Conduct Risk: Technology, Processes and People
Interesting term: conduct risk. When I first heard it, my initial thoughts were that it is all about behavioral risk. And I am sure; I was not the only one. But when you're into risk management in the financial services market in the UK, Conduct Risk is quite a bit broader than that. In order to prevent financial service providers from behaving badly like selling the wrong products or providing the wrong information, the UK authorities felt something was needed after the financial crisis. There is now actually an authority that monitors conduct risk in financial services called the FCA or Financial Conduct Authority.
By now, it is a well-established concept and we now often get the question whether we provide a solution to track, measure and manage conduct risk. Our tendency is to answer this type of question with a self-confident "sure we can" is of course obvious, but reality is more complex than that. Conduct risk is an incredibly broad concept and should not be confused with other singular risks or risk categories. The FCA has published many relevant documents (including their 2013 Risk Outlook on http://www.fca.org.uk/static/fca/documents/fca-risk-outlook-2013.pdf) and is pretty clear about its scope.
Conduct Risk: an overarching concept
Conduct risk management requires product review and acceptance processes in order to prevent wrong products from entering the marketplace. It requires IT-risk and quality management to ensure bank employees and online customers get the right information, always accurately and quickly. It requires operational risk and incident management to ensure all runs according to plan operationally. It requires crisis management and business continuity planning to ensure stability and continuity in the business and hence the marketplace. And, of course, it requires behavioral aspects including policy management, hiring procedures, remuneration structures, training and more. And, don't forget anti-money laundering: the FCA recently fined a firm for Â£7.6M for failures in its AML controls. This was the UK subsidiary of a South-African bank so it's pretty global as well. All in all conduct risk is a pretty overarching concept, and this blog just scratched the surface. Conduct risk management requires planning and careful implementation like any other governance, risk management and compliance journey.
The nine key drivers to address it as identified by the FCA are:
Inherent: Information asymmetries, biases & heuristics, inadequate financial capability
Structure & behaviors: ineffective competition, culture & incentives, conflicts of interest
Environmental: regulatory & policy changes, technological developments, economic & market trends
We look at which elements require immediate attention and might need a quick-fix; what does the long-term solution look like, and how does the journey look until is it integrated into the broader risk management strategy and solutions. So, the answer to that question is whether we have a solution for conduct risk is indeed yes. It's technology, its process and it's people. For more information, please contact us.