DeltaCapitaConductRiskSurvey2024: NineYearsofEvolvingAccountability,Culture, andTechnologyEnablement
Introduction
It is now nine years since the FCA published its final rules confirming its approach to improving individual accountability in the banking sector and specifically those that cover conduct. Since then, a significant amount of work has been done across the Finance sector to embed the original five Conduct Rules, which were extended last year to include a sixth incorporating consumer duty.
Given the time that has elapsed since their original introduction, Delta Capita wanted to find out how firms’ approach to Conduct Risk rules has evolved. Specific areas we were interested in were organisational accountability, the strength of Conduct Risk focus (regulatory and firm management), how embedded Conduct Risk was both in established frameworks and within a firm’s culture, the impact of new technologies and regulations and what the current Conduct Risk “Hot Topics” were.
Consequently, in Q2 this year, the authors interviewed executives across a number of Global Investment Banks, UK Retail Banks and UK Retail Brokerages who were either responsible for or were stakeholders in the management of Conduct Risk. The executives’ responsibilities covered both the first and second lines of defence and included Heads of Compliance, Heads of Conduct Risk, Business Chief Control Officers, and Business Managers.
All responses were anonymised and a summary of the responses across the topics discussed are provided below. We also highlighted areas that we viewed as best practice.
The 6 Conduct Rules
1. You must act with integrity.
2. You must act with due skill, care and diligence.
3. You must be open and cooperative with the FCA, the PRA and other regulators.
4. You must pay due regard to the interests of customers and treat them fairly.
5. You must observe proper standards of market conduct.
6. You must act to deliver good outcomes for retail customers.
Participants
Survey participants included a wide cross-section of financial institutions to obtain as broad a feedback as possible. Figures 1, 2 and 3 show the respondent distribution by financial institution type and market capitalisation as well as geographical distribution.
Fig 1
Distribution by Type of Financial Institution
Fig 2
Distribution by Market Capitalisation
Fig 3 – Regional Distribution of Respondents
AreasOfDiscussion
Questions were asked to gain insight into the following areas:
Organisational Design
How is Conduct Risk organised across both the first and second line of defence?
Corporate and Regulatory Focus
Has the focus on Conduct Risk increased, decreased, or remained the same over the past five years from a firm and regulatory perspective?
Horizon Scanning
What are the Conduct Risk Horizon Scanning tools and techniques currently employed and how effective are they? What additional tools could be utilised to enhance horizon scanning efforts?
Consumer Duty
How has the implementation of Consumer Duty changed the approach to Conduct Risk?
Culture
How strong is the culture for speaking up within the firm? How effective are the whistleblowing arrangements?Are Conduct Risk education and lessons learned exercises embedded in the firm and how often are good and bad examples of Conduct Risk socialised?
Risk
Management Framework
How integrated is Conduct within the firm's Enterprise Risk Management Framework? How effectively is it being monitored?
Technology
How effectively is technology being utilised in the management of Conduct Risk and what is the impact of Artificial Intelligence?
Hot Topics
What are the current Conduct Risk hot topics?
FeedbackAndObservations
Organisational Design
First Line of Defence (1LOD)
• There was a range of responses from full ownership within individual businesses to ownership residing in Second Line of Defence (2LOD) only.
• 1LOD Conduct Risk Heads reported into either Legal Entity Management or the overall business COO.
• In some instances, further responsibility, including performing independent assessments, resided in the Business Chief Control Officer function.
Second Line of Defence (2 LOD)
• The 2LOD function sat in either the Compliance and/or Operational Risk Functions and were principally responsible for defining methodology, setting policy and ensuring compliance with standards through monitoring and assessments.
Regional Management
• From a regional management perspective most firms had UK aligned Conduct Risk aligned oversight.
Delta Capita’s View on Best Practice Feedback
• Ownership of Conduct Risk by Business Line Heads with a dedicated 1LOD Conduct Risk Head to ensure a consistent and minimum standard approach across businesses.
FeedbackAndObservations
Corporate And Regulatory Focus
Corporate Focus
All firms said that there had been an increase in focus on Conduct Risk both across their organisation as a whole and at the senior management level. The responses for Middle Management were mixed with half of the respondents saying that their focus had remained the same and that it was highly dependent upon individual managers.
Regulatory Focus
A majority of responders stated that regulatory focus has slightly declined as Conduct Risk has become more embedded in firms. Conduct Risk has remained an important topic within regulatory visit agendas and, specifically, as part of the regular dialogues held between the regulators and Accountable Executives. Conduct Risk also remained an important part of the regulators’ business plan
Delta Capita’s view on best practice feedback included
• Annual dedicated firmwide Conduct Risk Week with external speakers being invited and senior management roundtables.
• The establishment of Conduct Risk forums chaired by 1LOD Accountable Executives and increased alignment between Conduct Risk and Culture initiatives were positive developments.
Horizon Scanning
Most interviewees said that they used third party tools to perform horizon scanning. Work was done centrally with a common response being that the process was “effective but not efficient” with horizon scanning data being captured on spreadsheets. There were some comments that the tools needed to be more embedded into the business lines and be more dynamic.
FeedbackAndObservations
Risk Management Framework
Nearly all respondents reported that Conduct Risk was firmly embedded in their Risk Management Frameworks with a Level 1 Risk categorisation.A minority stated that it was not a separate risk type and that, although policies and procedures were in place, there were no defined KRIs.
Regulation – Consumer Duty
For most firms, in particular Retail Banks and Brokerages, the introduction of Consumer Duty and an associated sixth Conduct Rule has refocused them on Conduct Risk. As a result, policies, procedures and training have been updated as Consumer Duty has been embedded further with a consumer outcome and employee behaviour lens.
Delta Capita’s view on best practice feedback included
• Establishing Conduct Risk Committees
• Board approved risk appetite
• Business aligned KRIs that were actively monitored
• Inclusion of Conduct Risk in risk and control assessments
• Conduct Risk analysis and reporting
Technology
Respondents stated that although technology tools had been in place to help identify and monitor conduct risk most were reactive and focused on communication, e.g. word recognition. Many solutions operated independently of each other with little read across. A large number of manual uploads of data were also noted as an issue by some respondents specifically with reference to monitoring data resiliency.
Nearly all respondents said that usage of Artificial Intelligence (“AI”) was at a very early stage with pilots being worked on at most firms but with proactive solutions “some time away”. Generative AI tools were not permitted in several firms.
FeedbackAndObservations
Culture
All firms responded that they believed there was a safe speak up culture in the UK. Some noted that this was not always the case in other regions and that within their firm there was also a “silo mentality” in some areas that inhibited cross business communication.
Delta Capita’s View on Best Practice Feedback
• Regular senior management communication on everyone’s role in escalation and reaffirming a safe environment together with training.
Similarly, all firms stated that they had effective whistleblowing arrangements in place with clear policies, procedures and channels. Supportive evidence included feedback that “a healthy number of issues are being raised” and respondents could cite examples if needed.
Delta Capita’s View on Best Practice Feedback
• Regular communication by the CRO of examples of good and bad behaviour and specific calls/meetings in addition to e-training to discuss specific conduct risk issues.
All firms said that effective conduct training had been established and was embedded.
Hot Topics
A variety of “hot topics” were raised by interviewees including:
• Application of a conduct risk lens to the designing and implementation of trading controls to firms ‘conduct risk.
• The increasing convergence of organisations’ approach to conduct and culture.
• The challenges of monitoring employee usage of an increasing number of communication channels.
All interviewees stated that the most impactful Hot Topic was the development and usage of “AI” and specifically:
• Monitoring individual’s appropriate usage of AI.
• Using AI as a means of monitoring employees behaviours e.g. through predictive technology solutions.
Conclusion
Nine years on from the initial introduction of the conduct rules interviewees gave a positive view of senior management and overall firm focus on Conduct Risk and the embedding of it in their Risk Frameworks. For Retail Firms the introduction of Consumer Duty has led them to look again at the way they monitor and manage Conduct Risk and applying a consumer outcome lens to it.
Whilst firms believed that their speak up and escalation culture was effective, a silo mentality and differences between regions were noted as overall inhibitors to their overall culture. Some firms also stated that more work was needed to increase the integration of Culture and Conduct initiatives.
All reported that more work was needed to leverage technology to improve the efficiency and resiliency of Conduct Risk Monitoring processes. There was also consistent feedback that AI development was still at an early stage but that would significantly change in the next twelve to eighteen months as proof of concepts concluded and solutions rolled out.
Acknowledgement
The authors would like to take this opportunity to thank the firms and the executives who participated in this survey. This report would not have been possible without the generosity with which you gave your time and insights to further our understanding of your firm’s approach to Conduct Risk. Thank you!
AbouttheAuthors
David Long
David is Delta Capita’s COO. Prior to this he held several senior industry positions including Group COO for Credit Suisse EMEA and industry-wide directorships including with the British BankersAssociation and the world’s largest FX broker, EBS Ltd.
David specialises in the study of Conduct and Behaviour and leads Conduct training for the Banking Industry. During his time at Credit Suisse, David led the Global Cultural Programme and pioneered the implementation of Conduct Frameworks in the Industry.
David holds an MBA from the Cass Business School with a specialism in Conduct Risk and is a member of the Institute of Operational Risk.
Nick leads the Non-Financial Risk Practice at Delta Capita and advises a wide range of firms on all aspects of Conduct Risk including designing and implementing Frameworks.
Previously he was at Credit Suisse for twenty-five years where he held a number of functional, regional, and change management roles including Deputy COO for the EMEA region. In this capacity he oversaw the risk and control functions and regulatory relations in over 25 countries.
Nick Wilcock