Regulators Increasing Scrutiny of Conduct Risk, But Most Companies Unprepared

Inaugural survey finds a lack of consistency and clarity defining and regulating "Conduct Risk."

A new survey shows that even though regulators are increasingly looking at conduct risk by companies, there is still great disparity in how firms are defining conduct risk and similarly how regulators are referring to the concept.

According to the Thomson Reuters Conduct Risk Report 2013, firms, in response to an increasing volume of regulatory change, demands and priorities are placing increased importance on conduct risk while working to establish what the concept means for their organizations.

Thomson Reuters Accelus surveyed more than 200 compliance and risk practitioners from financial services firms across the Americas, Europe, Africa, Asia, Australia and the Middle East to find their views on how the industry is defining and dealing with conduct risk. Respondents represented firms from across the financial services sector including banks, insurers and fund managers.

Key findings from the report include:

  • 84 percent of respondents did not have a working firm-specific definition of "conduct risk". 
  • Firms were in broad agreement on what constitutes conduct risk. Culture came out on top (76%), closely followed by corporate governance (74%), then conflicts of interest and reputation (both at 68%).  
  • Firms in Europe and Australasia have done the most work to address conduct risk, while the North America and the Middle East have done the least, according to the survey.  
  • Most of the changes made have been implemented in the last 12 months, suggesting that firms' awareness of conduct risk is growing and that the emphasis which regulators are placing on consumer protection and having the right corporate culture is beginning to take hold.   
  • Almost two-thirds of respondents have implemented arrangements to deal with conduct risk while just over 50% of the firms surveyed reported having no, or a partly developed conduct risk appetite in place.   

"The last 12 months have shown increased focus on conduct risk which is not surprising due to ever-demanding regulatory requirements," says Chris Perry, managing director, Risk, Thomson Reuters.  "Good conduct is good business. The cost of poor conduct is high; not just in terms of enforcement actions, now totaling in the billions of dollars, but also in the reputational damage and the wider erosion in trust that this creates across the industry, as the Thomson Reuters Trust Index reveals," added Perry. "As the public looks to more transparency in our banks, and banks look to preserve and create value, firms and senior managers need to be able to define and measure what "good" looks like in terms of culture and customer outcomes in order to understand and respond to the implications of the regulatory focus on conduct risk."

What is Conduct Risk

Since the financial crisis, regulators have been working to put policies in place to improve the behavior of risk management within firms. Although there is no universal definition of conduct risk, it is generally agreed that the concept encompasses the risks associated with the way in which a firm and its staff conduct themselves. It incorporates matters such as culture, tone from the top, governance, how customers are treated, remuneration of staff and how firms deal with conflicts of interest.

The survey shows that over 84% of firms reported the absence of a working definition of conduct risk indicating the infancy of the field.  When respondents were asked their view as to what the key components are to conduct risk, culture was the most important (76%) followed by corporate governance (74%) then conflicts of interest and reputation (both at 86%). Remuneration was also shown as a key component to conduct risk, meaning the way in which staff are rewarded and incentivized to behave in the right way are significant factors that contribute to a firm's culture.

Progress to address Conduct Risks

The results show that the majority of firms around the world have begun to address conduct risk. Most of the changes have been implemented in the last 12 months indicating that firms' awareness of conduct risk is growing and the emphasis which regulators are placing on corporate culture and consumer protection is beginning to take hold.

Over the last year, half of the firms surveyed have reassessed their approach to culture. South America had the highest change rate with 67% of respondents indicating change and 65% in Australasia. By contrast, only 35% of firms in North America and 38% of firms in the Middle East had reconsidered their approach to culture in the last 12 months.

Since the financial crisis of 2008, remuneration and incentive practices have become increasingly controversial. A recent review conducted by the UK Financial Conduct Authority found that sales rewards and incentive schemes were likely to have exacerbated the risk of poor sales practice.  According to the survey, 66% of firms said that they had reviewed their approach to incentives since 2008, the majority of which (48%) had done so in the last 12 months. Just over half of firms had made changes to their remuneration policy, a third of them in the last 12 months. A further 10% of firms plan to make changes in the next 12 months.

Finally, 22% of firms surveyed said that their organization had not made any changes to address conduct risk. Again, the results show many regional variations with 50% of firms in the Middle East and 1/3 of firms in North America saying they had made no changes. By contrast only 11% of firms in Europe and 12% in Australiasia had done nothing to address conduct risk.

Measuring Conduct Risk

In order for conduct risk to be effective, organizations need to establish and be able to monitor and progress good outcomes for customers.  The survey shows that the most popular way to measure good outcomes is by the analysis of complaints with the majority saying this was undertaken through compliance monitoring programs.  25 % reported that they did not do any specific analysis of customer outcomes.

Monitoring conduct risk is extremely important to gauge the success and failures of an approach. The majority of respondents said there was a healthy degree of assessment by risk management functions. Corporate governance (42%), the treatment of customers (39%) and financial capabilities (34%) were the top three issues that were captured in monitoring programs.

Board involvement is also critical to the successful implementation of conduct risk.  The survey showed that boards did set the appropriate cultural and governance message with 83% of respondents responding positively. Board focus on conduct risk has also increased in the last year in 44% of firms-this is largely driven by greater regulatory focus in the area.

Loading