Measure Conduct Risk: 7 Key Risk Indicators To Track

Conduct risk is a relatively recent arrival on the risk landscape. Of course, people have always broken rules, especially those whereby they can profit financially, but it was deemed to be less significant than other risk factors. This is no longer the case, and understanding your conduct risk key risk indicators (KRI) is essential to protect your business. 

In 2014, the chair of the Financial Stability Board (FSB) Mark Carney stated in a letter that “the scale of misconduct in some financial institutions has risen to a level that has the potential to create systemic risks. Fundamentally, it threatens to undermine trust in financial institutions and markets, thereby limiting some of the hard-won benefits of the initial reforms.”

Since then, regulators have made strides to implement legislation that addresses conduct risk. They include: 

1. What are conduct risk key risk indicators?

Conduct risk KRIs are risk metrics that measure how likely it is that a company will experience an unfavourable event relating to the conduct of the people within the business or other stakeholders. Each company’s conduct risk profile will differ, depending on its industry, location and circumstances, but many businesses can have similar conduct risk KRIs. 

You will usually develop your conduct risk KRIs based on the potential risks that your compliance department believes to be most pressing for your organisation. 

2. Why are key risk indicators important for conduct risk?

KRIs act like early warning signs that inform an organisation when it heads down a path that looks set to lead to compliance issues. Just like a key performance indicator (KPI) allows you to monitor your progress towards a goal, measuring your KRIs helps you preempt non-compliant behaviour before it leads to detrimental consequences. 

Failing to foresee and reverse improper conduct can lead to the company receiving financial sanctions, potential legal action and reputational damage. 

Conduct risk KRIs also allow you to quantify each individual risk. This means that you can prioritise the areas in which you focus your compliance efforts for more effective conduct risk management.

3. The 7 conduct risk key indicators to track

3.1 Customer satisfaction score

Just as customer satisfaction score (CSAT) can be a key performance indicator, it can also be a key risk indicator. If your CSAT starts to fall and it becomes a trend, you must investigate to discover if it is related to employee conduct in any way. 

For example, during the financial crisis of the last 2000s, complaints about banks in Spain rose, according to Bank of Spain’s data. Many consumers blamed the financial sector for sowing the seeds of the crisis, and as such, customer satisfaction fell. 

Listening to your customers and understanding why they are dissatisfied can help you halt non-compliant activity. 

3.2 Transparency and advice in the sales process

As part of your conduct risk KRIs, you must track the process of how your employees carry out the sales process with customers. 

As Spanish bank Santander states in its principles for managing conduct risk with customers, “Financial products and services must be designed considering the specific characteristics and needs of customers and should ensure proper levels of consumer protection. Likewise, due care must be delivered, taking into account the interest of customers when selecting and acquiring the products or services of third-party manufacturers, distributors or vendors.”

Being able to display transparency when advising clients is key to proving that you are acting at all times in their best interests. This means providing relevant, unbiased information in an easy-to-understand manner on a regular basis in order to allow them to make a fair comparison with similar products from other companies. 

3.3 Post-sales servicing and issue resolution

A financial institution’s obligation to its customers extends beyond the point of sale and includes servicing the product purchased. Should there be any impropriety after the sale takes place, the customer can make a complaint. 

Tracking the number of complaints made and the rate of amicable resolution is important when looking to avert conduct risk. Analyse how many issues are resolved in-house and how long it takes from complaint to satisfactory resolution. You should also monitor how many complaints are escalated to regulators and third-party entities, such as FIN-NET. 

If complaints are rising and are not dealt with internally, this is a sign that you have a conduct risk issue. 

3.4 Know-your-customer cadence failures

Once a new client has passed the initial know-your-customer (KYC) process as part of your customer due diligence (CDD), this doesn’t mean that your organisation can afford to be complacent. 

The status of an account can change when it becomes established, and there is an ever-present danger that any account could be used to fund terrorism or launder money through your organisation. However, verifying customer data requires a significant investment of both time and finances, and it can be tempting to reduce the cadence with which you screen accounts. 

The level of conduct risk involved in failing to review accounts regularly is great, so monitor the frequency of your checks to ensure you are doing all you can to remain compliant. 

3.5 Percentage of successful claims on insurance products

Customers want to feel that their financial products provide value for money. In the case of insurance products, they may feel they were mis-sold a policy if they cannot successfully claim on it for events they believed to be covered. 

If your percentage of successful claims trends downwards, it could be an indicator that there is an issue with the way that your team is advising on and selling products to customers. If employees are purposefully mis-selling in order to meet targets or to gain commissions, this is a serious example of conduct risk that could prove detrimental to the company and its customers if it remains unchecked. 

3.6 Breaches of conflicts of interest policies

Your internal disciplinary procedures can provide important data relating to conduct risk. If employees find themselves in a conflict of interest with a client, you cannot guarantee that they will provide transparent and unbiased advice.

If the number of employees found to have breached conflict of interest policies is growing, it means there is a failure in your systems, and you are no longer acting in your clients’ best interest. In this eventuality, you should implement better monitoring of employee personal trades to preempt and avoid conflicts of interest. 

3.7 Number of whistleblowing reports

Similarly, if there are more whistleblowing reports from internal stakeholders relating to behaviour inside the organisation, there is obviously an issue at play. Of course, a certain rise in reporting could be related to cultivating a better speak-up culture. In some cases, it could be a good sign that people feel better supported and more comfortable in making reports. However, it could also signify that there is more wrongdoing in the organisation for some reason. 

Once you notice the trend in your conduct risk KRIs, investigate the types of reports being made and their contents to understand the situation on the ground more clearly. 

4. Examples of poor practices

• An organisation does not have a written code of conduct and ethics, making it difficult to create a compliance culture and communicate expectations effectively to employees relating to conduct risk.
• A company fails investigate whistleblowing reports or actively punishes the reporting person for exposing behaviour that, in the eyes of leadership, shows the company in a negative light. 
• An investment firm does not run pre-clearance on its employees’ personal trades, therefore not having access to information about potential conflicts of interest or even possible market abuse. 

5. FAQs

5.1 What is a good risk indicator?

A good indicator needs to be relevant to the types of risk your organisation faces. It should be able to benchmark the impact of a specific risk, and it should be easy to monitor so that the company can use it to predict future issues before they become a reality. You should be able to quantify it to spot trends.

5.2 What are the three components of conduct risk?

Conduct risk relates to activities that affect consumer protection, market integrity and effective competition. Anything that contravenes these principles can be seen to be unacceptable. 

5.3 Is conduct risk an operational risk?

The Basel Committee on Banking Supervision (BCBS) defines conduct risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. Although, there is a significant overlap between conduct risk and operational risk, conduct risk includes strategic and reputational risks. 

6. Conclusion

Measuring conduct risk is essential to foresee and prevent activities within your organisation that could lead to trouble with regulators and dissatisfaction among customers. The weight of legislation within the European Union relating to the financial markets is increasing, so you must identify and set your conduct risk key risk indicators as a priority to avoid compliance issues. 

To reduce your compliance burden, you can use compliance automation tools, such as TradeLog. It can help you speed up the pre-clearance and monitoring of employee trades, preventing conflicts of interest and insider trading. 

Request a free demo to find out how TradeLog can help your business today.

7. References and further reading

• How to enable market abuse monitoring
• Conduct risk examples
• How to prevent insider trading
• Conduct risk in banking
• How to prevent unethical behaviour