The global financial crisis of 2008 drove repercussions across all sectors and provoked a culture shift in how institutions approach conduct risk in banking.
In the aftermath of the crisis, banks suffered detrimental financial effects. Those found to have acted inappropriately were sanctioned, with EU-situated banks alone issuing €45 billion in fines, settlements and redress costs in Europe and the US. The European Systemic Risk Board (ESRB) reports that the Common Equity Tier 1 ratios of European Union G-SIBS (global systemically important banks) “would be, on average, around 2 percentage points higher without such fines.”
According to the Edelman Trust Barometer, in terms of reputational damage resulting from the crisis, financial services remain the world’s least-trusted industry sector for an eleventh consecutive year in 2022.
To mitigate conduct risk in the financial sector, the European Union implemented legislation, including the Market Abuse Regulation (MAR) and Markets in Financial Instruments Directive II (MiFID II). This article describes the conduct risk landscape in banking today concerning the current regulatory environment and how financial institutions can manage their conduct risk framework.
1. What is conduct risk?
Conduct risk relates to actions performed by individuals within an organisation that generate adverse effects on its customers or the markets it participates in, or that reduce competition in some manner. Such behaviours might be associated with the prevailing corporate culture of the organisation or could comprise the actions of rogue individuals. The organisation should develop robust frameworks to manage and mitigate conduct risk in both cases.
Examples of risks relating to employee conduct include:
Example | Description |
Insider dealing | Taking advantage of non-public information that, if made public, would have a significant effect on the price of a financial instrument, in order to inform trades. |
Conflicts of interest | When an individual within the company benefits from an action that is detrimental to the organisation or its clients. |
Retaliation against whistleblowers | Causing detriment to a person who has made a report of wrongdoing in the workplace. Retaliation includes laying a whistleblower off, disciplining them or giving them a negative assessment for no other reason than punishment for issuing their report. |
2. Why is managing conduct risk in banking important?
Banks must prioritise managing conduct risk for the following reasons:
- Unethical behaviour was a major contributing factor to the global economic crisis. The Financial Stability Board reported that the crisis “exposed a number of risk governance weaknesses in major financial institutions, relating to the roles and responsibilities of corporate boards of directors (the “board”), the firm-wide risk management function, and the independent assessment of risk governance.”
- Compliance is no longer the tick-box exercise as some institutions may have previously assumed. Legislation such as MAR and MiFID II contains strict obligations for institutions that require robust compliance systems and processes to achieve.
- Banking and finance underpin the economy and society in general. It is essential that the public trusts these institutions and feels that they are acting for the betterment of society.
- Non-compliance can lead to punitive financial sanctions. In December 2021, the European Commission issued fines totalling €344 million to five banks who, it found, had participated in a foreign exchange spot trading cartel.
3. Conduct risk challenges faced by banks:
There are many challenges banks face in terms of conduct risk. Here are the most important ones:
3.1 Lack of appropriate leadership
The tone from the top is a key driver of corporate culture, and if leadership is taking a soft line on conduct risk, it filters through the organisation.
If your senior directors are not seen to practise good conduct within the business, employees might feel that there is no point in doing so themselves. Even if employees do endeavour to act appropriately, a culture that does not value exemplary behaviour might discourage them from reporting wrongdoing. They could believe that they will be ignored or, in some circumstances, be punished for escalating instances of unethical behaviour that they witness.
Other potential conduct failures of leadership include not applying standards equally to all departments. This is particularly concerning if executives, for example, spare scrutiny to the most profitable units, even when there are reports of wrongdoing.
3.2 Ineffective employee training
Conduct risk does not just relate to purposeful compliance breaches. There can be circumstances in which non-compliant behaviour results from inadequate employee training.
Whether it is in-house staff or contract workers, you should ensure your training programmes are tailored to cover all relevant compliance requirements and provide training promptly. This could entail an understanding of the impact of the company’s products on consumers or the market in general, the correct way to handle a whistleblowing report, the process for pre-clearance of personal trades, and so on.
3.3 Extreme focus on remuneration
By concentrating solely on financial metrics when determining remuneration packages, an issuer can incentivise behaviour that could be categorised as a conduct risk. If the focus is purely on making money to receive a valuable benefits package, this can cause employees to prioritise revenue over conduct, with potentially disastrous results.
Banks should seek to implement payment plans that align with company values and apply them from senior roles downwards, across the organisation. Many executive remuneration packages now incorporate environmental, social and governance (ESG) metrics, which helps to concentrate them more keenly on conduct than simply profit. You can apply the same or similar principle to employees in other positions.
4. How to manage conduct risk
Banks and other financial institutions must manage conduct risk as a priority. With the possibility of receiving dissuasive penalties and damaging the brand’s reputation, neutralising the drivers of misconduct is essential. Here are the necessary steps to take a proactive approach to manage conduct risk, rather than waiting for misconduct to occur before taking action.
4.1 Identify and assess risks
The risks that affect your institution are different from those of other organisations in the sector, so you must identify those risks that are more pertinent to you. Once you have pinpointed those risks that affect your firm, you must assess them to decide where your priorities should lie.
Potential risks include:
- Stakeholders not taking responsibility or being held accountable for unethical behaviour
- Lack of processes for identifying or managing conflicts of interest
- Compliance processes that are too involved or labour intensive
- Monitoring systems that are not fit for purpose
- Making human resources decisions by relying heavily on financial factors
- A company culture that values profit over conduct and ethics
Once you have identified the primary risks at play within your organisation, you must analyse performance and activity to understand which to prioritise. As part of this process, you should:
- Identify ways in which all staff can contribute to a culture of good conduct
- Determine the type of support you can offer to employees
- Decide how the board will perform oversight of organisational conduct
- Discover whether the institution undertakes business practices that could undermine its conduct risk efforts
4.2 Decide on key metrics
To monitor your management of conduct risk effectively, you must identify the key metrics to measure. Identifying the metrics will enable you to display the progress of your efforts and allow you to distribute your resources more effectively.
Make management information (MI) readily available to enable senior leaders to access the metrics. Liaising with the board to understand how they will use the information relating to conduct risk management is also essential for understanding how implementing an ethical culture benefits the organisation and, by extension, its customers.
Create key risk indicators (KRI) in addition to underlying metrics to quantify progress and inform future strategy.
Metrics that you could measure include:
- Number of breaches of your conflict of interest policy
- Number of whistleblowing reports
- Number of training programmes missed
- Number of excessive expense claims made
- Number of employees working excessive hours
4.3 Clarify responsibilities
With the necessary training, employees and leaders should understand their responsibilities relating to conduct risk. It takes a collaborative effort to ensure an organisation remains compliant with regulations and that employees conduct themselves in an ethical manner.
Some examples of relevant responsibilities are:
- Persons discharging managerial responsibilities (PDMR) must notify the relevant regulatory bodies and the issuer if they are undertaking personal transactions with the issuer’s financial instruments within three working days.
- Departments or individuals investigating whistleblowing reports must remain independent and should acknowledge receipt of the report within seven days and present feedback on the outcome of the investigation within three months.
- Employees within investment businesses must inform employers of their personal trading through internal procedures, such as pre-clearance, set in place to aid disclosure. In addition, they must record the desired transaction and the permission or prohibition relating to it.
4.4 Detect conflicts of interest proactively
It is the institution’s responsibility under MiFID II to “take all appropriate steps to identify and to prevent or manage conflicts of interest between themselves, including their managers, employees and tied agents.”
You should have systems in place to reduce the potential for conflicts of interest before they occur. This could be achieved by setting up a rigorous pre-clearance system, avoiding situations where you are providing financial advisory services for any transaction to two competing parties, setting up information barriers between teams, or any other preventative measure.
4.5 Create systems for surveillance
By utilising automated surveillance tools, you can track activities such as employee personal trades and generate notifications in the case of an infraction or suspicious behaviour.
Using the example of employee trades, TradeLog allows organisations to automate their pre-clearance processes by setting parameters based on the company’s priorities and policies. Trades that fall within these thresholds are cleared, whilst those that don’t are rejected. This simplifies the pre-clearance process, improving the speed and efficiency of the system to allow employees to make acceptable trades in good time, reduce the workload of the compliance team and ensure the firm adheres to all MiFID II requirements.
TradeLog also monitors cases on an ongoing basis, flagging violations and producing both standard and customised reports for your audit trail.
4.6 Reward good conduct
Rather than incentivising just financial performance, which has the potential to lead to employees taking on excessive risk or recommending unsuitable products because they may receive a larger commission, you should introduce non-financial factors into remuneration packages.
This package could mean rewarding employees who have achieved high customer service satisfaction ratings, contribute to CSR activities and perform well relating to the ethical codes of the business or similar.
Many companies are already linking executive pay to ESG considerations, which encourages directors to make sound ethical choices and strive to increase profit.
5. FAQs
5.1 Does culture affect conduct risk?
Failure to create an effective risk culture has been named a key driver for banks’ failings leading to the financial crisis and beyond. If the prevailing culture is one of putting profit before ethics, this increases the conduct risk for the organisation. A culture that prizes compliance and good conduct through leadership, training and reward is less likely to incur financial penalties and reputational damage.
5.2 How can a company measure conduct risk?
Choosing metrics that relate to the organisation’s specific situation, aims, and requirements will help measure conduct risk accurately. For example, you might target reducing the number of suspicious transaction reports or whistleblowing reports to understand if your efforts are effective.
5.3 What support can a company offer to improve conduct?
Training and development opportunities help employees understand their obligations, and incentives ensure that they work towards a fairer and more just environment. Leading by example is another way that companies can improve their conduct. If executives are seen to embody the culture they promote, it spreads to all levels of the organisation.
6. Conclusion
Conduct risk in banking has never been so significant. With the compliance environment growing ever more complicated, being able to direct employees towards an ethical culture is essential for protecting the organisation’s reputation and minimising the risks it faces. The financial penalties experienced by much of the banking sector following the financial crisis at the end of the 2000s are still fresh in the mind of many in the industry who want to prevent that from happening ever again.
By using monitoring tools, you can automate your conduct risk management. TradeLog is one of the solutions you can add to your toolbox to help you automate the monitoring and pre-clearance of employee trades while remaining entirely compliant with your MiFID II obligations. Request a free demo for your business today.
7. References and Further Reading
Share this post
Article Summary
- 1. What is conduct risk?
- 2. Why is managing conduct risk in banking important?
- 3. Conduct risk challenges faced by banks:
- 3.1 Lack of appropriate leadership
- 3.2 Ineffective employee training
- 3.3 Extreme focus on remuneration
- 4. How to manage conduct risk
- 4.1 Identify and assess risks
- 4.2 Decide on key metrics
- 4.3 Clarify responsibilities
- 4.4 Detect conflicts of interest proactively
- 4.5 Create systems for surveillance
- 4.6 Reward good conduct
- 5. FAQs
- 5.1 Does culture affect conduct risk?
- 5.2 How can a company measure conduct risk?
- 5.3 What support can a company offer to improve conduct?
- 6. Conclusion
- 7. References and Further Reading