Last editedJun 2021 3 min read
With so many scandals hitting the headlines over the years due to institutional corruption or reckless individual actions, conduct risk management has become an integral part of running a business.
Prompted by growing consumer mistrust towards financial institutions and new regulations implemented by the Financial Conduct Authority (FCA), modern organisations should be integrating a full conduct risk assessment throughout all of their operations.
The FCA conduct risk definition has two aspects that hold equal importance. Firstly it covers any acts or omissions of an organisation or individuals within the organisation that produce unfair or “poor outcomes” for the customer. The second aspect covers the same acts or omissions that compromise the integrity of the market.
Why conduct risk is important
Most of us will remember the global financial crisis during 2007 and 2008. This was due to conduct risk failures and poor crisis management. Multiple other incidents didn’t result in a global crisis but still had huge repercussions.
Many conduct risk failures have resulted in financial institutions being fined and even receiving additional civil penalties. And numerous personal liability cases have been brought against senior officers and managers.
The other major repercussion of a conduct risk failure is reputational damage. This is a two-pronged repercussion as it not only massively affects the company’s bottom line, it also diminishes their appeal to the top talent in the industry. The talent they do have may also wish to abandon ship before their own careers are affected.
Common causes of risk failures
Conduct risks can be present in practically every part of a business, but several risk failures are common across a wide variety of industries. These include:
Lack of communication
Individual recklessness
Non-existent or inefficient risk assessment
Lack of risk management integration
Lack of communication
Executives deciding on a code of conduct means nothing if it is not communicated effectively throughout the entire organization. Business owners must provide the oversight and authoritative direction of their staff’s conduct by defining the “tone” of the company itself and clearly communicating their expectations for their employees’ behaviour.
While communicating behavioural requirements is crucial, it is equally important that those who set the tone lead by example. Deficiencies in either aspect is poor conduct risk management and should be avoided.
Individual recklessness
Another common cause of risk failure is an individual’s own recklessness despite clear instruction. This usually occurs when certain valuable employees are given too much freedom to assess their own risks and are not monitored sufficiently by those with the authority to rein them in.
Blind reliance on such employees, valuable as they usually are, can be dangerous. Organisations must have limits, checks and balances where even the most reliably competent individuals are concerned.
Non-existent or inefficient risk assessment
Not having a risk management strategy will obviously cause issues for a business. But having an inefficient or ineffective risk management strategy can be equally dangerous. It could even be worse as the business might deviate into conduct risk territory under the impression that everything is just fine.
The main cause of this common risk failure is risk assessment activities that do not actually identify the relevant critical risks accurately or quickly enough. Even when they are identified, they are then not communicated effectively to the correct authorities within the company.
Lack of risk management integration
The lack of risk management integration with other strategic aspects of a business is related to the previous common risk failure, but is worth a separate mention. It occurs when there are unrealistic performance objectives that force employees or entire departments to take questionable risks.
All conduct risk frameworks must be incorporated throughout the strategic planning of a business, including its ultimate goals and performance expectations. Without integration, a company can devalue its market position and even restrict its ability to adapt to changes in the business environment.
How to manage conduct risk
There are several easily accessed metrics that business leaders can use to compile risk management data. On an individual employee level, these metrics include any employees missing or being late for training. It can also include employees who regularly exceed their working hours.
On a wider scale, inspecting any outlying transaction reports that deviate from the usual projections can help a leader quickly identify a potential conduct risk. Keeping tabs on the likes of client entertainment expenses will also quickly highlight any discrepancies that require closer attention.
Many other metrics can provide insight into the conduct of individuals within the company and the company itself. Reviews and complaints can be revealing, especially if there has been some ill behaviour conducted by an individual or a “poor outcome” experienced by a customer. You can also review client communications data, as well as the ongoing results of product design tests and marketing or promotional campaigns.
Business leaders should also monitor financial and other incentives to ensure they are not inadvertently encouraging conduct risks.
We Can Help
If you’re interested in finding out more about conduct risk management, or any other aspect of your business and its finances, then get in touch with our financial experts. Find out how GoCardless can help you with ad hoc payments or recurring payments.