Conduct risk management

The Central Bank (Individual Accountability Framework) Bill 2022 (the Bill) will ensure that conduct risk will remain a key risk that all regulated financial services firms (firms) must be able to demonstrate it is proactively managing and mitigating. In all likelihood, one of the key impacts of the Bill will be the elevation of conduct risk further up the Board’s risk agenda prioritisation in 2023 and beyond.

The Importance of Managing Conduct Risk and implementing SEAR

The Bill introduces a number of specific conduct risk obligations on firms, it's senior executive functions (SEFs) and employees, including but not limited to:

  • A firm must acts “in the best interests of customers and the integrity of the market”
  • An individual must;
    • Act “without detriment to customers”
    • Ensure “that any communication, including any record, provided to a customer or other person is clear, accurate, up to date and not misleading”
    • Act “in the best interests of customers and treat them fairly and professionally”
    • Ensure “that customers are informed in a clear manner of relevant information relating to financial services of which they ought to be aware, and not impeding the provision of relevant information to customers”
    • Communicate “with customers in a timely manner”
    • Assess “the needs and circumstances of customers”
    • Not act “in a manner that is unfair to customers”
    • Operate “in compliance with standards of market conduct and trading venue rules”.

The above is only a sample of the many conduct requirements that the Bill places on firms and individuals. On the surface seeking to achieve compliance with these requirements may appear overwhelming. However, through designing (or enhancing) and implementing a conduct risk management framework, your firm can provide its SEFs and employees with the tools to act in the legitimate interests of their firm but also in the best interests of customers.

The Cost of Conduct Risk Management Failings

Notwithstanding the increasing regulatory expectations surrounding conduct risk management, poor management of conduct risk can crystallise into significant and material costs for firms. From an Irish perspective, this is evidenced by the increasing monetary levels and frequency of regulatory sanctions published by the Central Bank of Ireland (CBI) under its Administrative Sanction Procedures. Of the €298 million of financial sanctions published by the CBI since 2006, €228 million relates to sanctions published in the last three years alone.

At a global level, the cost of poor conduct risk management is even more stark. The CBR Conduct Costs Project at CASS Business School estimates that during a 10-year period (2008 to 2018), the 20 global banks in its conduct costs study have incurred conduct costs in excess of £377 billion.

What is Conduct Risk?

When you consider the formal definitions that are published by supervisory authorities and others, our view in Mazars is that conduct risk can be broken down into three core considerations, the impact a firm has on its:

  1. Customers/clients through its interactions with them;
  2. Employees; and
  3. The integrity of the markets that it operates in and other stakeholders.

How do You Manage Conduct Risk?

Our experience at Mazars tells us that to effectively manage conduct risk, a firm needs to develop a framework that incorporates a top-down and bottom-up approach. In practice, this translates to a framework that must:

  • Define the firm’s conduct risk strategy, the definition of conduct risk and conduct risk appetite and conduct risk metrics.
  • Provide the Board, senior management and individuals with the tools and methodologies to proactively identify and manage the conduct risks posed by the firm’s strategy, product, customer and employee lifecycles.
  • Articulate business units' and individuals' roles and responsibilities across the three lines of defence.

 How Can Mazars Help?

Our Mazars Financial Services Consulting team has significant first-hand experience based on our industry practitioner and consulting experience:

  • Assessing the design and operating effectiveness of conduct risk management and compliance risk management frameworks; and
  • Designing and implementing conduct risk management and compliance risk management frameworks.

As a result, we are well placed to work with and advise firms as they prepare for and implement the requirements of the Bill. Specifically with regard to enhancing or developing their own conduct risk management framework and/or accountability framework.

Contact