
Conduct risk: a useful way to carve through chaos?
Conduct risk is a hazy idea, whose success will depend on its effectiveness in managing risk
Conduct has recently become one of the most popular words in the operational risk lexicon. In the years following the 2008 crisis, with financial institutions having been fined billions of dollars over the manipulation of Libor interest rates and global foreign exchange markets, that's hardly surprising.
Today, the talk is of what went wrong with conduct and how it can be fixed – in common parlance, how to manage 'conduct risk'. Certainly, there are plenty of financial services firms that regard this as a high priority: in a recent survey conducted by Risk.net, conduct risk ranked as the second most pressing concern of chief risk officers, heads of operational risk and other op risk practitioners.
Regulators across the globe are also homing in on conduct risk. This has been particularly true at the UK Financial Conduct Authority (FCA), which plans to introduce new rules on conduct, including the controversial Senior Managers Regime, on March 7. Those rules are meant to increase scrutiny over the conduct of senior staff and, interestingly, could also lead to greater probing of firms' prior conduct by their future employees.
What exactly is conduct risk? A typical response might be that conduct risk arises as a result of how firms and employees conduct themselves, particularly in relation to clients and competitors. In this case, poor management of conduct risk might result in problems such as mis-selling, market abuse and fraud, along with lawsuits and fines.
The FCA seemingly favours a more exhaustive definition. The regulator has identified nine drivers of conduct risk, including some as diverse as "technological developments", "regulatory and policy changes" and "ineffective competition". This could be read as an effort to maximise its own jurisdiction, although some practitioners take a similarly broad view. As one recently asked me: if somebody in your organisation fails to conduct client on-boarding checks and you become involved in money laundering, is that financial crime or conduct risk? At some point, everything boils down to a question of conduct – whether it's the conduct of the individual or the firm as a whole.
Looking at the way major banks approach conduct risk, as Risk.net did recently, some differences also emerge. In the past few years, there has been a general trend towards developing a specific treatment for conduct risk – whether that means hiring heads of conduct, setting up committees to deal with conduct-related issues, or merely mentioning conduct risk more frequently in annual reports.
UK banks have been at the forefront of this, hiring former regulators in conduct risk roles and referring liberally to conduct risk in investor communications. Some European and US banks similarly share a renewed focus on conduct and the behaviour of their employees, but describe this in different terms. Others are reluctant to follow suit, fearing that a specific treatment for conduct risk might result in a siloed approach to risk management.
More findings from this research are available here.
The truth is that conduct risk and a variety of other risks overlap and interconnect in many different ways. Defining, organising and managing this hazy no-man's land is the challenge that faces risk practitioners. To a large extent, firms' continuing attachment to the term will depend on how useful it is for achieving this task.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Top 10 operational risks: The umpire strikes back
Tougher regulatory enforcement, new consumer rules and rise of ESG are ringing alarm bells
Ion wasn’t deemed a ‘critical’ vendor by most clients
Software firm escaped heavy scrutiny ahead of cyber attack, says US Treasury official
Op risk data: Stanford fraud haunts banks for billions
Also: Helaba’s crank capital relief; TSE stock price sanction; 1MDB mauls Mudabala. Data by ORX News
Hacked off: banks demand answers after Ion cyber attack
Clients left in the dark about ransomware attack that disrupted futures trading last month
Digital exposure makes fraud management a vital responsibility for financial institutions
Fraud management and detection continue to be an increasing area of concern for financial institutions worldwide
UBS takeover of Credit Suisse to trigger higher G-Sib surcharge
At 14.2%, UBS’s CET1 capital ratio is more than sufficient to absorb the deal
Nasdaq exec criticises VAR models in erratic energy markets
FIA Boca 2023: Model being adopted by rivals is “bad choice” for unpredictable assets, says exchange tech official
Ice exec rejects cloud for critical infrastructure
FIA Boca 2023: SVP Bland “can’t imagine” outsourcing critical infrastructure; DRW’s Wilson warns of concentration risk