Myriad studies of the causes of the global financial crisis suggested conduct risk failures were major contributors. This led to a call to action, championed by regulators globally, for the financial services industry to take immediate steps to improve its management of conduct risk.
Yet, 10 years after the end of the financial crisis, little seems to have changed, as evidenced by scandals in the last five years involving fake accounts, product misselling, improper collection of fees and money laundering, to name a few. Clearly, massive fines paid by financial institutions since the financial crisis — totaling more than $320 billion for global banks — appear to have had limited deterrent effect.
A Growing Trust Deficit
According to Mark Carney, the current Governor of the Bank of England and Chair of the Financial Stability Board (FSB), “. . . the incidence of financial sector misconduct has risen to a level that has the potential to create systemic risks by undermining trust in both financial institutions and markets.”
Christine Lagarde, managing director of the International Monetary Fund, has said the financial industry needs an “ethics upgrade.” For an industry that is predicated on trust, the current situation is untenable.
To restore the trust deficit, financial services companies must learn to make decisions in the pursuit of a real or perceived financial opportunity within the bounds of serving the interests of customers and market stability. In other words, institutions should refrain from pursuing their own financial interests so blindly that their actions might harm customers or the financial markets.
Conduct risk: Risk associated to the way organisations, and their staff, relate to customers and the wider financial markets
— Chartered Institute of Internal Auditors, 2018
Five Reasons for Conduct Risk Failures
Recent examinations of the failings of the industry, including those conducted by Australia’s Royal Commission and the Working Group of the FSB, have identified scores of issues. In this white paper, we analyse the root causes of conduct risk failures, focusing on five specific but interconnected areas:
- Lack of Leadership
- Poor Management of the Product Lifecycle
- Inadequate Employee Awareness/Training and Oversight Programmes
- Wrong or Inappropriate Incentives
- Inadequate Management Reporting and Escalation
Using these root causes, we will also explore various regulatory responses to the industry’s culture challenge as well as specific steps that financial institutions can take to foster the “ethics upgrade” envisioned by Lagarde.
Conduct is driven by culture and organisational culture is determined by a company’s tone at the top and actions by the top. The mission, vision and core values of nearly every financial services company state a commitment to the fair and transparent treatment of all stakeholders. However, in many financial institutions, cracks have developed in the culture that manifest themselves in different ways. For example, rules of engagement may not be adequately communicated or documented, leaving individual employees without proper guidance to determine circumstances which may give rise to potential conflicts of interest. The culture of the organisation may not encourage consultation and may, in fact, explicitly or implicitly discourage escalation of potential issues.
There may also be inconsistencies between what the company’s mission and values state and what actually happens. Misalignment can also occur when senior management fails to model behaviors it deems appropriate for others or when standards are not applied uniformly to every department, e.g., a highly profitable business unit might escape scrutiny even when it reports unexpectedly high results that should ordinarily raise red flags.
Most financial services companies have well-defined processes for evaluating the risks of new products and services. In the analysis and planning phases, companies consider a range of risks, including legal and compliance risks, operational risks, technology risks and financial risks.
However, some companies do not explicitly or adequately consider customer outcomes or market impact. Others are unwilling to walk away from or implement appropriate safeguards for potentially lucrative products or product features even when potential customer and market risks are identified. Oftentimes, as discussed more below, company staff, third-party distributors or other outsourcing vendors involved in sales or post-sale customer support are not given adequate guidance. This can be especially problematic in cases where the customers are inexperienced or vulnerable. Post-launch, some financial institutions may also fail to follow up to identify unintended impacts, such as confirming whether actual users of the product reconcile with the expected buyer market. Others simply do a poor job of following the clues provided by customer or counterparty complaints of potential or actual problems. Even when a financial institution reacts to the clues, its response may be limited or may only address the specific problem that was identified without considering the underlying root cause or whether a similar problem exists in other parts of the organisation.
In some instances, financial institution staff or other representatives (such as third-party agents) are not armed with the tools they need to ensure that customer and market interactions are conducted fairly and transparently. They may not completely understand the product features and potential impacts, or where to turn for answers to their questions. Policies and procedures may not provide adequate guidance and clarity.
The influence of incentives on behavior is one of the key lessons of the financial crisis. Yet, in too many cases, remuneration still emphasises production and revenues over conduct. When this imbalance in performance incentives cascades down into the organisation and across functions and business units, it is a proven recipe for disaster. Even where financial institutions have modified incentive plans to align compensation better with company values (and meet regulatory requirements and expectations), revamped programmes tend to apply to more senior level management and not necessarily all customer-and market-facing staff.
As discussed earlier, some financial institutions have inadequate processes for monitoring and reporting on conduct risks and have not implemented data analytic techniques to help identify root causes or perhaps even predict potential areas of risk. Escalation channels may be unclear in some companies or, worse, a company’s culture may discourage voluntary reporting of issues and problems. The result is a lack of transparency, resulting in the institution’s leaders missing and failing to act on changes in business realities.
Ultimately, these five reasons for conduct risk failures all point to the same source: a company’s culture. And changing a culture is very difficult, as most would agree.