With the creation of the Financial Conduct Authority (FCA) and the rise of ‘conduct risk management’ up the agendas of board and executive teams across the financial service industry, there are many who are asking the question; what is ‘conduct risk’ and what does it mean for my organisation? writes Andrew Smart, CEO of StratexSystems.
Conduct risk is the risk that the conduct of a regulated firm will jeopardise the FCA’s ability to achieve its objective, which is ‘to make relevant markets work well so consumers get a fair deal’. This objective is supported by three broad outcomes that the FCA wants to achieve. These include:
- consumers get financial services and products that meet their needs, from firms they can trust;
- markets and financial systems are sound, stable and resilient, with transparent pricing information; and
- firms compete effectively, with the interests of their customers and the integrity of the market at the heart of how they run their business.
For a regulated firm, what does this really mean? I would argue that conduct risk is not simply another type of risk that needs to be ‘ticked off’ by the compliance team. Rather, we see conduct risk as a central part of enterprise risk management but more fundamentally, a core element of the firm’s approach to strategy.
To successfully deliver on the conduct risk agenda, we believe firms must start by asking themselves if they have defined a clear customer value proposition and whether that proposition is embedded into the firm’s business model and strategy.
Based on our experience working with clients across the financial services industry, we have identified seven key challenges of conduct risk management.
1. Managing and embedding Governance
Perhaps one of the biggest failings that has come to light in the financial services industry since the credit crunch has been the failure of governance within many firms. This was evident immediately after the credit crunch when the realisation dawned on the industry that boards and executives had agreed strategies and taken major business decisions without being fully informed or aware of the amount of risk they had committed the firm to taking. Ineffective board oversight, the ability to contest and other governance weaknesses have been identified as major contributory factors in the near total meltdown of the global financial services industry.
2. Definition of the Business Model
With the creation of the FCA, there is an increased focus on the firm’s business model and the importance of creating a business model that was based on ‘fair customer outcomes’. Given recent industry scandals such as the miss selling of PPI, the miss selling on interest default swaps and Libor, it is not surprising that the new regulator is going to be interested in a firm’s business model and the sustainability of that model without relying on unsafe sales practices or ‘fine print’ containing expected charges.
3. Definition and execution of the Strategy
A central tenet of the FCA’s approach to regulation is to ensure that firms put market integrity and the interests of customers at the heart of their business strategy. The Firm Systematic Framework (FSF) reinforces the emphasis, at the heart of which is the Business Model and Strategy Analysis (BMSA).
From a strategy perspective, the challenge that many financial services firms face is a relatively simple one: how do they embed the customer value proposition and consideration of customer outcomes into their business strategy? Additionally, how do they demonstrate to the FCA that they have put ‘the interest of the customer and market integrity at the heart of how the firm is run’?
4. Enabling and embedding Conduct Risk Management
With the creation of the FCA, there will be many executives and risk management professionals that take the view that conduct risk management will require a new set of processes and procedures, more resources etc. I take a different view. I believe that conduct risk management is best delivered as simply a part of the firm’s existing enterprise risk management (ERM) framework and process. This, of course, assumes that an existing ERM framework is in place, effective and embedded and it addresses key aspects of governance and strategy in an integrated way.
5. Process Management, specifically New Product Development, Sales and Post Sales aftercare
With the conduct risk agenda, the FCA is not only challenging regulated firms at the business model and strategy level to embed risk management, particularly the risk to customer outcomes. It is also challenging firms at the operational level, in particular focusing on sales operations, new product development and post sales aftercare.
6. Product level performance and risk management
One of the powers that the FCA has been granted which was not available to the FSA is the power to intervene early in the product development process and to challenge firms to ensure that all products deliver good customer outcomes. Additionally the FCA will be much quicker than the FSA in making public their investigations, or even their intentions to investigate a firm or a specific product.
7. Conduct incident reporting and analysis
With the FCA’s new powers and obvious determination to ensure that market integrity is maintained and customers receive good outcomes, it is going to be increasingly important that firms have in place a risk events process and technology solution which enables any event to be easily captured and managed through to resolution.
The Eighth Challenge
I have outlined seven key challenges that our clients have reported to us in relation to conduct risk management. These challenges are broad in scope and depth.
While these seven challenges are important and must be met, however, there is an eighth challenge that the FCA has laid down for regulated firms. This is a challenge that many have faced in one form or another over the years and have often failed to meet.
That challenge is how to bring together a whole raft of processes, people and data to create a culture that is focused on delivering customer outcomes just as much as it is focused on executing a trade or making a sale.
Shaping the culture of the firm is the real and most significant challenge that every firm regulated by the FCA is going to have to meet. This will require more than a technology solution to solve.