Every company faces a unique set a conduct risks based on their industry and size. Building an effective framework for managing that risk can be a Herculean task. We have identified six core areas to simplify the process.
Since the Financial Conduct Authority (FCA) took over the supervision of consumer protection in 2013, conduct risk has risen to the top of executive agendas.
Conduct risk is broadly defined as any action of a financial institution or individual that leads to customer detriment, or has an adverse effect on market stability or effective competition. The FCA has deliberately set out a very wide definition of ‘conduct risk’, leaving the onus on financial services firms to prove how they are protecting customers.
Businesses that fail to bring conduct risk in line face regulatory action, fines, and reputational damage, which can harm a business for years beyond the event. We have seen significant financial impact on firms due to conduct-related regulatory action—and it can all stem from the actions of an individual.
Because there is a high public interest in conduct risk infringements, it is increasingly important to take a holistic view for an effective defence.
Most businesses stress the importance of senior executives playing a role in conduct risk, particularly in helping to raise the visibility of a programme. Firms with in-house initiatives are intrinsically better at identifying drivers of conduct risk, such as conflicts of interest.
Even with a conduct risk programme already in place, some firms still focus too much on crystalised risk, such as fines and losses, as opposed to developing forward looking risk indicators. Another core question to consider is: when does a product or behaviour move from being reasonable to unreasonable? We call this the tipping point analysis.
Understanding and addressing the drivers of conduct risk is essential in improving standards of behaviour. While the starting point for this journey varies from firm to firm, there are three core areas at the root of conduct risk:
While measuring conduct risk can be a challenge, it may be helpful to assess drivers through three lenses: specific business units; the overall firm; and the strategic medium to long term outlook.
Conduct risk programmes should be tailored to the needs of each firm based on size, business model, and geographic reach. The framework should take into account both short and long-term goals. The firms we have seen with the most successful programmes have regular board-level reviews that assess and challenge the programme. Scenario planning is a key consideration.
While there is no one-size-fits-all solution, we have identified six core areas for a successful conduct risk framework that can be seen in the diagram below. It covers governance, culture and behaviour, inherent and external risk assessment as well as key conduct controls and conduct management information.
© 2021 KPMG LLP a UK limited liability partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.