Regulators have made clear their intentions to target misconduct and score firms on culture. 1LoD’s 2019 survey reveals controls functions are responding by taking conduct risk more seriously.
Priorities are changing. Executives in the 1st line say managing the flow of information through the business, shoring up porous Chinese walls, and tackling market abuse and insider trading and doing so globally is given more attention than in previous years. Indeed, according to the 1LoD 2019 Benchmark Report and Survey, 41% of firms ranked global roll out of conduct risk controls as high priority.
“Most control functions are under extreme pressure, as while many firms have a reasonably mature 1st line and 2nd line, firms are thinking about whether they have sufficient numbers of individuals around the globe,” says Jamie Hamilton, Global Business Control Officer at JP Morgan.
Both internally and externally, there is also a focus on having a standardised approach to discussing and measuring non-financial risk. “Firms do live with an amount of operational and conduct risk – it’s almost impossible to get it down to zero – but ideally you want to be able to measure it in a standardised way,” says Hamilton. “That way, it can be managed down to an acceptable level, and businesses don’t have to divert resources away from revenue generation or make wholesale changes.”
Not content with smoothing out the message internally, firms are also attempting to show regulators they are speaking the same language, says Hamilton, by standardising descriptions and measurements of risk.
“That way the regulators, from whichever jurisdiction, know we are not using different formulas, as that causes regulatory angst,” he says. “The industry is trying to grapple with this. Having a standard vocabulary will help both internally and externally.”
What should the 3LOD look like?
Key to tackling conduct risk, says Rafael Gomes, Managing Director, Regulation and Compliance Risk at Accenture, is to address the increasing number of responsibilities that were previously considered the domain of the 2nd line now moving into the 1st.
“There are situations in the 1st line where traders who are heads of desk, have done this a long time and love it, and are now spending more time in governance meetings looking at dashboards of operational risk errors and being asked to perform a governance and management role, rather than doing what they went into business to do,” he says.
Reward good, not bad
At the heart of its conduct risk drive, the FCA demands firms treat customers with respect and uphold the integrity of markets. Good behaviour must be promoted, as market enforcers no longer see a difference between financial and nonfinancial misconduct.
The fruits of this are borne out in the 1LoD survey: 82% of firms said conduct risk is now given the same priority as financial risk inside businesses and 93% believe that the regulatory focus on misconduct over the past 5 to 10 years has changed the culture in banking forever.
“From a conduct perspective, the industry journey started with remediation of past misconduct – LIBOR manipulation, misselling, payment protection insurance,” Gomes says. “Then a second stage focused on fixing processes, and incentives, adding personal accountability to prevent these problems happening again. The third stage was putting the right management information in place, so we can identify if there are issues and exceptions to manage those properly.”
There have been challenges in getting consistent processes and MI, globally, across many different offices, Gomes notes. “Now, there is a real push to cascade down that top level MI into specific desks and specific locations, so it’s not just at senior level and the board, but desk and team supervisors who are looking at conduct risk information.”
Don’t let the team down
The era of individual accountability is causing firms to redouble their efforts around conduct risk strategy and is challenging businesses to draw up their own mandates, in lieu of explicit guidance in the rule books on what exactly ‘conduct risk’ is.
In the UK, the Financial Conduct Authority is continuing to roll out the Senior Manager and Certification Regime (SM&CR) to ensure the correct tone is set, but it is also ranking how the right culture is embedded, which is proving more of a challenge.
Efforts across the industry are focused on making sure everyone from the senior managers, who are on the hook for failings, to junior staff entering the business for the first time, are aware of their responsibilities and the consequences of their actions.
“Conduct is driven by an individual’s line manager as much as the CEO and the board,” says Eleanor Malcolm, Head of Conduct at Julius Baer International. “It is important for managers to understand the risks of their area of responsibility and its impact on the client experience and the drivers of the risk/reward equation.”
She adds, leadership is key to setting the tone for what is acceptable behaviour and creating an environment that will foster a culture of continuous improvement.