What is Conduct Risk and How to Deal With It?

The core business goal is to fulfil clients’ and the market’s needs. But what happens if the actions of an employee or company management are unethical or unfair? Mistrust and reputational damage increase. The organisation loses time, money, and other resources. That is why concerns about the potential behaviour, which can cause harmful damage to customers, the industry, and businesses, may be considerable.

This article will discuss practices that can cause damage to clients, examples of misbehaviour, and what causes it. You will learn how to manage conduct risk, benefiting consumers and your organisation.

So, let’s begin with an explanation of the conduct risk. 

Understanding conduct risk

Conduct risk means probable actions from an individual or a regulated firm that lead to detrimental customer consequences and an adverse effect on market integrity. It is a form of business risk. Companies should comply with regulations that minimise misconduct to ensure good behaviour that leads to customer satisfaction and market stability.

The Financial Conduct Authority (FCA) is a key regulator in the UK that deals with the likelihood of unethical actions. The FCA’s main objectives are:

• consumer protection
• financial market trustworthiness
• promotion of fair competition.

The regulator suggests approaches that increase employees’ accountability for providing good business conduct to the market. 

Treating customers fairly (TCF) is a leading principle of a conduct risk framework. It implies that consumers are fully informed, products are targeted to the consumer accordingly, business advice is given fairly and professionally, and there are no post-sales barriers for customers. TCF requires systematic measures within regulated firms, especially in the financial sector.

The Senior Managers and Certification Regime (SM&CR) focuses on competencies and employees’ responsibilities that reduce consumer damage and healthy business conduct. 

Why does tackling conduct risk matter?

The importance of handling conduct risks has increased after the global economic downturn and several scandals. You may remember the deceitful claims, mismanagement, and misbehaviour failures by Enron, Leman Brothers, and Theranos in the USA, the UK Payment Protection Insurance Scandal, the HSBC Tax Evasion And Money Laundering Scandal, the London Whale Scandal in the UK, and many more. 

All those issues led to severe fines, significant penalties, and scandal lawsuits. Another reason is the harmful reputational damage to companies. Many were sued and declared bankrupt.

Conduct risk can significantly damage a company’s reputation, market position, brand loyalty, and customer trust. It can also result in drastic financial and staff problems. 

In this case, handling the probability of damage to clients, vendors, and other stakeholders should be done separately from operational and other risks.

Key components of conduct risk

There are three essential elements of misconduct:

1. Regulation compliance
2. Conduct risk assessment
3. Strategies for misbehaviour mitigation.

Let’s analyse each part of the equation one by one.

Regulation compliance

Companies comply with regulatory conduct risk frameworks that control business activities. The legislation helps mitigate potential misconduct. Firms align with industry standards and regulatory expectations. For example, the USA’s Securities and Exchange Commission (SEC) requires companies to establish standards for managing the conduct of all supervised individuals.

Several documents regulate hazards connected with misbehaviour in a few ways in the UK. The most significant among them are:

• The FinancialConductAuthority (FCA)regulations: The FCA’s statutory objectives are to promote organisation accountability for good customer outcomes, effective competition, and the integrity of the UK’s financial system. The regulations aim to govern risk assessment and apply the most effective mitigation strategies. Treating Customers Fairly (TCF) is one of these regulations, which implies consumer rights protection and prudent business practices.
• The General Data Protection Regulation (GDPR):This consumer protection legislation is adopted to protect consumers’ information from fraudulent activities. Firms should implement measures to ensure consumers’ data won’t be compromised and their financial security is on the proper level.
• Anti-money launderingregulations(AML):The AML was designed to control money laundering and stop terrorism financing and other illegal activities. These regulations are applied to financial organisations, i.e. banks, credit unions, loan providers and other financial services. Financial institutions should implement risk mitigation measures to prevent illicit and fraudulent activities. Among the most practical tools are customer due diligence, including Know Your Customer (KYC), transaction monitoring, and reporting suspicious activities.
• Markets in financial instruments directive II (MiFID II): For investment products and services, regulation prescribes rules for the structure and trading of markets, and standards for business conduct.

Conduct risk assessment

Risk management business models imply that firstly, you need to identify operations that may be the source of conduct risk. Sales activities, inventory management, product design, and financial transactions can all cause such risks within a company.

Then, estimate the hazard level of each operation.

The next stage after assessment is to define risk appetite, which is part of risk assessment and prioritisation. The firm decides how critical the level of risk can be and whether certain management decisions are needed to handle it. For instance, executives can lower risk appetite if the costs spent to prevent risk are much higher than the repercussions. 

Risk appetite should also be connected to TCF principles and the business model’s risk mitigation strategies. 

Strategies for misconduct mitigation

After diligent risk assessment, the organisation chooses the most efficient methods of misbehaviour prevention. Proactive measures are the most effective because stopping harmful aftermath when fraudulent activities occur is extremely hard. 

The most practical strategies include:

• Staff training.
• Meetings.
• Initiating a speak-up culture.
• Developing codes of conduct.
• Creating the company’s conduct risk framework.
• Establishing reporting mechanisms.

Typical examples of misconduct

Companies may encounter a few conduct risks that may result in reputational damage or lowering their customer loyalty. The most standard instances of misconduct are described below.

• Conflict of interest: This notion is typical for situations considering sales or asset management in brokerage firms. Say an employee from one company owns a product from a competitor in the same industry. For example, a sales manager may be interested in selling competitive product B instead of his company’s product A. As a result, the client won’t receive proper investment advice from the firm.
• Insider dealing: This concept applies when employees: a) publicly expose confidential information, which is a commercial secret; b) sell confidential business information, e.g. development plans, technologies, management decisions and other activities.
• Unauthorised access tocustomers‘information: The firm is obliged to protect customers’ data. The GDPR mentions technological and organisational measures and principles that involve data pseudonymisation, data minimisation for professional and personal use, and authorisation to protect consumers’ information.
• Mis-sellingactivitiesare caused by improper incentives: Sales stimulation was invented to incentivise sales managers to sell specific product categories. However, this method can be a source of potential damage because customers may consider those products irrelevant. In the end, customers’ loyalty shrinks, which leads to harmful consequences for the company, i.e., reputational damage.

Mis-selling practices were one of the reasons why the global financial crisis has happened. Unethical staff members were selling a specific kind of product beneficial for them. Clients were underserved and didn’t appreciate financial institutions’ efforts to reduce hurtful outcomes.

Possible solutions to reduce those practices are decreasing or eliminating incentives that accumulate over 50% of sales managers’ income or stimulate wrongdoing. Another solution is to connect customer satisfaction ratings with sales incentives for good conduct to cater to clients’ needs. Then, employees would seek solutions to specific clients’ pain points rather than enrich themselves. 

What causes failures?

Understanding that bad behaviour may pertain to any business, the reasons for customer detriment are universal. Most refer to unethical behaviour, the lack of information, communication, mismanagement, and the deficiency of specific risk aversion measures. All hazard causes may be aggregated into a few groups, which we discuss below.

Communication deficit

The flux of information within the firm about possible prevention measures, incentives for whistleblowing, and the company’s “tone” should be permanent. Otherwise, the illicit behaviour of most employees’ would be difficult to forecast. 

Management should show the example and teach staff regularly to avoid any misconduct. 

Absent or inefficient risk estimation

A lack of hazard identification or assessment or inappropriate risk assessment can cause serious conduct risk management issues. Not quickly or incorrectly estimating perils leads to the potential exposure of misconduct behaviour and all possible negative consequences later on.

Mismanagement of conduct risks

The absence of a strategy or poor strategy is also a source of problems in conduct management. A firm should define the exact methods to handle misconduct of different types. Management should be aware of possible repercussions and the most efficient hands-on strategies and communicate them to the staff. 

A lack of conduct risk management integration 

Conduct risks should be regarded as separate risks. However, all risk measures should be tightly integrated into the company’s strategic planning and daily operations. The autonomous functioning of conduct risk management is unacceptable for any business owner.

All measures to prevent misconduct should permeate the whole corporate structure and communicate constantly and correctly to each employee in every department. 

Employees negligence 

Staff incompetence or recklessness can cause mistakes in their work, which can be a source of harmful actions. These situations happen when staff members don’t suit the position, their performance is misjudged, or they have a lot of freedom in hazard estimation, leading to a wrong risk assessment.

Such situations can be solved with effective risk management and relevant measurements of employees’ performance. 

Wrongdoing risks

Companies can also be exposed to risks of unethical, fraudulent, and illicit behaviour. Then, firms should implement a speak-up culture and specific measures for whistleblowing. Employees should be protected while reporting their colleagues’ misbehaviour.

Managing conduct risk

Companies’ management can create a system that assists in overseeing conduct risks, involving:

• Risk frameworkregulation and its regular revisit: Staff members should know the rules that minimise risks for customers and market integrity.
• Trainingprograms and meetings: These events explain the main provisions for preventing conduct risks.
• Speak-up cultureimplementation: Support and protect employees who blow the whistle to pinpoint adverse behaviour.
• Tracking software: Some firms use solutions that identify risks, monitor related compliance processes and control them through a single dashboard.
• Improvement ofconduct riskassessment: Enhancing indicators alleviates risk management and monitoring processes considering misbehaviour.

How does Wallester help with misconduct?

Wallester’s products fully comply with all financial services industry regulations, KYC, and AML requirements to oversee financial risk areas. We reduce potential conduct risk by ensuring customers’ privacy through 3D secure measures that add an extra verification layer. The likelihood of unethical, illicit behaviours decreases with our fraud monitoring features, which detect and prevent payment card fraud and lower the risk of unfair practices. 
Consider Wallester’s turnkey White Label Solution to successfully launch your branded credit card program and efficiently manage conduct risk.