The law firm Latham & Watkins says that “for many financial institutions, conduct risk will likely represent the single greatest specie of day-to-day operational risk.” By its nature, it is a wide-ranging concern that keeps compliance departments busy because it can relate to anything from unethical individuals to unhealthy corporate cultures. This article collates conduct risk examples to show the spectrum of risk within organisations.
The volume of legislation relating to conduct risk has increased in recent years with the introduction of laws such as these:
- Market Abuse Regulation (MAR)
- Markets in Financial Instruments Directive II (MiFID II)
- EU Whistleblowing Directive
- General Data Protection Regulation (GDPR)
As such, there are now sanctions and prosecutions enshrined in European Union law for ever more examples of non-compliant conduct, making it essential that your company does all it can to prevent such behaviour.
1. What is conduct risk?
Conduct risk refers to actions taken by financial institutions or individuals that are detrimental to customers or the wider financial market. Conduct risk can result in a financial loss for individuals or organisations, and it can manipulate or reduce competition in the markets.
To battle conduct risk, compliance departments should develop codes of conduct and other mechanisms that reduce the risk of improper behaviour. Here are a few examples of how this can be achieved:
Method | Example |
Training | Ensuring all employees understand their obligations regarding the use of inside information. |
New systems and processes | Introducing a pre-clearance process for employees’ personal trades to prevent conflicts of interest. |
Incentivisation | Adding ethical factors to compensation packages, such as contribution to CSR activities. |
Monitoring and surveillance | Using automated tools that alert the compliance department to non-compliant trades. |
2. 5 conduct risk examples of poor practices
2.1 Mis-selling through inappropriate incentive schemes
Incentive schemes are meant to drive performance within a sales team. However, there is a conduct risk when you incentivise staff to sell certain products over others. Sometimes, those products may not be appropriate for some customers.
Although most employees perform their duties in an ethical manner, when there is a potential to profit from performing an unethical activity at work, some individuals will take this opportunity.
The European Parliament reports that mis-selling, particularly in the wake of the financial crisis of the late 2000s, “has led not only to great losses for retail investors and borrowers but also to a deterioration of trust in financial institutions and supervisory bodies”. Following an investigation by the FSA in the UK, it was found that the “likelihood of mis-selling increases when the value of incentives available to sales staff increases, or when incentives make up a high proportion of a remuneration package for sales staff”.
You should analyse your incentive schemes to ensure that they do not reward wrongdoing. One solution could be to connect them to customer satisfaction ratings. This would encourage employees to find the correct product for the customer, rather than thinking that their responsibility ends at the moment of the transaction.
2.2 Insider dealing
MAR describes insider dealing, or insider trading, as arising “where a person possesses inside information and uses that information by acquiring or disposing of, for its own account or for the account of a third party, directly or indirectly, financial instruments to which that information relates”.
Inside information is “information of a precise nature, which has not been made public, relating, directly or indirectly, to one or more issuers or to one or more financial instruments, and which, if it were made public, would be likely to have a significant effect on the prices of those financial instruments”.
Despite significant penalties for insider dealing under MAR, it does still occur. In June 2022, the French authorities imposed a fine of €80,000 on utility firm Engie for a breach of the prohibition of insider trading rules in 2017. A member of the dispatch team told someone in the trading team about one of the firm’s power plants being unavailable, which was not public knowledge. The trading team then used the inside information to enter into five transactions on two hourly products on EPEX SPOT’s French intraday market.
2.3 Unlawful disclosure of inside information
It is an offence when someone possessing inside information “discloses that information to any other person, except where the disclosure is made in the normal exercise of an employment, a profession or duties,” says MAR.
If an employee at a company possesses inside information about a potential merger that is likely to result in an increase in the price of the shares of that company, they cannot use that information to inform their own trading. But, in addition, they could face significant sanctions if they were to relay that information to friends, family members, journalists or anyone else. Even if the other party does not use the information for financial profit, the act of sharing the information is unlawful except where it forms part of their regular employment duties.
To mitigate the risk of unlawful disclosure of inside information and insider dealing, MAR requires companies to create insider lists that feature all people with access to the inside information. This helps you track who has access to it and narrow down the search for leaks in the event someone discloses the information.
2.4 Inappropriately accessing personal details of customers
When holding or processing personal data as an organisation, it is your duty to protect it from unauthorised access. GDPR says that those who process data must “implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
In Sweden, an investigation into access controls on data held by eight care providers found that there were serious shortcomings. Staff could access patient records to which they should not have had access, which could have led to a major data breach. The Swedish data protection authority, Datainspektionen, fined the organisations involved a combined €6,770,912.
Companies must restrict access to data to only those who need it for legitimate professional reasons.
2.5 Conflicts of interest
When employees of investment firms are advising clients, their personal trading could present a conflict of interest between themselves and the client. For example, if the employee owns stock in a rival of that firm, it might affect how they advise them. This can lead to the client not receiving the best investment advice.
MiFID II states that investment firms should “take all appropriate steps to identify and to prevent or manage conflicts of interest between themselves, including their managers, employees and tied agents, or any person directly or indirectly linked to them by control and their clients or between one client and another that arise in the course of providing any investment and ancillary services”.
In March 2021, the Central Bank of Ireland fined financial firm J&E Davy €4,130,000 for breaches of MiFID II, including allowing employees to decide whether there was a conflict of interest with a client on a case-by-case basis and without independent oversight.
By using an automated pre-clearance system for employee trades, you can set parameters that would decline a transaction taking place if it caused a conflict of interest with a client. This system would prevent these situations from arising.
3. Conduct risk good practices
Here are some of the ways to manage and mitigate conduct risk.
Practice | Explanation |
Establishing a speak-up culture | A speak-up culture encourages employees to blow the whistle on wrongdoing within the organisation. Some whistleblowers fear retaliation for making a report, something which the EU Whistleblowing Directive aims to stop. Another reason to invest in developing the right culture is that identifying and stopping criminal activity in the workplace early can prevent the company from facing financial and reputational damage. Show staff that you value their input through training and incentives. |
Ensuring accountability of senior leaders |
The culture of the organisation cascades from the top. Your senior leaders must show that they value ethical behaviour by setting an example with their behaviour at all times. |
Increasing conduct-focused discussions |
Training should include a discussion of conduct risk as it applies across the organisation in many different ways. It should also form part of company town halls and other internal communications activities. This increases the focus of employees on risk and control and how these feed into their regular working day. |
Analysing data and reporting any conduct risk trends | Sometimes it takes a deep analysis of rich data to spot trends that suggest there is some unethical behaviour. As AI and machine learning gain more popularity, this kind of research will become the norm. |
4. FAQs
4.1 What is a conduct risk strategy?
Your conduct risk strategy comprises all of the steps you take to mitigate conduct risk. This includes implementing employee trade monitoring, using compliant tools for accepting whistleblowing reports and similar.
4.2 What is a conduct risk appetite statement?
The conduct risk appetite statement lays out how a certain function of the organisation will implement the controls established in its content risk strategy. This means the function will run mitigation processes in a consistent manner.
4.3 What types of firms benefit from a conduct risk framework?
If you work in a highly regulated industry, such as the financial sector, a conduct risk framework is essential. In order to remain compliant, understanding the risks and implementing methods for avoiding them is essential for preventing sanctions and reputational damage.
5. Conclusion
These conduct risk examples show you how easy it is to be non-compliant and open your business up to potential sanctions and damaging stories appearing in the press. A solid understanding of the regulatory landscape is important, as is utilising automated solutions for remaining compliant. This saves time and reduces the workload of the compliance function.
For example, TradeLog’s employee personal trade monitoring platform allows you to create a pre-clearance process as well as maintaining surveillance on trades to alert you to non-compliant conduct in line with MAR and MiFID II. Request a free demo today to see how it works for your business.
6. References and Further Reading
- How to prevent insider trading
- How to create a compliance communication strategy
- Why you need a market abuse policy
- How to prevent unethical behaviour
- How to manage and mitigate pre-trade risk
Share this post
Article Summary
- 1. What is conduct risk?
- 2. 5 conduct risk examples of poor practices
- 2.1 Mis-selling through inappropriate incentive schemes
- 2.2 Insider dealing
- 2.3 Unlawful disclosure of inside information
- 2.4 Inappropriately accessing personal details of customers
- 2.5 Conflicts of interest
- 3. Conduct risk good practices
- 4. FAQs
- 4.1 What is a conduct risk strategy?
- 4.2 What is a conduct risk appetite statement?
- 4.3 What types of firms benefit from a conduct risk framework?
- 5. Conclusion
- 6. References and further reading