In our latest series, we sat down with Vox Conduct Risk SME Charanpal Matharu to look at the challenges of conduct risk in the banking sector and the steps regulators are taking to apply control methods. Part one is an overview of the conduct risk landscape. Subsequent articles will dive deeper into the topic and draw out specific examples of control and how they were managed. Stay tuned.
The 2008 financial crisis was triggered by a failure to manage bank risk, which saw the equity markets dive, wiping out more than $8 trillion in value between 2008 and 2009. The next banking crisis will likely come from a failure to manage so-called conduct risks – unless effective conduct-related governance is put in place to establish better risk and control methods.
Conduct risk is often defined as the risk that may cause detriment, either financial or non-financial, to customers, an organization, the industry, or other stakeholders. As it has materialized in numerous areas throughout an organization, this broad definition has proven justified. Examples of conduct risk include improper trading or an employee and a third-party sharing material non-public information. It has also been identified as a key risk attributable to other processes, for example, failures in KYC/CLM practices.
Conduct risk continues to present challenges.
The typical way for addressing conduct-related risks in the banking sector is an exercise in applied hindsight. Put another way; misconduct is identified and inspected only after it has taken place or is discovered to be well underway. However, most regulators have concluded that misconduct follows, in no small measure, from toxic cultures that promote illicit self-dealing and other forms of malfeasance. Increasingly, regulators are turning their supervisory attention to better predicting these issues before they happen, such as ensuring organizations manage the conduct risks that may arise in IBOR programs.
Misconduct scandals occur in every industry, but in the financial sector, it has become too frequent. As 2020 drew to a close, conduct-related governance lapses were seen to have led to enforcement actions at several systemically significant global banks and billions of dollars in punitive fines levied by governments and industry sector regulators.
Regulatory landscape and expectations.
Regulators are now better coordinated globally and more consistent in their approach to addressing conduct risk. However, they have highlighted insufficient progress in Conduct Risk Frameworks and Culture Programmes. Here’s what they expect:
- A comprehensive conduct risk framework embedded throughout the organization is subject to continuous review, challenge, and improvement. Many organizations still have much work to do here.
- Technology to bring tangible improvements. The promise of delivery followed by failure has been subject to detailed review. Big data solutions and surveillance technology continue to generate too many false alerts.
- Processes in place to monitor emerging and indicative conduct risk. Horizon scanning is not the panacea.
- Working from home has presented challenges for employers. Information barriers are easily compromised, and the effectiveness of alerts has been put into question. Reliance on technology has increased as front office supervision has become more challenging.
Unsure what will satisfy increasing regulatory inquiry, however, banks struggle to produce credible and compelling evidence that they have well-managed conduct risk protocols in place.
Banks already invest heavily in predictive technologies that allow them to anticipate behaviors externally – such as tools that forecast market movements — giving them a competitive edge. But when faced with predicting internal behavioral tendencies, they feel it is impossible to achieve. This disconnect is no longer defendable – there are tools and approaches that allow banks to achieve higher conduct-risk identification and mitigation standards.
At Vox, we regularly help financial institutions with all aspects of their conduct risk frameworks. Our approach applies our expertise in regulatory compliance and the in-depth analysis of company data, including:
- An analytical review of conduct risk frameworks.
- Analyzing company datasets to identify where risk management failures are most likely to appear.
- Reviewing conduct risk profiles and devising associated remediation plans.
- Implementing mechanisms to embed conduct and culture processes throughout an organization.
- Design and operation of conduct risk management information, specifically individual-based scorecards to identify historical and emerging conduct risks. Our methodology includes other categories that have been particularly appealing to regulators.
- Developing and implementing a supervisory framework that supports global senior manager accountability regimes.