Ever since childhood, there have been expectations set for how we should behave and that doesn’t end when we enter into the workforce. Today, more than ever, conduct in the workplace is under scrutiny. Global regulators have issued rules and findings against firms outlining expectations for managing conduct risk. A few notable examples include:
- The Financial Conduct Authority (FCA) in the U.K. recently enhanced the Senior Managers and Certificate Regime, which is a driving force in personal accountability
- The Australian Prudential Regulation Authority (APRA) in Australia recently released a report after a risk culture review across financial services firms
- The Office of the Comptroller of the Currency (OCC) in the United States recently conducted an examination of more than 40 banks with, reportedly, over 250 items to be addressed over a number of individual firms.
Conduct goes hand-in-hand with the culture within a firm. While the press is often quick to paint bankers as the villain, most of the recent conduct scandals have not been caused by a bad actor or due to malicious intent; there is usually an incentive (reward or recognition) or firm culture which breeds the behavior. Firms, therefore, need to ensure steps are taken to recognize where there may be incentives that are misaligned against the consumer or where the culture is not putting the consumer first.
What tangible steps can firms take?
- Risk framework: firms should include conduct risk and control reviews into their operational risk framework to ensure that conduct is given the same level of attention and challenge as financial and other risks. Business line managers should be responsible for conduct risk within the first line of defense, with appropriate oversight and challenge from the second and third lines of defense
- Recognition: firms should ensure that remuneration and other forms of recognition (such as promotion criteria) do not have unintended consequences. Further to this firms should ensure there are consequences for individuals with inappropriate conduct
- Culture: a firm’s culture should enable individuals to ask “should we?”, rather than “can we?” and there should be appropriate policies and guidance in place, especially for dealing with vulnerable customers, to help individuals make the right decisions. The firm’s culture should also embrace challenge if an unintended consequence of a policy is identified
- Reporting: firms should have an appropriate level of MI related to conduct risk to allow trends and patterns, across individuals and business lines, to be easily identified. MI should include both qualitative and quantitative components and be reviewed by appropriate committees
- Knowledge and Support: firms should ensure individuals have the right training to understand conduct policies, identify conduct risks, and report anything inappropriate. Policies and procedures should be easily accessible and individuals should understand the consequences of inappropriate conduct.
Conduct risk and culture are less tangible than other types of risk (such as counterparty, market, or operational risk). Firms, therefore, need to ensure they have the right level of ownership across all the lines of defense to avoid misdeeds coming under the spotlight, especially in today’s social media world where reports of poor conduct can be shared globally within seconds, which can result in negative financial and/or reputational impacts.