The Risk Enabled Enterprise® - Conduct Risk Management

The Risk Enabled Enterprise® is a two-year research initiative from Chartis, in collaboration with IBM, which explores the enablers of enterprise risk management (ERM). Our research identified four strategic initiatives that firms can use to become ‘risk-enabled’ across organizational structure and process, people and culture, and data and systems. This report, covering conduct risk management, is the third of four to examine these initiatives and identify best practice practical implementation.

Conduct risk management is a rapidly evolving area. It is increasingly part of regulatory oversight, and is likely to become essential for operational and business planning in the future.

For this report, Chartis set out to understand the challenges financial institutions (FIs) are facing in implementing conduct risk management processes and the extent to which conduct risk management is becoming an important tool in business decision making. Our research included a global survey of 120 professionals working in the financial services industry, as well as in-depth follow-up interviews with 16 experts from FIs.

The key findings from the research include the following:

  • Firms are still struggling to establish terminology and an understanding of conduct risk. In results from survey respondents, the majority indicated that welldefined strategic initiatives were not in place for conduct risk management and indepth interviews with respondents similarly revealed a lack of understanding around conduct risk management processes.
  • Many FIs have not implemented appropriate rewards and incentives programs for conduct risk management. Incentives were ranked as the least important priority in terms of managing conduct risk among respondents. This represents another potential gap in the way that the marketplace is being approached, as FIs are increasingly failing to understand their own incentive systems, and are not building appropriate metrics and frameworks which prevent conflict of interest and protect their customers.
  • Conduct risk management is being driven from Europe. As model risk management was driven from the US, conduct risk management best-practice is coming from Europe. However, “local” regulation has an increasingly global scope.
  • The right balance between “top down” and “bottom up” is essential. Establishment of conduct risk policies and procedures and setting conduct risk appetite at the board level are essential, as are the establishment of controls around products and services at the business line and operational levels.
  • New forms of unstructured data management are proving their value. The analytics of areas such as sales processes, complaints management, Know Your Customer (KYC) and third party risk management are increasingly enabled by text mining and social media analysis. Firms must prove that they have controls over their complaints, sales, and internal communication processes at increasingly granular levels.
  • Links between behaviors and consequences should be established. While firms do not consider incentive management to be high on their list of challenges, it remains important that they build links between behaviors and consequences as well as risks and rewards to minimize conflict of interest, and to incentivize appropriate conduct. Without behavior being driven by appropriate incentives, all other areas of conduct risk management may be effectively negated.
  • Conduct risk management at an enterprise level will lead to preventative risk management. By mapping conduct risk management processes over the three lines of defense, FIs can enable the prevention of risks rather than the detection and remediation of loss events after they occur, can build regulatory and consumer trust, and move towards becoming risk-enabled.