risk?
Certain areas the regulator could become involved or be interested in, could include;
Aligning business models to fair treatment of customers
Complaints handling
Product development and governance
Product Intervention
Outsourcing
17
Conduct Risk
What is Conduct Risk?
Remuneration and reward policies
Financial Promotion withdrawal and
prohibition
Conflicts of interest
Incentives
Wholesale
Business Continuity
18
Conduct Risk
What is Conduct Risk?
On January 24th 2014 Mark Carney, Governor of the
Bank of England told bankers at a meeting in Davos
that conduct is replacing capital as the key risk facing
the industry.
He said “Banks must recognise that only exemplary
behaviour can confer social license to global financial
capitalism,” Carney said. “For the system to operate
with integrity, penalties for misconduct cannot be
seen as a cost of doing business.”
19
Conduct Risk
What does the Regulator say?
2. What does the Regulator say
about Conduct Risk?
20
Conduct Risk
What does the Regulator say?
The Financial Conduct Authority (FCA) views Conduct Risk through the prism of their objectives:
– Consumers get financial services and products that meet their needs from firms they can trust.
– Markets and financial systems are sound, stable and resilient with transparent pricing information.
– Firms compete effectively, with the interests of their customers and the integrity of markets at the heart of how they run their business.
21
Conduct Risk
What does the Regulator say?
Conduct Risk =
Risk of not achieving these objectives
22
Conduct Risk
What does the Regulator say?
What about Sales of Products?
The regulators have always encouraged
compliance to work with marketing on
the design and management of products
for consumers
Relatively more involvement in sales
strategy and associated controls
23
Conduct Risk
What does the Regulator say?
The regulators consider that weak
compliance and poor Senior
Management monitoring has lead to
high profile issues in recent years
involved mis-selling.
24
Conduct Risk
What does the Regulator say?
In the mid-2000’s the FSA Introduced
the Treating Customers Fairly initiative
whereby certain desired outcomes
were declared.
These were …
25
Conduct Risk
What does the Regulator say?
Outcome 1 - Consumers can be confident that they are dealing with
firms where the fair treatment of customers is central to the corporate
culture
Outcome 2 - Products and services marketed and sold in the retail
market are designed to meet the needs of identified consumer groups
and are targeted accordingly
Outcome 3 - Consumers are provided with clear information and kept
appropriately informed before, during and after the point of sale
Outcome 4 - Where consumers receive advice, the advice is suitable
and takes account of their circumstances
Outcome 5 - Consumers are provided with products that perform as
firms have led them to expect, and the associated service is of an
acceptable standard and as they have been led to expect
Outcome 6 - Consumers do not face unreasonable post-sale barriers
imposed by firms to change product, switch provider, submit a claim or
make a complaint
26
Conduct Risk
What does the Regulator say?
Does The Old
“Treating
Customer’s
Fairly” (TCF)
Model Work?
27
Conduct Risk
What does the Regulator say?
Do We Need
More Rules?
28
Conduct Risk
What does the Regulator say?
Maybe The Old
TCF Model Doesn’t
Work?
29
Conduct Risk
What does the Regulator say?
Do We Need
More Rules?
30
Conduct Risk
What does the Regulator say?
To help answer that we would have to look at the
relevance of the TCF methods.
Did they work in changing the culture?
Can they, or a form of them, be adopted
universally?
31
Conduct Risk
What does the Regulator say?
In Hong Kong. In November 2013, the Hong Kong
Monetary Authority (HKMA) issued its Treat
Customers Fairly Charter. The charter incorporates
five high-level principles and is primarily aimed at retail
consumers. It is based on the good practices promoted
under the G20 High-Level Principles on Financial
Consumer Protection, promulgated in October 2011. All
retail banks in Hong Kong have signed up to the
charter to pledge their commitment to implementing the
treating customers fairly principles.
32
Conduct Risk
What does the Regulator say?
In Australia, ASIC has taken disciplinary action against a variety of
individuals who had made false statements to consumers or
provided unsuitable advice.
The Future of Financial Advice (FoFA) reforms came into force in
Australia in July 2013 and comprise an array of measures intended
to enhance the customer journey experience for retail consumers
when receiving financial advice.
33
Conduct Risk
What does the Regulator say?
In the USA there is the SEC and FINRA along with other bureaus set
up through various legislation such as Dodd-Frank.
One of these is the "Consumer Financial Protection Act of 2010", that
establishes the “Bureau of Consumer Financial Protection”. The new
Bureau regulates consumer financial
products and services in compliance with federal law.
34
Conduct Risk
What does the Regulator say?
More Rules?
• Between 2008 and 2013 the rules within the UK
regulators handbooks increased by 27%
• The majority of the mis-selling and market manipulation
occurred during this time
35
Conduct Risk
What does the Regulator say?
Regulation
Do we really need more rules?
Perhaps we need greater leadership and
personal responsibility instead?
36
Conduct Risk
What does the Regulator say?
As We Know … The New Regulator
for Conduct in the UK is …
37
Conduct Risk
What does the Regulator say?
A Change of Approach
New FCA supervision regime
New focus – “Conduct Risk” & “market integrity”
Change in approach ~ Reactive to Pre-
Emptive
“Intensive and intrusive” supervision
− Business model analysis; Additional information & reporting
− Increasing focus on thematic & event-driven visits; Deep-dives &
file reviews; CEO certification letters
− Continuing focus on “outcomes”
− Stronger intervention & enforcement
38
Conduct Risk
What does the Regulator say?
New intervention measures, earlier in product
life cycle
E.g. Product bans; Trading restrictions; Permission
requirements
Already reflected in visits & outcomes
• Risk Mitigation Programs (RMPs);
• Skilled Person’s Reports (S166s) & “near S166s”;
• “Attestations” by accountable executives
39
Conduct Risk
What does the Regulator say?
Conduct Risk
40
Conduct Risk
What does the Regulator say?
Clive Adamson, FCA director of supervision, said in
March 2014, on the need to address conduct risk;
“Achieving an effective conduct - or customer-
focused culture is challenging for firms, particularly
for those whose focus has been primarily on
profitability and shareholder returns. …
From what we see, there are key drivers that set and
re-enforce this conduct-focused culture, with the
most important being clear and ongoing leadership
from the top of the organization …”
41
Conduct Risk
Defining Strategies and Objectives
3. Defining Conduct Risk
Strategies and Objectives
42
Conduct Risk
Defining Strategies and Objectives
Questions To Be Asked
What exactly is “Conduct Risk” – how
do we define it?
What are the regulator’s expectations?
What are the practical implications /
challenges for the business?
43
Conduct Risk
Defining Strategies and Objectives
Questions To Be Asked
Is Conduct Risk on your/your firm’s agenda?
Why should you be concerned about Conduct
Risk?
Where does Conduct Risk sit in your Risk
Framework?
1. Operational Risk or as a discrete risk category?
2. Does it underpin or overlay other risk categories?
44
Conduct Risk
Defining Strategies and Objectives
How do we fit “Conduct Risk” into our
existing TCF arrangements and Risk
Management framework?
What impact will CR have on the business?
Where will “Conduct Risk” be going under
the new FCA regulatory regime?
What should we be doing now and what
approach should we take?
45
Conduct Risk
Defining Strategies and Objectives
How is each sector involved?
What does a good Conduct Risk management
framework look like?
What are the key obstacles to increasing
attention on Conduct Risk?
How should Conduct Risk appetite be
measured?
46
Conduct Risk
Risk Framework
4. How to make Conduct Risk a
part of ERM Framework?
47
Conduct Risk
Risk Framework
Firstly you have to decide the areas that Conduct Risk will impact and how best to measure it.
This needs to be considered from top to bottom and bottom to top. The high level ERM Framework, once defined, then has to create the relevant sub categories, which in turn lead to operational areas and functional dependencies at a granular level.
This then needs to be amalgamated and collated much the same as a balanced scorecard exercise.
48
Conduct Risk
Risk Framework
An initial aim is to connect the risks, controls
and other framework elements to your
company’s organisation chart. From there,
you should determine risk capacity, your
company’s current risk profile and its risk
appetite.
Next you should measure your risk appetite
adherence.
Finally, you will need to align your risk appetite
with your company’s risk governance
framework.
49
Conduct Risk
Risk Framework
Risks to Consider(FCA Risk Outlook )
- Products / services
– customer needs & interests
- Distribution channels
– transparency for consumers
- Payment and product technologies
– over reliance, oversight
- Funding strategies / structures
– innovative, complex or risky
- Understanding of risk and return
– customers taking too much risk
50
Conduct Risk
Risk Framework
Board Engagement
Risk Management & Controls
Operational & Regulatory
Controls
Strategy & Business Model
Incentives & Rewards
Customer Journey
51
Conduct Risk
Risk Framework
For each specific impacted area you
then need to assess the;
Conflicts of Interest that may arise
Communications with suppliers and
customers
Competence
Reward & Performance Management
Other Cultural Drivers
52
Conduct Risk
Risk Framework
Conflicts of Interest
Communications
Other Cultural Drivers
Reward & Performance Management
Competence
53
Conduct Risk
Risk Framework
Then across each business area you have to
apply the Conduct Risk drivers to identify the
potential risks for your specific business model.
This should also be linked and enhance a
firm’s existing Treating Customer’s Fairly (TCF)
management practices.
54
Conduct Risk
Risk Framework
Board Engagement
Risk Management & Controls
Operational & Regulatory
Controls
Strategy & Business Model
Incentives & Rewards
Customer Journey
55
Conduct Risk
Risk Framework
Main Product Areas for Consideration
56
Conduct Risk
Risk Framework
When you have decided the areas
that will be impacted and what
management information can be
obtained, the relevant controls and
risk appetite, you can start to build
your bespoke framework.
57
Conduct Risk
Risk Framework
The purpose of this part is to satisfy
the cyclical need to embed the
process and provide a clear
relationship between evidencing your
actions, providing good outcomes and
the resultant good culture.
58
Conduct Risk
Risk Framework
1.Evidence
2. Outcomes
3. Culture
59
Conduct Risk
Risk Framework
FSA/FCA expectations of firms – pro-active engagement with Conduct Risk management
Pro-active response
Board / senior management lead
Action – determine approach & develop framework to manage CR
Robust approach – with measurement
Detailed framework – business-specific
60
Conduct Risk
Risk Framework
Key• Board & Committees
• Executive Management
• Control Functions & Oversight
• Conduct Risk Management
61
Conduct Risk
Risk Framework
Strategy & Business Model
Identification & Assessment
Appetite & Tolerance
Control Measures
Monitoring & MI
Issue Escalation and Management
Reporting & Recording
Governance
& Control
Measures
62
Conduct Risk
Risk Framework
The key to all of the Conduct Risk Framework effectiveness is
the correct monitoring and accurate reporting of data from all
parts of the business to inform the management, senior
management and executive management structures precisely
what is going on.
Accurate Key Results Indicators, Well defined Performance
Indicators, Key Performance Indicators and ultimately the
Pertinent Risk Indicators are vital to the success of this
framework and the provision of comfort to the board that things
are working well.
63
Conduct Risk
Risk Framework
Once your risk identification process is completed then you
should be able to provide a clear picture of the …
As well as demonstrate that the
key governance is effective and
controls the firm with a positive
and workable culture firmly embedded
into the entire operation.
1.Evidence
2. Outcomes
3. Culture
Key• Board & Committees
• Executive Management
• Control Functions & Oversight
• Conduct Risk Management
64
Conduct Risk
Risk Framework
This will provide you with a fully workable and scalable model
that should be fully understood and trained out to your staff.
A simplistic view of your
framework could be;Board
& Exec
Head of Division
Head of Function
Head of Region/Division
Team, Department or Local Manager
Conduct Risk How To Establish Risk Appetite
Lee Werrell Chartered FCSI FISMMOwner – Compliance Consultant
– Lee has been involved in risk & compliance work for; Inter-
dealer Brokers, Retail Banks, Investment Banks,
Stockbrokers, Building Societies other Distribution channels.
– Much of our business at Compliance Consultant is
conducted under NDAs as it involves remedial and corrective
work.
– Lee was appointed a Skilled Person in 2012 by the FSA.
Call us on 020 7097 1434
Conduct Risk How To Establish Risk Appetite
Conduct Risk – How to Establish Risk
Appetite
Lee Werrell Chartered FCSI FISMM
Owner of Compliance Consultant
Contact me on 020 7097 1434
Conduct Risk How To Establish Risk Appetite
• Why Not Buy Your
• Compliance Manual
• From Us ….
• Many Firms Already Have.
• http://bit.ly/ComplianceManualTemplate
Call us on 020 7097 1434
Conduct Risk How To Establish Risk Appetite
Thank You For Your Time
Lee Werrell Chartered FCSI FISMM
Contact me on 020 7097 1434
uk.linkedin.com/in/leewerrell
facebook.com/ComplianceConsultant
@complianceconst @s166reports
Conduct RiskTHANK YOU FOR YOUR TIME