Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

6 Steps to Minimize Conduct Risk

by Subramanian Venkataraman
March 22, 2018
in Featured, Risk
six blank post-its on a bulletin board

A Framework for Assessing Regulatory Maturity

In the current regulatory environment, banks find it complex and challenging to interpret and assess regulatory requirements on conduct risk.  In this this article, experts from Tata Consultancy Services suggest a robust approach for assessing the level of maturity attained by a bank in conduct risk vis-à-vis regulatory requirements and a remediation plan to bridge gaps.

with co-author Sasidharan Chandran

Conduct risk is a key emerging risk and has been defined by the Financial Conduct Authority (FCA) as “the risk that firm behaviour will result in poor outcomes for customers.” Conduct risk has evolved over the years from being an underestimated and unattended risk to one of the major risks faced by banks.

In addition to sizeable regulatory fines and costs of remediation, banks consider reputational damages as a prominent cost of conduct risk.  With the digital landscape evolving and changing the way how businesses are run, digital conduct and analytics has been one of the major areas of focus for banks in the recent years. This has been underscored by the FCA in its annual business plan 2017/18, where it has identified technological development as one of the forward-looking areas.

Conduct Risk Challenges Faced by Banks

In this dynamic and complex regulatory environment, banks are finding it challenging to interpret and assess the requirements to implement conduct risk regulations. Factors contributing to the challenges include inadequacies in risk governance structures, lack of clarity about various components of conduct risk, ambiguities in clearly separating conduct risk from operational risk, deficient approaches to estimation and ill-defined metrics of conduct risk.

Though there are frameworks present in the market to assess conduct risk maturity, they lack aggregation of maturities at desired levels. The need of the hour is to put in place a unified and flexible framework to address multiple dimensions of conduct risk. The suggested conduct risk assessment framework would help manage some of the highlighted challenges.

Conduct Risk Capability Assessment Framework

The Conduct Risk Capability Assessment Model provides banks with an approach to assess gaps in conduct risk maturity, their root causes and remediation of gaps at granular levels.  In other words, this is a tool for assessing the level of maturity attained by a bank vis-à-vis regulatory requirements.

The core purpose of the framework is to assess and quantify the level of maturity in complying with regulatory requirements. Maturity is measured by comparing the gap between current and target maturities.  For the identified regulatory rules, key performance indicators were developed and used to derive the gap between current and target maturities. The rating model implemented in the framework enables a rollup of gaps at various levels, including lines of businesses, legal entities and banking groups.

Framework Approach

The methodology involved the following steps:

  1. Derive conduct risk components and sub-components. Conduct risk regulations from various geographies were analyzed at length before formulating the conduct risk components and sub-components.

Example – A non-exhaustive list of components are product governance, marketing and selling, customer care, misuse of information, complaints management, market manipulation and insider trading.

  1. Map regulations to relevant conduct risk components and sub-components. The regulatory rules obtained from multiple sources are interpreted and mapped into relevant conduct risk components and sub-components that were derived based on analyzing conduct risk drivers.

Example – The Financial Conduct Authority’s Conduct of Business Sourcebook was interpreted and mapped to conduct risk components – product governance, customer care and marketing and selling. The risk components were further divided into conduct risk sub-components.

  1. Formulate Key Performance Indicators (KPIs). The key performance indicators spell out the criteria for compliance with the regulatory requirement and gather relevant evidence for assessing compliance

Example of a KPI belonging to the product governance component – Provide evidences for the presence of senior management approved detailed procedures and processes for product information preparation.

  1. Standardize root causes. Root causes are reasons for presence of gaps between current and target levels of maturity in a bank.

Example – All in-scope KPIs were mapped to the predefined and standardized root causes. A non-exhaustive list of root causes are board-level policies, board articulation, customer complaints, SLA violations, etc.

  1. Use rating model to derive gaps. The rating model will help convert the qualitative observations of current and target maturity into quantitative values; then gap percentage is computed.

Example: The current maturity of the KPI mapped to “early stages” (requirements gathering has been completed. approach, methodology and implementation of the gathered requirements are being discussed/debated) and target maturity mapped to “fully integrated” (1.Policies, processes, evidences and other documentation required for the capabilities are with necessary approvals and are covered fully 2.Metrics for measurement, monitoring and remediation are in automated form).

  1. Perform remediation activity. The remediation plan reflects top gaps to be addressed to bridge the gaps to an acceptable level.

Example – The framework provides a high-level plan to achieve higher levels of maturity (fully integrated state) from the lower levels of maturity (early stages state).

Framework Highlights

The assessment framework adheres to a set of standards with a view to supporting banks in their conduct risk journey, regardless of their current position.

Adherence to the Three Lines of Defense (LoD) Model

The three lines of defense model ensures coverage of all levels, namely business lines (first line), risk and support functions (second line) and internal and external audits (third line). For example, assume a regulatory requirement mandating avoidance of misselling of banking products to clients.  This was approached from all three lines of defense and key performance indicators (KPIs) were formulated.

The KPIs check for:

  • Presence of procedures to prevent misselling of a product as an example of compliance in the first LoD.
  • Availability of policies that help identify the risk of misselling as an example of adherence in the second LoD.
  • Availability of internal/external audit reports on the effective functioning of the system to prevent misselling as an example of compliance in the third LoD.

Highly Objective Taxonomy

To avoid subjectivity creeping into the model, each technical term has been defined. Criteria to determine the level of maturity was defined through the presence or absence of certain attributes. By following this, each capability, sub-capability, stages in the maturity of compliance and measures used in KPIs were defined.

Aggregation of Gaps through Standardization and Rating Model

Use of standardized root cause category was instrumental in grouping together similar causes. This enables comparison among various conduct risk components and sub-components. The rating model used in the framework completely preserves gaps at granular levels even when they are aggregated.  With this unique feature of aggregation, the framework can co-exist with and can supplement GRC systems of banks in analysing gaps in compliance.

Structured Approach to Remediation

Based on the desired level of maturity, a high-level plan to gradually move from lower levels of maturity to higher levels is made available as part of the framework. For each root cause category, a list of tasks to be initiated and milestones to be reached have been indicated. With the adoption of the three LoD model, remediation covers all three lines in a judicious manner.

Concluding Remarks

Key recent regulatory development is focused on improving risk culture; revamping remuneration and rewards; and fit and proper regimes.  Global standard setters are also currently examining the systemic nature of the conduct risk with a view to mandating globally acceptable but locally relevant standards. This is expected to change the conduct risk landscape further, necessitating consistent and ongoing review of regulatory maturity at granular levels.


Tags: banksconduct risk
Previous Post

TRACE: Offsets: What on Earth?

Next Post

Supreme Court Tightens Whistleblower Protections

Subramanian Venkataraman

Subramanian Venkataraman is a Senior Consultant in the Risk Management Practice of Tata Consultancy Services’ Banking and Financial Services Business Unit. He drives initiatives in the areas of credit risk, conduct risk and other allied areas. He manages research and competency development for the group. His risk consulting experience revolves around ERM, credit risk, market risk, stress testing, model validation and risk-adjusted performance management. He has developed a number of solutions for banking clients and authored point of views.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
man protected from lightning by bubble

Supreme Court Tightens Whistleblower Protections

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights