Conduct Risk Management
Conduct risk surveillance to reduce the risk of unethical and illegal behavior.

What is Conduct Risk?
Conduct risk refers to the risk of inappropriate, unethical, or unlawful behavior by financial institutions or their employees that can harm the firm, customers and other stakeholders or the integrity of the financial markets. This type of risk holds a significant and ongoing focus for regulators, especially in the wake of various financial scandals and the global financial crisis.
Ongoing monitoring and surveillance of company transactions, employee actions and communications across all of the areas of compliance is critical to detect and manage conduct risk—and prevent the unethical behavior, compliance violations and regulatory penalties that come with it.
Impact of Conduct Risk
Conduct risk has a broad reach because it relates to the activities of so many individuals, from senior executives and staffers to customers, vendors and other third-party affiliates.
Failing to comply with laws and regulations that are designed to protect consumers and ensure fair market practices can lead to significant penalties and loss of reputation. It takes just one unexpected infraction — even an unintentional one — to irreparably damage a company’s brand and bottom line.
Examples of Conduct Risk
Suitability violations involve selling products or services to customers that do not meet their investment needs. An example is when a representative sells high-risk investment products to individuals with a low-risk tolerance to obtain a higher commission.
Market Abuse stems from risky and illegal activities, including sharing material non-public information (MNPI), insider trading, market manipulation and other actions that undermine market integrity.
Outside Business Activities become problematic when second jobs, volunteer activities or participation on the boards of other companies are not disclosed as required or when outside affiliations could pose a conflict for the firm.
Gifts and Entertainment pose a risk if activities exceed thresholds set by regulators or the firm or if items are given or received with the expectation of influencing business decisions in return.
Improper Personal Trading is risky when employees fail to disclose and pre-clear trades as required by the firm’s code of ethics or make unethical or illegal trades.
Employee communications expose a firm to risk when employees use off-channel communications or unapproved devices to send messages intending to hide the content of conversations.
Drivers of Conduct Risk
Corporate Culture
A culture that prioritizes profits over ethical behavior can lead to widespread misconduct. Effective conduct risk management requires fostering a culture of integrity and accountability.
Conduct risk is a direct consequence of a poor risk culture, where a firm might enrich itself at the expense of its customers rather than in pursuit of good customer outcomes. It’s a concern that, left to their own devices, a firm’s structures, processes, controls and management culture and incentives will move away from putting the clients first and towards putting profit first, even at the expense of sub-optimal customer outcomes.
Inadequate Controls
Weak internal controls and oversight coupled with a lack of conduct risk monitoring and surveillance can allow misconduct to go undetected and unaddressed. Effective management requires ongoing conduct risk assessment to ensure that controls are adequate and working as expected.
Incentive Structures
Incentive schemes that reward high sales volumes without considering the suitability of products for customers can drive unethical behavior.
Operational and Data Silos
Conduct risk can exist because the left hand often does not know what the right hand is doing. An employee might give a gift to an executive at a company that unbeknownst to the employee is an acquisition target. A gift that would otherwise be an acceptable form of business courtesy could be construed as an act of bribery, triggering a potentially costly investigation.
Reactive “swivel chair” compliance, pivoting across data silos to manage compliance, is a common approach though labor-intensive and error-prone. It can be a poor use of constrained resources that would be better allocated to more value-added activities, like conducting data analyses, identifying trends, and revising policies or procedures.
Lack of Policy Awareness
If employees are unaware of the rules that apply to them, conduct risk can arise from unintentional violation of regulations or inconsistent application of policies and procedures.
Managing Conduct Risk
To manage conduct risk effectively, financial institutions need to implement comprehensive frameworks that include:
Conduct Surveillance across the firm and the areas of compliance to monitor risky behavior proactively and systematically and escalate for timely review and remediation.
Strong Governance to establish clear policies and procedures to identify and manage potential conduct risk and ensure that senior management is accountable for conduct risk management and outcomes.
Training and Awareness to require regular training programs that educate employees about ethical standards and the importance of compliance with conduct risk policies and procedures. Policies and procedures so employees can attest that they received and understood the training are equally important.
Data and Reporting to implement robust systems to surveil and monitor behavior and report any misconduct promptly so it can be swiftly remediated. The ability to analyze data across the many areas of compliance allows firms to develop a holistic view of conduct risk across the organization.
Customer-Centric Approach to ensure that the needs and interests of customers are at the forefront of all business decisions—an area of increasing importance for regulators around the globe.
By addressing these factors, financial institutions can mitigate conduct risk and build trust with their customers and stakeholders, ultimately supporting sustainable growth and market integrity.
How MCO Can Help
Without integrated compliance technology, conduct risk blind spots will certainly exist. The concerns become exponential in larger organizations across physically dispersed teams or teams that operate separately from others in the organization.
MCO’s fully unified compliance platform enables organizations to seamlessly monitor, identify and remedy conduct risk and code of conduct issues. By automating the end-to-end management of request processes, compliance monitoring and exception management associated with conduct risk and code of conduct policies, firms can be confident that they are embedding best practices for conduct surveillance across their compliance program.
