Conduct Risk Defined
Conduct Risk has many definitions, both broad and narrow. We have identified definitions here from several of the leading global regulators to help set the context and outline the focus that they place on conduct risk and its management. While the definitions vary in emphasis, there are three important elements that combine to define conduct risk:
- The conduct of individuals, both as and as third parties to the firm
- The processes employed by the organization to manage the conduct of these individuals
- The impact of this conduct on customers
The individual can be within the firm or can be a third party to the firm e.g. contractors, agents, vendors and so forth. The negative consequences for the customer and or the company, arising because of the conduct of one of these individuals, or the lack of management of their activities by the company, is known as conduct risk. Like many areas of risk and compliance management, it is not enough to have a policy and procedures. The organization must be actively managing the risk, identifying the issues and tackling them consistently.
Definitions of Conduct Risk by global regulatorsFinancial Industry Regulatory Authority (FINRA)
FINRA also added further scope and definition to conduct risk with its regulatory and examination priorities letter of 2016. In it FINRA highlighted that there was ‘an obligation for firms to establish and maintain a system to supervise the activities of their associated persons that is designed to achieve compliance with securities laws and regulations, and with FINRA rules. We have observed repeated concerns that affect firms' business conduct and the integrity of the markets: management of conflicts of interest, technology, outsourcing and anti-money laundering (AML)’.
The Financial Conduct Authority (FCA)
The Financial Conduct Authority (FCA) defines it as “consumer detriment arising from the wrong products ending up in the wrong hands, and the detriment to society of people not being able to get access to the right products.” It is fair to say that this definition focuses on the harm caused by poor conduct risk management.
The European Systemic Risk Board (ESRB)
The European Systemic Risk Board (ESRB) notes that “the issue is so broad in scope that a single, narrow definition neither seems possible nor desirable.” The ESRB refers to the corollary which it defines as ‘misconduct’ risk and states that these are “risks attached to the way in which a firm and its staff conduct themselves.”
The European Banking Authority (EBA)
The European Banking Authority (EBA) believes that “conduct risk means the current or prospective risk of losses to an institution arising from inappropriate supply of financial services including cases of willful or negligent misconduct.”
The Australian Conduct Regulator (ASIC)
The Australian Conduct Regulator (ASIC) defines conduct risk as “the risk of inappropriate, unethical or unlawful behavior on the part of the organization’s management or employees, which can be caused by deliberate actions or may be inadvertent and caused by inadequacies in an organization’s practice, frameworks or education programs”. This is a particularly interesting definition because it highlights the dangers of a poorly operating risk and compliance program that subsequently leads to the emergence of conduct risk.
Our solutions offer you extensive and integrated functionality that will help you to monitor and manage employees and third parties across many areas of conduct risk including:
- Gifts, entertainment, hospitality and courtesy compliance
- Employee personal trade management and compliance
- Outside business activities by employees
- Political donations
- Third party and vendor risk management