The Basics of Conduct Risk


Conduct risk is a form of business risk that refers to potential misconduct of individuals associated with a firm, including employees, third-party vendors, customers or agents interacting with the firm. Read more on conduct risk, what regulators say about it and how to protect against it.

What is conduct risk and why does it matter

Conduct risk is a form of business risk that refers to potential misconduct of a regulated firm or individuals associated with a firm, or any action that has an adverse effect on market stability. Examples of conduct risk include improper trading or an employee and a third-party sharing material non-public information (MNPI). 

Regulated firms are expected to build a culture of good behaviour and leaving no doubt to employees that the firm does not tolerate misconduct. It’s the firm responsibility to understand what conduct risk means in their context and ensure all employees, management and board in addition to all entities are aware of the definition.

The FCA definition of conduct risk

The FCA has not yet defined the term conduct risk, but the regulator talks a lot about conduct risk and why boards and senior management should take a closer look at it. Firms are required to rely on their understanding of what good conduct looks like by following the FCA’s statutory objectives:

  • Consumer Protection;
  • Market Integrity;
  • Effective Competition;

The FCA approach suggests that conduct risk is associated with the firm of employees’ activities that could threaten consumer protection or market integrity.

The Senior Managers and Certification Regime (SMCR) for example increases accountability for senior members of financial services firms for their conduct. The SMCR framework focus on:

  • Accountability on a narrower number of individuals at the top of the bank
  • Set more responsibility for senior individuals
  • Facilitate for both banks and regulators to hold individuals to account

Not only the FCA but regulators across jurisdictions and around the globe are making conduct risk an examination and enforcement priority.  

The Foreign Corrupt Practices Act (FCPA) requires listed companies to make and keep books and records that accurately and fairly reflect transactions that could be considered bribery. 

The Securities and Exchange Commission (SEC), Rule 204A-1, commonly called the “Code of Ethics Rule,” requires registrants to establish a standard of business conduct of all supervised persons. This rule is one of the five most common reasons for a deficiency letter after a SEC exam.

Indicators of conduct risk

It’s a complex task for management in the financial services industry to design and apply a conduct risk framework that is effective and appropriate to their industry. And every firm faces a unique set of conduct risks based on size, business model and geographic area or reach.

A conduct risk assessment now needs to englobe many areas of the organization, making the task even more challenging. Nowadays, the risk assessment goes beyond customers and market protection and should also include activities such as corporate social responsibilities (CSR) and environmental, social and governance (ESG). It leads the conduct risk assessment to become a task in which all areas of an organisation must be a stakeholder.

Thomson Reuters have a great infographic with a set of improved questions and examples that firms should apply. It suggests improvements on the approach and insights on how regulators think about conduct risk.

Tips for a better conduct risk framework:

  • take into account both short and long-term goals
  • have regular board-level reviews to challenge the programme
  • have planned scenarios
  • make sure the framework covers governance, culture and behaviour
  • keep in mind that there is no one-size-fits-all solution

How to manage conduct risk

Firstly, firms should keep in mind that is always possible to improve, revisit and review the framework, in addition, to articulate what is conduct risk, how it applies to their firm, and how to measure it.

According to regulators, especially the FCA the ton from the top is critical to managing conduct risk. It guides the organization values and if well nurtured it can hold the organization together in the same health culture path. MCO has hosted a number of webinars that cover conduct risk and culture topic, including:

A growing number of firms are using software solutions to better manage conduct risk. Such solutions help firms track and monitor conduct-related compliance process flows, with a centralized command control dashboard, behavioural risk scoring, document management, reporting, alerts as well as comprehensive approvals processing.

Conduct risk management systems demonstrate to regulators that a company is serious about monitoring its supervised persons, and can be used in defence of a conduct breach—which can occur in even the most thoughtfully safeguarded organizations.

For more read on Conduct Risk challenges, common scenarios and how RegTech can help, download the free Whitepaper, What is Conduct Risk and How Can Technology Mitigate it?