Conduct risk: an overview

March 19, 2014

By Jane Walshe, Compliance Complete

LONDON/NEW YORK, Mar. 19 (Thomson Reuters Accelus) – Conduct risk is one of the hottest topics in financial services but what exactly is it? This article explores the various definitions of the concept, which can be hard to pin down, put forward by regulators and international standard setting bodies. It will be followed by other articles exploring the findings of Thomson Reuters Accelus’ recent Conduct Risk Report, which provide an industry benchmark showing the work firms are doing in relation to this important area.

The phrase “conduct risk” comprises a wide variety of activities and types of behaviour which fall outside the other main categories of risk, such as market, credit, liquidity and operational risk. In essence it refers to risks attached to the way in which a firm, and its staff, conduct themselves. Although there is no official definition, it is generally agreed to incorporate matters such as how customers are treated, remuneration of staff and how firms deal with conflicts of interest.

Conduct risk: the Financial Stability Board’s view

The Financial Stability Board (FSB) operates under the aegis of the G20 and is charged with developing and promulgating global financial services policies designed to minimise the likelihood of another financial crisis by improving the behaviour of, and risk management within, firms. In its Peer Review Report on Risk Governance, published in February 2013, the FSB identified business conduct as a new risk category, and said:

“One of the key lessons from the crisis was that reputational risk was severely underestimated; hence, there is more focus on business conduct and the suitability of products, e.g., the type of products sold and to whom they are sold. As the crisis showed, consumer products such as residential mortgage loans could become a source of financial instability.”

The realisation that reputational risk was severely underestimated in the period leading up to the financial crisis is a recognition of the critical role which market and consumer confidence play in the maintenance of a functioning financial system. Consumers are only confident where they have been sold products that perform as they have been led to believe, and that are suitable for them. Market participants are only confident where they can trust the integrity of statements made by firms about their financial position, for example.

Thus, integrity and trust take centre stage in the assessment of how firms behave, and how customers and investors are treated. These matters have been subsumed into the idea of “culture”, which itself is an amalgam of specific behaviour (that will differ from firm to firm) and which, when taken together, indicate that a firm is conducting its business in a fair manner.

The FSB has also been consulting on guidance for regulators on how best they can increase the intensity and effectiveness of supervision through interacting with firms on risk culture. The proposed guidance has set out the main elements which contribute to a sound risk culture within a firm. It has also identified core practices and attitudes which could be used as indicators of a firm’s risk culture, as well as criteria for assessing the strength and effectiveness of its culture in managing risks.

The FSB has already articulated what it considers to be the foundation elements of a strong risk culture in its publications on risk governance, risk appetite and compensation. It has broken down the indicators into four parts which need to be considered collectively, and as mutually reinforcing, and has made it clear that looking at each indicator in isolation will ignore the multi-faceted nature of risk culture. The four parts are:

    • Tone from the top: The board of directors and senior managers are the starting point for setting the financial institution’s core values and risk culture, and their behaviour must reflect the values being espoused. The leadership of the institution should systematically develop, monitor and assess the culture of the financial institution.
    • Accountability: Successful risk management requires employees at all levels to understand the core values of the institution’s risk culture and its approach to risk, be capable of performing their prescribed roles and be aware that they are held accountable for their actions in relation to the institution’s risk-taking behaviour. Staff acceptance of risk-related goals and related values is seen as essential.
    • Effective challenge: A sound risk culture promotes an environment of effective challenge in which decision-making processes promote a range of views, allow for testing of current practices and stimulate a positive, critical attitude among employees and an environment of open and constructive engagement.


    • Incentives: Performance and talent management should encourage and reinforce maintenance of the financial institution’s desired risk management behaviour. Financial and non-financial incentives should support the core values and risk culture at all levels of the financial institution.

Conduct risk: the regulators’ view

Most of the major global regulators are engaging with ideas that, when taken together, become conduct risk. The U.S. Securities and Exchange Commission (SEC) states its mission as being to protect investors; maintain fair, orderly and efficient markets; and facilitate capital formation. Its vision is to promote a market environment that is worthy of the public’s trust and characterised by transparency and integrity. More specifically, in its 2012 Agency Financial Report it stated that some of its risk-focused efforts would include enhanced focus on high-risk activities at firms, for example:

    • the valuation of investments that are privately placed, thinly-traded, or otherwise difficult to value (such as securities lending collateral investments);
    • remuneration arrangements, especially when client monies are paid to entities affiliated with the adviser;


    • verification of the existence of client assets.

Inherent in the remuneration point above is the risk of conflicts of interest. The SEC, in common with the UK’s Financial Conduct Authority (FCA) and the Australian Securities and Investments Commission (ASIC) has put public trust and consumer and investor protection at the heart of its work. Activities that contribute to these aims, such as firms only selling products that are suitable for their clients, and operating with a culture that pays due regard to consumer interests, go to make up the concept of conduct risk, which will differ from firm to firm, even though certain elements will be common to all. The FCA has already done plenty of thinking on conduct risk which firms and other regulators can leverage.

In a speech entitled, “Building a common language in the mortgage market”, Linda Woodall, director of mortgages and consumer lending at the FCA, told delegates at the Council of Mortgage Lenders (CML) Mortgage Industry Conference and Exhibition in November 2013 that the FCA deliberately did not have a master definition of conduct risk, and that conduct risk profiles would be unique to each firm. It was impossible to put a one-size-fits-all framework in place to assess it, Woodall said.

The FCA has made it clear that having the right “culture”, i.e., one which puts customers and market integrity at the heart of the firm’s business, is an important component of conduct risk. The FCA has not specifically defined culture either, but has said that it will assess it by looking at areas of a firm’s business and behaviours and drawing conclusions; “joining the dots”, to use the FCA’s own phrase. This may be through a range of different measures such as:

    • how a firm responds to, and deals with, regulatory issues;
    • what customers are actually experiencing when they buy a product or service from front-line staff;
    • how a firm runs its product approval process and what factors it takes into account;
    • the manner in which decisions are made or escalated;
    • the behaviour of that firm in certain markets; and even


    • the remuneration structures.

The FCA has provided ideas on how a firm might begin to assess conduct risk, primarily in its 2013 Risk Outlook, in which conduct risk was identified as having three main causes:

    • Inherent factors: A range of inherent drivers of conduct risk interact to produce poor choices and outcomes in financial markets. These drivers are a combination of supply-side market failures (e.g., information problems) and demand-side weaknesses (e.g., inbuilt biases), which are often exacerbated by low financial capability among consumers.
    • Structures and behaviour: Structures, processes and management (including culture and incentives) that have been designed into and become embedded in the financial sector, allowing firms to profit from systematic consumer shortcomings and from market failures.

    • Environmental factors: Long-running and current economic, regulatory and technological trends and changes are important drivers of firm and consumer decisions.

The regulator has also produced a diagram (reinterpreted below) which can be overlaid onto almost any area of a firm’s business and used to produce a snapshot of where the most likely drivers of conduct risk may lie.

Key drivers of conduct risk

This plan can be cross-referred with the six clear stages of the product lifecycle to produce a thorough assessment of where the firm may be exposed to risk, and to identify the steps that can be taken to reduce those risks.

Consideration of conduct risk issues is also central to the FCA’s methodology when conducting firm-specific supervision under the Firm Systematic Framework, as well as when it is doing event-driven work or looking at issues and products. The three pillars of the FCA’s supervisory framework comprise firm supervision (using the Firm Systematic Framework), event-driven work and work around issues and products.

The Firm Systematic Framework (which replaced ARROW supervision when the Financial Services Authority (FSA) was disbanded and the FCA became operational in April 2013) has as one of its elements an assessment of governance and culture, which includes an evaluation of the effectiveness of a firm’s identification, management and reduction of conduct risk.

Elements of conduct risk will also be present within a firm’s product design, post-sales services and sales processes, which are also analysed by regulators around the world. As an example, these are used by the newly formed Consumer Financial Protection Bureau in the U.S. Conduct risk can be said to permeate nearly every aspect of a firm’s operation, in some way. It will be defined differently for different firms, however, depending on their business model, the markets in which they operate and the nature of their customer base.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see