Board-level focus on culture and conduct risk is increasing as firms face up to exacting regulatory standards. What else has our annual in-depth survey revealed about compliance trends?
Compliance and risk practitioners from more than 750 financial services firms across the world, including banks, brokers, asset managers and insurers, have taken part in our fourth annual Culture and Conduct Risk survey where we found 29% turned down a potentially profitable business due to culture or conduct risk concerns.
The report is a valuable and trusted resource, with last year’s edition being read by more than 6,000 firms and global systemically important financial institutions (G-SIFIs), regulators, local government, law firms and consultancies.
This year’s survey was extended to cover culture in firms, in recognition of both regulatory focus and the critical impact it has on conduct risk.
Neither culture nor conduct risk are new concepts, but both remain at the top of firms’ and regulators’ list of priorities.
Tone from the top
Continuing the trend of recent years, almost half of firms (48 percent) said the amount of focus on conduct risk at board level had increased in the last year.
It is perhaps a measure of the depth of the challenges faced by firms that, although there has been a consistent increase in the level of focus on conduct risk, there has not been material progress in either setting the tone from the top or the working definition of conduct risk.
Whilst regulators have chosen not to define the term conduct risk, preferring instead that firms should do so in a way that is meaningful to their businesses, 2016 saw a reduction in the proportion of firms that have a separate working definition of conduct risk (21 percent in 2016; 36 percent in 2015).
This was evident across all regions, with a higher percentage of firms in North America (86 percent) and Asia (84 percent).
There was a marked difference in the G-SIFI population where 68 percent (57 percent in the previous year) had a working definition of conduct risk.
Top 3 risk challenges
In the survey, the top three conduct risk challenges for the board were identified as:
- a changing regulatory environment
- the developing of metrics and management information
- the embedding of an appropriate culture.
Culture, ethics and integrity (59 percent), corporate governance and tone from the top (52 percent), and conflicts of interest (49 percent) have all held their place as the top three components of conduct risk.
Measuring culture and conduct risk has proved to be challenging for firms, with a wide range of indicators used to assess culture, including compliance monitoring results, internal audit results, staff opinion surveys and complaints analysis.
G-SIFIs, in particular, were seen as using both individual performance objectives and internal attestations as cultural indicators.
Personal liability worry
For the first time, the survey considered how decision-making was being affected by the perception that regulatory focus on culture and conduct risk will increase the personal liability of senior managers.
Almost a third of firms (29 percent) reported having declined a potentially profitable business opportunity due to culture and/or conduct risk concerns, rising to 37 percent in the G-SIFI population.
The perception that the regulatory focus on culture and/or conduct risk will increase the personal liability of senior managers has increased year on year (73 percent in 2016, 70 percent in 2015, 67 percent in 2014).
In the G-SIFI population, the concern was more acute with 87 percent reporting that the regulatory focus on culture and/or conduct risk will increase personal liability.
Mature risk approach
The inter-relationship between culture and conduct risk was also explored for the first time.
Almost half (48 percent) consider culture and conduct risk to be intrinsically linked, with firms also highlighting culture as a critical factor in managing conduct risk.
Meanwhile, there are some signs of an increasingly mature approach to culture and conduct risk management, in contrast to the lack of a separate working definition for conduct risk.
More than half of firms (55 percent) reported they had an embedded framework or had implemented their firm’s approach, although additional work and resources were needed. This rose to 68 percent for G-SIFIs.
At the other end of the scale 14 percent of firms reported having neither a formal program nor resources for their firm’s approach to culture and conduct risk management.