Embed Size (px)
Citation preview
Conduct Risk Report 2015/16
Stacey EnglishSusannah HammondAshley Kovas
CONDUCT RISK REPORT 2015/162
TABLE OF CONTENTSEXECUTIVE SUMMARY 3
INTRODUCTION 4
REGULATORY DEVELOPMENTS OVER THE PAST 12 MONTHS 4
WHAT PROGRESS HAVE FIRMS MADE IN THE LAST YEAR? 7
TONE FROM THE TOP 13
NEXT STEPS FOR THE BOARD 15
PERSONAL LIABILITY 16
MONITORING AND REPORTING 19
CHALLENGES AND EXPECTATIONS FOR THE YEAR AHEAD 22
CLOSING THOUGHTS 23
risk.thomsonreuters.com 3
EXECUTIVE SUMMARYThomson Reuters third annual survey on how financial services firms are managing conduct risk has identified distinct industry-wide trends against which firms can benchmark their own progress. Compliance and risk practitioners from more than 260 financial services firms across the world, including banks, brokers, asset managers and insurers took part in the survey, which closed in Q4 2015. Given the sharpening regulatory focus on Global Systemically Important Financial Institutions (G-SIFIs), Thomson Reuters specifically asked G-SIFIs to identify themselves to enable comparison between themselves and other, smaller firms. The main points were:
• Firms are still finding the definition of conduct risk a challenge. Sixty-four percent of firms did not have a separate working definition of conduct risk. The picture is distinctly better in the G-SIFI population where less than half (43 percent) of firms had not defined conduct risk. Despite the continued challenges, the figures are an improvement on 2014, where 81 percent of firms (74 percent of G-SIFIs) did not have a definition of conduct risk.
• Despite the lack of a definition for conduct risk, there appears to be international agreement about the main components. “Culture, ethics and integrity,” “corporate governance and tone from top” together with “conflicts of interest,” are all common components. There are regional variations, though corporate governance and tone from the top is identified as a universal theme and an essential component of conduct risk.
• The perception of senior individual accountability for the delivery of conduct risk has sharpened. Seventy percent of
respondents thought that the regulatory focus on conduct risk would increase the personal liability of senior managers (80 percent in the G-SIFI population). In 2014, two-thirds (67 percent) said that conduct risk-derived personal liability would increase (75 percent for G-SIFIs).
• Board-level focus on conduct risk remains high, with half (52 percent) reporting an increase in the last 12 months. This ties in with half (51 percent) of firms having a senior manager responsible for conduct risk. In line with this, there is no let-up in the expected cost of time and resources devoted to conduct risk issues, with 63 percent of firms expecting an increase in the next year.
• There are signs of an early but growing maturity of approach to conduct risk. Although a third of firms (32 percent) report that their firm’s approach to conduct risk is in the development phase, 37 percent state that it is implemented, albeit requiring additional work and resources. G-SIFIs have done the most, with 41 percent saying their approach is implemented but still needs additional work and resources.
• The compliance function is leading on both the ownership of and accountability for conduct risk. The results have flexed over the three years of survey research, with a shift in 2015 to compliance both owning the conduct risk policy (24 percent) and being accountable for implementation (29 percent). In both instances, the board is next, with ownership (20 percent) and accountability (17 percent).
REUTERS/Toby Melville
CONDUCT RISK REPORT 2015/164
INTRODUCTION
REGULATORY DEVELOPMENTS OVER THE PAST 12 MONTHS
Conduct risk is no longer a new concept. It has become part of the new normal for regulated firms around the world, and is discussed by regulators and senior executives alike. For all the continued discussion, there are no easy solutions. While good customer outcomes and culture are often described, there is no single regulatory definition of conduct risk, which is why benchmarking is essential for firms. Compliance and risk practitioners from 260 financial services firms were surveyed between September and October 2015.
As with prior years, responses were received from across Africa, the Americas, Asia, Australasia, Europe and the Middle East. They represented banks, brokers, asset managers and insurers. Firms were not only sector-diverse and geographically widespread, but also represented a wide range of sizes, from the small to international conglomerates, and included the majority of G-SIFIs.
The results from the survey, together with actionable analysis, will enable firms to benchmark their approach, views, preparedness and expectations on the practical implications of conduct risk. Where feasible, year-on-year comparisons are provided to highlight the direction and development of conduct risk identification, management and mitigation. The report also seeks to provide deep insight into industry thinking and emerging best practices, as well as regulatory expectations.
Overall, the results show that while some progress has been made, there is still much work to do before firms expect to have completed building the tailored policies, procedures and approaches to successfully manage conduct risk.
Conduct risk as a concept was born from a post-crisis realization by regulators that the actions of firms are no more than the individual and collective actions of those who run them, the authorized firms themselves being no more than inert legal shells. As a term, “conduct risk” was invented by the UK Financial Services Authority and carried forward by its successor, the Financial Conduct Authority (FCA). In a speech in July 2015, Tracey McDermott, acting chief executive of the FCA, seemed to equate conduct risk to “risks to clients, market integrity or fair competition;” in other words, risks to the conduct regulator’s own objectives. The FCA has, however, consistently refused to define the term and continued to fail to do so in 2015.
The regulators’ conduct risk expectations for firms initially concerned having the necessary processes and the willingness to use them to identify risks affecting the firm. Increasingly however, conduct risk needs to be seen in the context of other aspects of regulatory policy; in particular “culture” and “personal responsibility,” which link and overlap with conduct risk. During 2015, there was a shift of emphasis away from firms identifying
and mitigating individual conduct risks toward establishing a more holistic means of dealing with the risks. This does not mean that firms should take their feet off the gas in identifying the risks. That remains a crucial element, even if the regulators speak increasingly about culture.
CULTURAL APPROACH TO CONDUCT RISKMuch effort was expended post-crisis in getting firms to adopt their own definition and approach to conduct risks and then to identify, measure and offset them. For example, mis-selling is a particular conduct risk in a firm that gives financial advice, particularly in the retail market. Relevant firms have therefore been encouraged to look closely at their advisory processes and make all reasonable repairs toward ensuring that any advice given will meet the standards required. Product provider firms have similarly had to address the risks of poor product governance.
“A firm’s culture is the key driver behind the behavior of those in it. In many cases, where things have gone wrong in a firm, a cultural issue is at the heart of the problem.”
Chairman’s foreword, UK Financial Conduct Authority (FCA) Business Plan 2015/16
“In conclusion: financial institutions, national authorities, and the international community have begun to respond to the issue of ethics in finance. Still, swifter action is needed to restore trust in the financial sector. The public needs reassurance that misconduct issues that caused the failures in institutions and markets in the past few years have been dealt with.”
Speech: “The Role of Personal Accountability in Reforming Culture and Behavior in the Financial Services Industry,” Christine Lagarde, managing director, International Monetary Fund, November 2015
risk.thomsonreuters.com 5
For their part, regulators must challenge the conduct risks presented by individual firms and sectors. Steven Maijoor, chair of the European Securities and Markets Authority (ESMA), said in June 2015 that ESMA “... must apply a broad and forward-looking view to effectively assess the risks arising from the conduct of financial firms. Too many examples can be provided to illustrate that poor conduct of and within financial firms can have great adverse impact on consumers and consumer confidence. A continuous effort should be made to ensure that industry participants conduct themselves in a way that is consistently in the interests of their clients.”
Maijoor went on to say: “The conduct of financial firms is shaped by many diverse drivers, for example: conflicts of interests, regulatory differences across sectors and tax incentives.”
Regulators around the world are on notice of the need to devote sufficient resources to understanding and challenging firms about their conduct risks, as well as looking at aggregate risks across industry sectors and markets more generally. As firms continue to deal with the challenges of conduct risk, further guidance is emerging that can be leveraged across sectors and geographies. In the summer of 2015, the FCA, which has taken something of a lead on conduct matters, set out five “conduct questions” to assist firms in deciding whether they are doing enough:
1. HOW DO YOU IDENTIFY THE CONDUCT RISKS INHERENT WITHIN YOUR BUSINESS?
Firms cannot hope to mitigate risks until they are identified. The FCA noted that the investigation into FX manipulation revealed many of the same issues as were found following the Libor case, suggesting that firms had not learned from past experience.
2. WHO IS RESPONSIBLE FOR MANAGING THE CONDUCT OF YOUR BUSINESS?
Firms need to encourage employees to feel responsible for actually managing the conduct of the firm’s business.
3. WHAT SUPPORT MECHANISMS DO YOU HAVE TO ENABLE PEOPLE TO IMPROVE THE CONDUCT OF THEIR BUSINESS OR FUNCTION?
Firms need to create mechanisms that are specific to them. The mechanisms can exist in any form, for example new product approval committees for product providers. Training and induction processes may be relevant to set out the firm’s expectations of its staff.
4. HOW DO THE BOARD AND EXECUTIVE COMMITTEES GAIN OVERSIGHT OF THE CONDUCT OF THE ORGANIZATION?
The information flow up the hierarchy of the organization is important. Boards need to take conduct implications into account in every decision they make. The board’s own decisions are as much a source of risk as decisions taken elsewhere in the firm.
5. ARE THERE ANY PERVERSE INCENTIVES OR OTHER ACTIVITIES THAT MAY UNDERMINE ANY STRATEGIES PUT IN PLACE TO ANSWER THE FIRST FOUR QUESTIONS?
This is a catch-all question. The CEO is rarely a role model for employees, because the CEO is not able to interact meaningfully with every employee. Instead, the role models
tend to be the more proximate “stars” of the firm: the top trader or the desk head.
CULTUREThis link between culture and conduct is becoming an interna-tional theme. John Price, commissioner at the Australian Securities and Investments Commission (ASIC), said in September 2015: “ASIC is concerned about culture because, together with financial incentives, it can be a key driver of conduct within the financial system. Given that there often is a strong connection between poor culture and poor conduct, we consider poor culture to be a key risk area with respect to our role as a conduct regulator.”
The hope, therefore, is that by making the necessary changes to culture, firms will reduce the conduct risks they present.
William C. Dudley, president and CEO of the Federal Reserve Bank of New York, echoed this view in November 2015, saying: “It is the culture within the firm that influences the behavior of its staff. While regulators can set rules on what is permissible, it is not possible to impose rules to promote a certain corporate culture. The changes have to come from within.”
ASIC, however, may have a more intrusive intention as to culture. The Australian Commonwealth Criminal Code recognizes the concept of “corporate culture.” Greg Medcraft, ASIC chairman, told the Australian Senate in June 2015 that s 12.3 of the Code means “a company can be responsible for a breach of certain commonwealth laws if the company’s culture encouraged or tolerated the breach.” Culture is defined as “an attitude, policy, rule, course of conduct or practice.”
Medcraft said: “We think that when an officer breaches a law ASIC administers, and culture is responsible, then the officers and the firm should be responsible. We think the officer and the firm should be subject to civil penalties and administrative sanctions, as accessories. We think the same offense should be able to be actioned by ASIC in the civil courts just like we can do now for other market misconduct.”
Medcraft’s comments conveniently lead in to a broader consider-ation of personal liability.
PERSONAL LIABILITYThe culture-change imperative is a matter on which firms must take the lead, as Dudley pointed out. Making people accountable for their actions is more a matter for the regulator. As just one example of regulatory change in the UK, banks are in the final stages of preparing for the new senior managers regime (SMR) which will, through the development of responsibilities maps, make it easier for the regulators to take action against individuals where things go wrong. The SMR will be rolled out to banks and insurers on 7 March 2016 and all other UK regulated firms in 2018.
The supranational policymakers are also focused on individual accountability. The International Organization of Securities Commissions (IOSCO) in June 2015, published “Credible Deterrence in the Enforcement of Securities Regulation,” which stated that “deterrence is credible when would-be wrongdoers perceive that the risks of engaging in misconduct outweigh the rewards and when non-compliant attitudes and behaviors are discouraged. Deterrence occurs when persons who are contemplating engaging in misconduct are dissuaded from doing so because they have an expectation of detection and that
CONDUCT RISK REPORT 2015/166
detection will be rigorously investigated, vigorously prosecuted and punished with robust and proportionate sanctions.”
IOSCO also said that holding individuals and entities accountable “promotes public confidence in financial services and is a key factor in the development of efficient markets, financial services and economies.” Any jurisdictions that do not currently operate a model of individual responsibility and accountability are likely to come under increasing pressure to do so in the future. That said, many international firms are already putting in place policies, procedures and protocols to manage personal regulatory risks no matter where in the world they arise.
REGULATORY AIMSSenior managers’ attention has at least for the last few decades been aimed solidly at the objective of shareholder value maximization. Through their actions on conduct risk, culture and personal liability, regulators are sending the message that firms must manage themselves responsibly in the interests of a wider range of stakeholders, respecting the interests and rights of customers, markets and competition. The friction between profit and wider stakeholders is not new but has been given greater visibility through the financial crisis. Regulators worldwide recognize that these matters are impossible to regulate in detail through rules, and that firms themselves must take the lead in the processes for conduct risk management and for establishing a viable corporate culture. Although the regulators cannot play a direct role in this process, they stand ready to take action against individuals where necessary.
The international regulatory expectation was summed up by Medcraft in a speech at the annual dinner of the Paddington Society in Sydney, Australia, where he told those present:
“Cleaning up culture can be looked at as a stick versus carrot issue.” Specifically, he said, “First, the carrot. Many organizations have a solid culture and for those who fall short, ASIC wants to work with those groups to help them create the right culture, including sharing with boards and management when ASIC’s surveillance identifies cultural problems.
“In other words, we are providing the right ‘nudge’ to business, and making sure the dots are connected from the top to all levels of an organization.
“We encourage boards and management to think about the 3 Cs of good conduct – that is:
• communicating from the top on what is expected
• challenging whether the culture is achieving the desired outcome, and
• complacency — ensuring there is no complacency.
“Conduct should be continually reviewed, enforced and validated.”
ENFORCEMENT ACTIONSThe absence of a generally accepted definition of “conduct risk” means that it is impossible to classify all enforcement actions as being either inside or outside the meaning of “conduct risk.” Despite the uncertainty around the edges of the definition, there are certain recent cases that might be considered to be squarely within its meaning, such as cases involving:
• the culture of the firm, in the way it encourages the firm’s employees to engage with customers or, in some jurisdictions, with markets
• the firm’s strategy, where a flawed strategy leads inevitably to customer or market detriment
• direct contact between the firm and its customers or markets; for example, enforcements relating to mis-selling will fall into this category
UKThe Moorhouse Group was fined £159,000 by the FCA for failings in the oversight of its sales of commercial vehicle add-on products. The FCA was concerned at the low-profile role of compliance, which was not given an opportunity to raise issues at board level. This case engaged all three of the conduct risk touchpoints referred to above. The firm was placing its own profit-related interests ahead of customers’ well-being as a matter of culture and strategy. There were cases of inaccurate recording of data provided by customers during the sales process as a means of justifying the sales.
Barclays Bank and Deutsche Bank were fined £284 million and £227 million, respectively, for foreign exchange manipulation. The former CEO of an institution already disciplined for manipulation was personally fined £210,000 and prohibited from performing significant influence functions in the future.
UNITED STATESThe Office of the Comptroller of the Currency (OCC) applied a penalty of $30 million to Bank of America concerning the bank’s “unsafe or unsound practices” in connection with its compliance with the Servicemembers Civil Relief Act (SCRA). The bank failed to have effective policies and procedures to comply with the SCRA, nor did it devote sufficient resources to ensure proper compliance. Compliance processes, internal controls, compliance risk management, internal audit, third-party management and training were all considered inadequate. Violations of the SCRA were also noted.
The bank filed affidavits made by its employees that incorrectly represented that certain assertions were made on the basis of personal knowledge or were based on reviews of books and records. A large number of filed affidavits did not follow proper
“While firms may have their own definition of ‘firm culture,’ we use it here to refer to the set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm’s business. A firm’s culture is both an input to and product of its supervisory system, including its approaches to identifying and managing conflicts of interest and ensuring the ethical treatment of customers. This means that firms should take visible actions that help mitigate conflicts of interest, and promote the fair and ethical treatment of customers.”
U.S. Financial Industry Regulatory Authority (FINRA) 2016 Regulatory and Examination Priorities, January 2016
risk.thomsonreuters.com 7
The need to define conduct risk is critical and while it has not prevented firms from putting in place a range of conduct risk policies, procedures, training and monitoring, the work is more difficult without a working, firm-specific conduct risk definition. Firms are making progress, and over the three years of Thomson Reuters analysis on conduct risk, the trend is positive. That said, regulators are unlikely to have infinite patience with firms that
have not undertaken the challenging task of defining exactly what conduct risk means for their organization.
The three years of survey data suggest a distinct trend toward more firms having a separate working definition of conduct risk. That trend becomes a clear turnaround when the results for the G-SIFI population are considered separately, with more than half (57 percent) now having a working definition of conduct risk.
WHAT PROGRESS HAVE FIRMS MADE IN THE LAST YEAR?
notary procedures. The OCC concluded that failings “were, in part, the result of deficiencies in the bank’s enterprise compliance risk management function, including deficiencies with respect to independent testing, governance routines, risk management, and oversight.”
MIDDLE EASTThe Dubai Financial Services Authority (DFSA) fined Deutsche Bank $8.4 million for serious failures in the bank’s internal governance and systems and controls and in its take-on and anti-money laundering processes. The DFSA found that Deutsche Bank “was aware that its Private Wealth Management Business (PWM) was operating in breach of DFSA requirements, but did not take adequate steps to address the issue.” Additionally, the bank provided false information to the DFSA on several occasions “about the nature and scope of activities undertaken by PWM.”
ASIAThe Hong Kong Securities and Futures Commission (SFC) fined various JPMorgan companies a total of HK$30 million for their failure to implement adequate systems and controls to ensure compliance with the rules applicable to:
• short selling activities
• client facilitation and principal trading business
• operation of dark liquidity pool trading services
Additionally, the reporting structure in the client facilitation and principal trading business exhibited “potential conflicts under which the trading desks responsible for handling agency orders had a reporting line to two senior managers who were also facilitation traders prior to August 2012. However, JPMorgan did not put in place effective systems and controls to guard against potential misuse or abuse of client agency order flow information by the facilitation traders.”
“The intensity and volume of regulatory activity over recent years is not sustainable – for regulators or for the industry.
“… [w]e are often told that boards are now spending the majority of their time on regulatory matters. This cannot be in anyone’s interests. If that continues indefinitely we will crowd out the creativity, innovation and competition which should present the opportunities for growth in the future.”
Speech: “The Rapidity of Change,” Tracey McDermott, acting chief executive, UK FCA, October 2015
DOES YOUR FIRM HAVE A SEPARATE WORKING DEFINITION OF CONDUCT RISK?
Yes
No16+84 19+81
64+3684%
16% 19%
2013 2014 2015
81%
36%
64%
CONDUCT RISK REPORT 2015/168
Firms without a working definition of conduct risk could do worse than to look to regulators around the world. Although no regulator will give a ready-made definition, there is clear guidance as to the likely parameters.
There is, for instance, a potentially substantial overlap with operational risk, which is defined by the Basel Committee on Banking Supervision (BCBS) as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” The BCBS definition explicitly includes legal risk and excludes strategic or reputational risk. There may, therefore, be considerable overlap between operational and conduct risk, although conduct risk does include strategic and reputational risks. The BCBS publications are primarily aimed at banks around the world, but the application of much of the conduct guidance issued is considerably wider. For those firms not currently required to build and maintain a formal operational risk process, the focus on conduct risk in effect requires its development.
In common with other regulators, the UK FCA has not defined conduct risk, but it has been transparent about both its general approach to regulation and what it hopes to achieve by its focus on conduct risk, particularly in the aftermath of the financial crisis. Firms can use this transparency to begin to build their own working definitions.
Most regulators around the world have objectives that include consumer protection and market integrity. The need for consistently good outcomes for customers of financial services firms is the central tenet of regulation. It is widely understood that conduct risk is overarching, and perhaps the broadest definition of conduct risk could be encapsulated as “all risks associated with activity by the firm which could threaten consumer protection or market integrity.”
The necessarily broad proposed definition deliberately brings into scope activities that are more indirect in their impact on
consumers and markets. Setting the firm’s strategy is a good example of that. Regulators certainly expect firms to understand how their business strategy will affect consumers and markets, yet the activity of setting strategy is of itself remote from consumers and needs to be implemented to touch them.
Technology risk is another area of regulatory concern, but consumers’ interaction with firms through technology by definition takes place without any human contact from those firms. Nevertheless, regulators again expect firms to understand how their technology will affect consumers and markets. The fines imposed late in 2014 on Royal Bank of Scotland, NatWest and Ulster Bank in the UK and the Republic of Ireland for banking system failures that resulted in substantial customer detriment are a prime example of where the systemic failure of technology led to conduct risks arising on both the customer outcomes and market integrity elements of the proposed definition.
“Those we regulate should focus on creating a customer-centric culture to prioritize the long-term best interests of investors and financial consumers.”
Greg Medcraft, chairman of ASIC, ASIC’s Corporate Plan 2015-16 to 2018-19
“Cyber security is an issue of profound importance in today’s technology-driven world. What was once a problem only for IT professionals is now a fact of life for all of us.”
Speech: “A Threefold Cord — Working Together to Meet the Pervasive Challenge of Cyber-Crime,” Luis A. Aguilar, former commissioner at the U.S. Securities and Exchange Commission, June 2015
DOES YOUR FIRM HAVE A SEPARATE WORKING DEFINITION OF CONDUCT RISK (G-SIFI)?
Yes
No57+4343%
57%
2015
risk.thomsonreuters.com 9
Data protection regulators are similarly concerned with good customer outcomes. As just one example, the UK Information Commissioner’s Office issued a £180,000 civil monetary penalty against The Money Shop in August 2015 for inadequate systems and controls related to storing computer servers containing personal and financial details of customers.
Firms appear to have become more realistic as to the progress made in their organization’s approach to conduct risk management. The results are remarkably consistent for 2014 and 2015 and show a leveling out of approach compared with the early days of conduct risk in 2013. It is potentially a matter of concern that 16 percent of firms in both 2014 and 2015 do not have a formal program or resources in place to tackle the challenges of conduct risk. These firms, as well as those reported as being in the development stage, need to consider how best to swiftly allocate sufficient skilled resources to assess, define and implement an appropriate approach to conduct risk identification, management and mitigation.
There were some regional outliers in the responses. The Middle East was more optimistic in its assessment of maturity, with one-third (33 percent) reporting that an embedded framework and resources were in place for the management of conduct risk. At the other end of the spectrum, more than half (53 percent) of Australasian responses reported that conduct risk management was still in the development stage.
Firms that have embedded conduct risk frameworks and resources in place are likely to achieve good customer outcomes far more consistently, leading to business growth and fewer regulatory difficulties for both the firm itself and its senior managers.
In the absence of a working definition of conduct risk for nearly two-thirds (64 percent) of firms, there has still been a significant amount of conduct risk-related change for firms in the past year. It is perhaps a sign of the growing maturity of conduct risk approaches that both risk appetite statement and tone from the top communications have declined slightly year on year, suggesting that more firms tackled those areas in 2014.
IN YOUR OPINION, HOW MATURE IS YOUR ORGANIZATION’S APPROACH TO CONDUCT RISK MANAGEMENT?
45%30% 40%25% 35%20%15%10%5%
11%
2015
2014
50%
15%
16%
16%
16%
31%
32%
10%
46%
37%
37%
14%
14%
1%
3%
1%
2013
0%
In the development stage
We do not have a formal program or
resources
Immature
Implemented, but requires additional work and resources
Robust and embedded framework and resources in place
Other
CONDUCT RISK REPORT 2015/1610
EXAMPLES OF FIRM-SPECIFIC CONDUCT RISK RELATED DEFINITIONS TAKEN FROM FIRMS’ WEBSITES, FALL 2015
AVIVA (Annual Report 2014) For the purposes of risk identification and measure-ment, and aligned to Aviva’s risk policies, risks are usually grouped by risk type: credit, market, liquidity, life insurance, general insurance, asset management and operational risk. Risks falling within these types may affect a number of metrics including those relating to balance sheet strength, liquidity and profit. They may also affect the performance of the products we deliver to our customers and the service to our customers and distributors, which can be categorized as risks to our brand and reputation or as conduct risk.
BANK OF TOKYO MITSUBISHI (MUFG Report 2015 – Integrated Report)Risk of damage to corporate value as a result of negative impact on the public interest, effective competition, market integrity, or customer protection, due to inappropriate response to laws and regulations or insufficient attention to the viewpoint of customers.
BARCLAYS BANK (Annual Report 2014) Conduct risk: detriment is caused to our customers, clients, counterparties, or the Bank and its employees through inappropriate judgment in the execution of our business activities.
CREDIT SUISSE (Annual Report 2014)Conduct risk is primarily addressed through specific supervisory controls implemented across the Group and targeted training activities. We seek to promote good behavior and conduct through the Group’s Code of Conduct, which provides a clear statement of the ethical values and professional standards as a basis for maintaining and strengthening our reputa-tion for integrity, fair dealing and measured risk-taking, and the set of business conduct behaviors.
LLOYDS BANKING GROUP (Annual Report 2014)Conduct risk is defined as the risk of customer detri-ment or regulatory censure and/or a reduction in earnings/value, through financial or reputational loss, from inappropriate or poor customer treatment or business conduct.
RBS (Annual Report 2014)Conduct risk is the risk that the behavior of RBS and its staff towards customers, or in the markets in which it operates, leads to unfair or inappropri-ate customer outcomes and results in reputational damage, financial loss or both. The damage or loss may be the result of breaches of regulatory rules or laws, or of failing to meet customers’ or regulators’ expectations.
ROYAL BANK OF CANADA (Annual Report 2015)
We define Risk Conduct and Culture as a shared set of behavioural norms that sustain our core values, protect our clients, safeguard our shareholders’ value, and support market integrity and stability from undue risk. The desired Risk Conduct and Culture flows from RBC Values, Code of Conduct and Risk Management Principles, which include: Integrity; Accountability for risk management; Compliance with risk policies; Integration of risk in decision-making; Timely escalation and reporting of risk issues; and Communication of risk issues.
SANTANDER (Annual Report 2014) Conduct risk is the risk that Santander UK’s deci-sions and behaviours lead to a detriment or poor outcomes for our customers and that Santander UK fails to hold to and maintain high standards of market integrity.
risk.thomsonreuters.com 11
THE GREATEST CONDUCT RISK CHALLENGES YOU EXPECT YOUR BOARD TO FACE IN THE NEXT 12 MONTHS ARE:
There were more developments in the past year in terms of board-level appointments and accountability, the creation of specific conduct risk teams, the implementation of training, and the introduction of new policies and software solutions than the year before. Senior executives are seen to be stepping up to handle the expected increase in personal accountability, with 32 percent of firms reporting that they had made board-level appointments and accountability for conduct risk (18 percent in 2014).
On the other side, there is a tailing off of changes for both the implementation of the risk appetite statement and tone from the top communications, suggesting a growing maturity of the strategic approach to conduct risk and a move toward the actions
needed to implement and embed a firm’s agreed stance on conduct risk. That said, it is a matter of continuing concern that 17 percent (18 percent in 2014) of firms appear not to have done anything in the previous year to begin to address conduct risk issues. It may be a question of how regulatory expectations are being communicated, but in South America, 42 percent reported that they had not made any conduct risk-related changes in the last year.
North American respondents reported a doubling of board-level appointments and accountability in the last year, with 28 percent in 2015 versus 14 percent in 2014. North America also bucked the trend on tone from the top communications, reporting an increase from 34 percent in 2014 to 45 percent in 2015.
IN THE LAST 12 MONTHS WHAT CHANGES HAS YOUR ORGANIZATION MADE TO ADDRESS CONDUCT RISK ISSUES?
Board level appointment
and accountability
45%
30%
40%
25%
35%
20%
15%
10%
5%
2014
50%
18%2015
Created conduct risk
team
Implemented specific training,
please specify
Implemented new policies,
please specify
Implemented software
solutions to manage and
report on specific conduct
risks
Risk appetite statement
implemented including
conduct risk
Tone from the top
communications
None Other
32%
24%25%
32%
39%40%
46%
15%17% 17%
32%
29%
48%
45%
18%
6%6%
0%
CONDUCT RISK REPORT 2015/1612
IN YOUR FIRM WHAT ARE CONSIDERED TO BE THE KEY COMPONENTS OF CONDUCT RISK?
Given the sheer breadth of the potential scope of conduct risk, it is to be expected that the range of key components continues to be wide. The top three components have remained consist-ently as:
• culture, ethics, and integrity
• corporate governance and tone from the top
• conflicts of interest
Corporate governance and tone from the top is the only one of the overall top three components to be highlighted as a key
component in all regions. In Asia, the Middle East and South America, financial crime was seen as a fundamental part of conduct risk, with anti-money laundering, bribery and corruption, and fraud all featuring as one of the top three components. For the UK and Europe “good customer outcomes” is one of the top three, which is in line with the local regulatory language.
In the G-SIFI population, the top components were corporate governance and tone from the top, conflicts of interest, and strategy, followed by culture, ethics and integrity.
REUTERS/Eddie Keogh
risk.thomsonreuters.com 13
TONE FROM THE TOP
Many firms have included their definitions and approaches to conduct risk on their websites. Equally, there is often also
transparency on the tone being set from the top of the largest financial services firms.
“We must therefore complete the cultural transformation of the Group. There can be no retreat from becoming a values-driven organization which conducts itself with integrity at all times. My ambition is to restore Barclays to its rightful standing — successful, admired and well-regarded by all.”
Extract from new chief executive Jes Staley’s memo to Barclays staff, October 2015
The appropriate tone from the top of an organization is critical for all aspects of business. When it comes to qualitative issues such as conduct risk, the tone from the middle is equally critical. Those at the top of a firm need to have consistent lines of sight to all risks being run and the measures taken to identify, mitigate and manage them, together with any residual issues. For quantitative measures this line of sight is, for many firms, a well-trodden path where all concerned understand what is required and how to measure it. It is not so simple with the qualitative criteria relating to conduct risk, where context is crucial and existing suites of management information often have to be re-evaluated.
Given the apparent progress made on the working definition of conduct risk and the slight decline in firms reporting that tone from the top communications had changed in the last year, it is somewhat of a concern that more progress has not been made by boards in setting the appropriate cultural and governance messages. This is picked up by the responses from G-SIFI firms, where 41 percent reported that the appropriate cultural and governance messages in the tone from the top are fully developed and embedded.
“Regulators can set standards and provide some external checks and balances. But there is no substitute for internal governance and controls that are designed to achieve the desired behavioral change across the entire firm.”
Norman T. L. Chan, chief executive, Hong Kong Monetary Authority, April 2015
DOES THE TONE FROM THE TOP SET BY THE BOARD SET THE APPROPRIATE CULTURAL AND GOVERNANCE MESSAGES?
24+40+25+8+3 Yes, fully developed and embedded
Tone from the top still being developed
Yes, but still to fully embed
No
Other26+37+27+8+240%
2014
24%8%
25%
3%
2015
37%
26%8%
27%
2%
CONDUCT RISK REPORT 2015/1614
Firms may not have seen an increase in tone from the top communications in the last year, but it is clear that boards have spent some time considering the implications of conduct risk. More than half (52 percent) of firms reported that the amount
of focus on conduct risk at board level has increased in the last year. As the approach to conduct risk around the world begins to mature, however, firms can perhaps anticipate that this degree of board focus will level out somewhat.
A formal risk appetite statement is not a mandatory requirement for all types of financial services firms around the world. That said, it is increasingly likely that all firms will consider their strategic risk at board level and, as such, they would be well advised to include conduct risk considerations. The results
regarding the development of a formal risk appetite statement, agreed upon at board level, which include conduct risk, have remained remarkably static over the last three years. Conduct risk is an all-encompassing risk for firms and, as a matter of course, needs to be included in any risk appetite statement.
AT BOARD LEVEL THE AMOUNT OF FOCUS ON CONDUCT RISK HAS:
HAS YOUR FIRM DEVELOPED A FORMAL RISK APPETITE, AGREED AT BOARD LEVEL, WHICH INCLUDES CONDUCT RISK?
26%
Increased post-crisis and remains high
Increased over the last year
2013 2014
60%
50%
40%
30%
20%
10%
0%
Not increased over the last year
The board does not consider conduct risk matters
2015
44%
23%
7%
17%
51%
23%
9%
20%
52%
21%
7%
Yes
Yes, but doesn’t include conduct risk
No
Other44+26+27+344+28+2846+24+3044%
26%
27%
3%
2013 2014 2015
28% 30%
28% 24%
44% 46%
risk.thomsonreuters.com 15
NEXT STEPS FOR THE BOARD
There are many issues that require constant attention from the board of a financial services firm, and probably none more so at the current time than conduct risk. The appropriate tone from the top needs to be set and then translated into a consistent “mood in the middle” to ensure that the messages – so carefully thought out around the board table – are clearly and consistently communicated throughout the firm. The challenge here can come when the performance expectations of middle management are linked to targets based principally on financial performance. Continued investment needs to be made into building and refining the working definition of what conduct risk means to the firm and how, in practical granular detail, that becomes functionally embedded in the day-to-day business activities.
If that were not enough, boards also need to understand and challenge management information on conduct risks and engage with regulators to ensure that consistent, conduct risk-aware expectations and communications are in place.
The next steps for the board in terms of conduct risk were summed up by William R. Rhodes in November 2015 at the New York Federal Reserve Bank’s Workshop, “Reforming Bank Culture: Thoughts on the G30 Report:”
“Banking with integrity demands actions that go beyond regulatory compliance. The key points are that reforms must be:
• comprehensive;
• driven and communicated by the board of directors and senior managers;
• consistently implemented at all levels in the bank down to the lowest level employees; and
• efficiently monitored.”
Boards are specifically tasked with defining and communicating the strategy for the business. Although the vast majority of respondents have reported that the conduct risk factors are considered either completely or partially as part of business strategy, regulatory expectations are likely to drive more firms
toward a comprehensive assessment of conduct risk as an inherent part of strategy. G-SIFIs are further down this path, with 63 percent reporting that conduct risk factors are considered when business strategy is being discussed.
ARE CONDUCT RISK FACTORS CONSIDERED WHEN BUSINESS STRATEGY IS BEING DISCUSSED?
Yes
No
In part
Don’t know50+11+31+843+11+34+1247+12+31+1050%
11%
31%
2013 2014 2015
35% 31%
11% 12%
43% 47%
8% 11% 10%
CONDUCT RISK REPORT 2015/1616
There is an international focus on greater personal accountability for senior individuals. In the UK, the first phase of the new senior managers regime comes into force in March 2016. In the United States, the September 2015 publication of the Yates memo (and subsequent update to the U.S. Attorneys’ Manual) reiterated the link between individual accountability and corporate wrongdoing. Sally Quillian Yates, deputy attorney general at the U.S. Department of Justice, stated:
“One of the most effective ways to combat corporate misconduct
is by seeking accountability from the individuals who perpetrated the wrongdoing. Such accountability is important for several reasons:
• it deters future illegal activity;
• it incentivizes changes in corporate behavior;
• it ensures that the proper parties are held responsible for their actions; and
• it promotes the public’s confidence in our justice system.”
PERSONAL LIABILITY
Just who is seen to own conduct risk policy in firms has tended to ebb and flow during the three years covered by the survey. Perhaps the most notable shift has been a move away from board ownership, with responsibility passed to a board subcommittee. What has remained consistent is that around
one-quarter (24 percent) of firms continue to report that it is the compliance function that owns the conduct risk policy in their firm. One outlier is South America, where 42 percent reported that compliance owned the conduct risk policy.
WHO OWNS THE CONDUCT RISK POLICY IN YOUR ORGANIZATION?
The Board
30%
25%
20%
15%
10%
5%
2013
28%
2014
Board sub-committee
Compliance Risk HR Line management
Everyone No policy Other0%
2015
27%
20%
9%10%
22%
25%24%
17%
11%
15%
3% 3% 3%
4% 4%
17%
14%15%
9%10% 10%
risk.thomsonreuters.com 17
Taken together, firms are relying heavily on their compliance functions both to own and implement conduct risk policy within their organizations. Within the figures are a number of regional variations, with both Asia and Africa reducing their reliance on the compliance function year on year. In Asia, 25 percent
(44 percent in 2014) reported compliance as accountable, with similar figures for Africa (23 percent in 2015 and 40 percent in 2014). For both regions, the accountability is reported as having shifted to the risk function.
WHO IS ACCOUNTABLE FOR IMPLEMENTING THE CONDUCT RISK POLICY IN YOUR ORGANIZATION?
DO YOU HAVE A SENIOR RISK MANAGER RESPONSIBLE FOR CONDUCT RISK?
30%
40%
25%
35%
20%
15%
10%
5%
2014
19%
2015
0%The Board Board sub-
committeeCompliance Risk HR Specific conduct
risk area/teamNamed senior
managerOther
17%
7%
12%
36%
29%
14%15%
6% 6%5%
7%
17%
10%
2013 2014 2015
60%
50%
40%
30%
20%
10%
54%
Yes
No
0%
46% 46%
54%51%
49%
CONDUCT RISK REPORT 2015/1618
The results are remarkably consistent, with around half (51 percent) of firms having a named senior manager responsible for conduct risk. A regional outlier is Australasia, where respondents
reported that only 28 percent had named a senior manager responsible for conduct risk.
Conduct risk is seen as a key driver of greater personal liability for senior managers. Accountability was felt even more acutely by G-SIFIs, where 80 percent (75 percent in 2014) reported that the regulatory focus on conduct risk would increase the personal liability of senior managers.
There are some regional variations regarding the expected increase in personal liability related to conduct risk, with the UK and Europe (74 percent) and North America (73 percent) at one end of the scale and South America (58 percent) and the Middle East (56 percent) at the other.
As there is no one-size-fits-all definition of, and approach to, conduct risk, there is no single way to offset the associated increased personal liability. That said, training is seen to be an essential part of any successful approach to conduct risk management. Ideally, given the near-universal reach of conduct risk, any associated training should be equally broad in its reach. The G-SIFI population has gone furthest in embracing this approach, with 56 percent of respondents reporting that conduct risk training has been rolled out to all staff.
The acknowledged need for training should become a priority for many firms in the coming year. In North America in particular, the assessment that training is needed has risen from 33 percent in 2014 to 53 percent in 2015.
Even those firms that have already implemented training will need to consider how best to refresh the messages on a regular basis. Equally, firms should ensure that scrupulous training records are maintained to evidence the investment made in educating staff on conduct risk issues.
Just more than half of respondents have implemented some training on conduct risk. More than one-third have not, but know they need to. Firms have concentrated on raising awareness of conduct risk, with 46 percent implementing new policies and 39 percent undertaking specific training. Again the G-SIFIs are reported as having done more toward conduct risk compliance, with 59 percent rolling out training.
DO YOU THINK THAT THE REGULATORY FOCUS ON CONDUCT RISK WILL INCREASE THE PERSONAL LIABILITY OF SENIOR MANAGERS?
2014 2015
60%
50%
40%
30%
20%
10%
Yes
No
0%
Don’t know
70%
80%
67%
12%
21%
70%
11%
19%
risk.thomsonreuters.com 19
MONITORING AND REPORTING
By definition, conduct risk is a qualitative concept and, as such, presents a number of challenges with regard to measurement, monitoring and reporting. Management information on conduct risk will never be static, but rather always evolving in line with the business activities and risk appetite of the firm.
Firms would be well advised to benchmark the constituent parts of their approach against the indicators used by survey respondents. If nothing else, if there are indicators highlighted that a firm is not using, it may well be worthwhile assessing the potential benefits of that source of information. There is a fair degree of variation between both the G-SIFI and regional results – in particular regarding the use of staff opinion surveys.
At one end of the spectrum, the G-SIFI population reported that 63 percent used staff opinion survey results to assess culture; toward the other end, only 34 percent of North American and 26 percent of South American respondents reported using the staff opinion survey as an indicator.
Overall, the most popular metrics used for assessing culture were complaints, staff opinion surveys, compliance monitoring and internal audit results. One indicator that perhaps may be new to some firms is the use of HR disciplinary action, which 23 percent of firms reported as a qualitative cultural indicator.
WHAT INDICATORS DO YOU USE TO ASSESS CULTURE?
HAS YOUR FIRM IMPLEMENTED TRAINING ON CONDUCT RISK?
2015
2014
Other
No – not needed
No, but we know training is needed
Yes – just to senior managers
Yes – just to the Board
Yes – to all staff
30% 40%25% 35%20%15%10%5%0%
35%
38%
3%
2%
10%
11%
35%
37%
11%
5%
6%
7%
CONDUCT RISK REPORT 2015/1620
Although 52 percent of firms reported that their board had spent more time overall on conduct risk in the previous year, there has not been a similar increase in the frequency of board review of conduct risk issues. There has been an increase in the monthly, or more frequent, review by boards, with G-SIFIs reporting that 20 percent (18 percent in 2014) have conduct risk reviewed at least monthly by their board. There were regional swings both ways. In Asia, 23 percent reported review by the board at least monthly, up from 6 percent in 2014, a finding backed up by the results of the voting at the Pan Asian Regulatory Summit held in October 2015. The audience was polled on the biggest areas of focus for regulation in Asia for 2016 with conduct risk coming out on top.
Similarly, in the Middle East, 20 percent of firms reported an at least monthly review by the board, up from nil in 2014. The Middle East also saw the biggest drop in an annual consideration at 10 percent, down from 66 percent in 2014.
It would appear that firms around the world are flexing their approach to board reporting to find a protocol that best meets their individual needs. Care needs to be taken to ensure that boards receive timely, accurate and clear information on the risks being run in the business, and boards themselves should be involved in the decision-making about what reporting they receive and how often. Boards need to challenge the management information presented to ensure that the reporting remains relevant to its governance needs.
ASK THE AUDIENCE RESPONSES TO: “WHAT WILL BE THE BIGGEST REGULATORY FOCUS IN ASIA FOR 2016?” – Pan Asian Regulatory Summit (October 2015)
Conduct Risk
Fraud/Anti-Bribery & Corruption
Senior Management Responsibility
Anti-Money Laundering
Client On-Boarding (KYC)
30+18+15+20+1730%
18%15%
20%
17%
HOW OFTEN DOES YOUR BOARD REVIEW CONDUCT ISSUES?
30%
40%
25%
35%
20%
15%
10%
5%
2014
10%
2015
0%At least monthly Quarterly Annually Ad hoc Never Other
14%
34%
32%
11%9%
8% 7%
12%
15%
25%
23%
risk.thomsonreuters.com 21
Taken over the three years, there is a growing trend away from the aggregation of risk and control reports on conduct risk to the board. While each risk and control area needs to ensure its work is appropriately reported to the board, there is a real danger of confusion if functions report separately on issues in a potentially inconsistent way, and if all the management information is not pulled together to present a single, coherent view to the board on conduct risk.
The quality of management information has been a cause of concern for a number of policymakers and regulators. Specifically,
the FSB found board reporting to be “voluminous and not easily understood.” Even the G-SIFI population, which has in other areas shown itself to be potentially more closely aligned with regulatory expectations, has seen an increase in un-aggregated reporting, with 34 percent responding “no,” up from 11 percent in 2014. Considering the depth of the challenges associated with reporting on conduct risk issues, it’s understandable that firms are finding it difficult to streamline the information flow to the board.
Given the responses throughout the survey, it is not surprising that the vast majority of respondents expect the cost of time and resources devoted to conduct risk either to stay the same or increase in the coming year. A clear majority of 63 percent
expects an increase, with 20 percent expecting a significant rise in the costs associated with conduct risk issues. In the G-SIFI population, 29 percent are expecting a significant rise, although 64 percent are expecting an increase.
FOR CONDUCT RISK, ARE REPORTS TO THE BOARD FROM THE RISK AND CONTROL FUNCTIONS AGGREGATED?
OVER THE NEXT 12 MONTHS, I EXPECT THE COST OF TIME AND RESOURCES DEVOTED TO CONDUCT RISK ISSUES TO BE:
2014
2015
60%
50%
40%
30%
20%
10%
Yes
No
2013 2014
In part
20150%
57%
28%
15%
54%
32%
14%
46%45%
9%
50%
45%
40%
35%
30%
25%
15%
20%
10%
5%
Significantly less than today
Slightly less than today
2013 2014
Significantly more than today
20150%
3%
The same as today
Slightly more than today
4%
32%
38%
23%
2%
6%
27%
46%
19%
6%
3%
28%
43%
20%
CONDUCT RISK REPORT 2015/1622
CHALLENGES AND EXPECTATIONS FOR THE YEAR AHEAD
The sheer range of challenges associated with the implementation of conduct risk is highlighted by the breadth of the responses. Again it is the G-SIFIs that are showing some signs of maturity in approach. The following two areas of potentially enhanced regulatory focus show that the G-SIFIs may well have already changed in response to conduct risk expectations. For greater focus on risk and control, the general population is at 39 percent with G-SIFIs at 21 percent. In a similar vein, greater focus on culture and corporate governance is at 35 percent with G-SIFIs at 29 percent. Perhaps most telling is the response to “understanding what conduct risk means to the firm,” which is at 38 percent for firms in general and distinctly less of an issue for G-SIFIs at 21 percent.
G-SIFIs are also an outlier on the changing regulatory environment, with 69 percent citing it as a key challenge for the coming year.
The regional variations suggest differing challenges. In North America, there has been a sharpened focus on the cultural shift needed to become customer-centric in all activities, up to 23 percent from 9 percent in 2014. The cost of resources is a concern in both Asia and the Middle East. Forty-eight percent of respondents from Asia are expecting the cost of conduct risk resources to be a key challenge in the coming year, up from 33 percent in 2014. In the Middle East, the cost challenge has more than doubled, with 40 percent citing cost of resources as a key challenge, up from 17 percent in 2014.
All regions except Australasia see the continually changing regulatory environment as a challenge in the year ahead. More than half of respondents in the UK and EU see the development of metrics and management information as the biggest challenge in the year ahead. In Asia, the cost of resources is seen as one of the biggest challenges.
“To conclude, the financial crisis and subsequent scandals revealed deep and continuing flaws in the culture of banking. The responsibility to address these flaws rests with the banks themselves. Many industry leaders have initiated reform programs within their firms. It is important to keep the momentum going. Reform requires relentless and sustained effort: from the top of an institution to its most junior employees, and across all of the institution’s business activities. Reform must include the full scope of an employee’s career, beginning with recruiting and continuing with annual performance management, compensation and promotion decisions.”
“Why Focus on Culture?” Remarks by Alberto G. Musalem, executive vice president, Federal Reserve Bank of New York at “Towards a New Age of Responsibility in Banking and Finance: Getting the Culture and the Ethics Right,” Goethe-Universität Frankfurt am Main, Frankfurt, Germany, November 2015
WHAT ARE THE KEY CHALLENGES TO THE ORGANIZATION WHEN IMPLEMENTING CONDUCT RISK IN THE YEAR AHEAD?
Chang
ing
busin
ess m
odel
60%
50%
40%
30%
20%
10%
2013
2014
0%
2015
70%
Chang
ing
regu
lato
ry
envir
onm
ent
Chang
ing
the r
emun
erat
ion
and
ince
ntive
s fra
mew
ork
Cost o
f res
ourc
es
Cultu
ral s
hift
to b
e cus
tom
er-
cent
ric in
all
activ
ities
Devel
opin
g m
etric
s and
man
agem
ent i
nfor
mat
ion
Devel
opin
g th
e cor
pora
te
appr
oach
Esta
blish
ing
and
embe
ddin
g
cond
uct r
isk a
ppet
ite
Incr
ease
d fo
cus o
n ris
k
and
cont
rol
Incr
ease
d fo
cus o
n cu
lture
and
corp
orat
e gov
erna
nce
Incr
ease
d fo
cus o
n sa
les
prac
tices
/qua
lity
Insu
fficie
nt sk
illed
reso
urce
s
Insu
fficie
nt m
anag
emen
t su
ppor
t
Numbe
r of b
usin
ess a
reas
/fun
c-
tions
impa
cted
by c
ondu
ct ri
sk
Under
stan
ding
wha
t con
duct
risk m
eans
to th
e firm
Under
stan
ding
wha
t reg
ulat
ors
mea
n by
cond
uct r
isk
Other
(ple
ase s
pecif
y)
risk.thomsonreuters.com 23
CLOSING THOUGHTSWHAT IS THE SINGLE BIGGEST CONDUCT RISK YOUR FIRM IS FACING?
We treat conduct risk like any other risk, and with a risk this big, you need to give us a very good reason why you are not taking proactive steps to manage it.Tracey McDermott, acting chief executive, UK FCA, July 2015
Conduct risk is maturing. More firms, particularly G-SIFIs, have defined it, and slowly but surely the concept and practices associated with good conduct risk are becoming the new normal for firms. The journey is not over. Even as conduct risk begins to move into the implementation and embedding phases of its development, care, vigilance and investment all remain needed if firms are to deliver on the required consistently good customer outcomes. And it is not just firms that need to be seen to be delivering on strong compliance. Regulators around the world have made clear that they will seek to hold senior individuals to account for breaches, particularly those that result in customer detriment or damage market integrity.
Senior managers need to help build a firm-specific working definition of conduct risk and then enable and support its promulgation through all levels of the business. The reverse information flow is equally important, as investment continues to be needed to refine the monitoring and reporting on conduct risk issues back to the board. The effort, focus and resources still needed to successfully tackle conduct risk challenges must not be underestimated, but for firms and senior individuals that meet the regulatory expectations, the levels of future enforcement, and indeed likely regulatory intrusion, will be significantly lower.
2013
2014
2015
Visit risk.thomsonreuters.com
For more information, contact your representative or visit us online.
RISK MANAGEMENT SOLUTIONS FROM THOMSON REUTERSRisk Management Solutions bring together trusted regulatory, customer and pricing data, intuitive software and expert insight and services – an unrivaled combination in the industry that empowers professionals and enterprises to confidently anticipate and act on risks – and make smarter decisions that accelerate business performance.
© 2016 Thomson Reuters S029946/2-16Thomson Reuters and the Kinesis logo are trademarks of Thomson Reuters.
