No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

6 Steps to Minimize Conduct Risk

by Subramanian Venkataraman
March 22, 2018
in Featured, Risk
six blank post-its on a bulletin board

A Framework for Assessing Regulatory Maturity

In the current regulatory environment, banks find it complex and challenging to interpret and assess regulatory requirements on conduct risk.  In this this article, experts from Tata Consultancy Services suggest a robust approach for assessing the level of maturity attained by a bank in conduct risk vis-à-vis regulatory requirements and a remediation plan to bridge gaps.

with co-author Sasidharan Chandran

Conduct risk is a key emerging risk and has been defined by the Financial Conduct Authority (FCA) as “the risk that firm behaviour will result in poor outcomes for customers.” Conduct risk has evolved over the years from being an underestimated and unattended risk to one of the major risks faced by banks.

In addition to sizeable regulatory fines and costs of remediation, banks consider reputational damages as a prominent cost of conduct risk.  With the digital landscape evolving and changing the way how businesses are run, digital conduct and analytics has been one of the major areas of focus for banks in the recent years. This has been underscored by the FCA in its annual business plan 2017/18, where it has identified technological development as one of the forward-looking areas.

Conduct Risk Challenges Faced by Banks

In this dynamic and complex regulatory environment, banks are finding it challenging to interpret and assess the requirements to implement conduct risk regulations. Factors contributing to the challenges include inadequacies in risk governance structures, lack of clarity about various components of conduct risk, ambiguities in clearly separating conduct risk from operational risk, deficient approaches to estimation and ill-defined metrics of conduct risk.

Though there are frameworks present in the market to assess conduct risk maturity, they lack aggregation of maturities at desired levels. The need of the hour is to put in place a unified and flexible framework to address multiple dimensions of conduct risk. The suggested conduct risk assessment framework would help manage some of the highlighted challenges.

Conduct Risk Capability Assessment Framework

The Conduct Risk Capability Assessment Model provides banks with an approach to assess gaps in conduct risk maturity, their root causes and remediation of gaps at granular levels.  In other words, this is a tool for assessing the level of maturity attained by a bank vis-à-vis regulatory requirements.

The core purpose of the framework is to assess and quantify the level of maturity in complying with regulatory requirements. Maturity is measured by comparing the gap between current and target maturities.  For the identified regulatory rules, key performance indicators were developed and used to derive the gap between current and target maturities. The rating model implemented in the framework enables a rollup of gaps at various levels, including lines of businesses, legal entities and banking groups.

Framework Approach

The methodology involved the following steps:

  1. Derive conduct risk components and sub-components. Conduct risk regulations from various geographies were analyzed at length before formulating the conduct risk components and sub-components.

Example – A non-exhaustive list of components are product governance, marketing and selling, customer care, misuse of information, complaints management, market manipulation and insider trading.

  1. Map regulations to relevant conduct risk components and sub-components. The regulatory rules obtained from multiple sources are interpreted and mapped into relevant conduct risk components and sub-components that were derived based on analyzing conduct risk drivers.

Example – The Financial Conduct Authority’s Conduct of Business Sourcebook was interpreted and mapped to conduct risk components – product governance, customer care and marketing and selling. The risk components were further divided into conduct risk sub-components.

  1. Formulate Key Performance Indicators (KPIs). The key performance indicators spell out the criteria for compliance with the regulatory requirement and gather relevant evidence for assessing compliance

Example of a KPI belonging to the product governance component – Provide evidences for the presence of senior management approved detailed procedures and processes for product information preparation.

  1. Standardize root causes. Root causes are reasons for presence of gaps between current and target levels of maturity in a bank.

Example – All in-scope KPIs were mapped to the predefined and standardized root causes. A non-exhaustive list of root causes are board-level policies, board articulation, customer complaints, SLA violations, etc.

  1. Use rating model to derive gaps. The rating model will help convert the qualitative observations of current and target maturity into quantitative values; then gap percentage is computed.

Example: The current maturity of the KPI mapped to “early stages” (requirements gathering has been completed. approach, methodology and implementation of the gathered requirements are being discussed/debated) and target maturity mapped to “fully integrated” (1.Policies, processes, evidences and other documentation required for the capabilities are with necessary approvals and are covered fully 2.Metrics for measurement, monitoring and remediation are in automated form).

  1. Perform remediation activity. The remediation plan reflects top gaps to be addressed to bridge the gaps to an acceptable level.

Example – The framework provides a high-level plan to achieve higher levels of maturity (fully integrated state) from the lower levels of maturity (early stages state).

Framework Highlights

The assessment framework adheres to a set of standards with a view to supporting banks in their conduct risk journey, regardless of their current position.

Adherence to the Three Lines of Defense (LoD) Model

The three lines of defense model ensures coverage of all levels, namely business lines (first line), risk and support functions (second line) and internal and external audits (third line). For example, assume a regulatory requirement mandating avoidance of misselling of banking products to clients.  This was approached from all three lines of defense and key performance indicators (KPIs) were formulated.

The KPIs check for:

  • Presence of procedures to prevent misselling of a product as an example of compliance in the first LoD.
  • Availability of policies that help identify the risk of misselling as an example of adherence in the second LoD.
  • Availability of internal/external audit reports on the effective functioning of the system to prevent misselling as an example of compliance in the third LoD.

Highly Objective Taxonomy

To avoid subjectivity creeping into the model, each technical term has been defined. Criteria to determine the level of maturity was defined through the presence or absence of certain attributes. By following this, each capability, sub-capability, stages in the maturity of compliance and measures used in KPIs were defined.

Aggregation of Gaps through Standardization and Rating Model

Use of standardized root cause category was instrumental in grouping together similar causes. This enables comparison among various conduct risk components and sub-components. The rating model used in the framework completely preserves gaps at granular levels even when they are aggregated.  With this unique feature of aggregation, the framework can co-exist with and can supplement GRC systems of banks in analysing gaps in compliance.

Structured Approach to Remediation

Based on the desired level of maturity, a high-level plan to gradually move from lower levels of maturity to higher levels is made available as part of the framework. For each root cause category, a list of tasks to be initiated and milestones to be reached have been indicated. With the adoption of the three LoD model, remediation covers all three lines in a judicious manner.

Concluding Remarks

Key recent regulatory development is focused on improving risk culture; revamping remuneration and rewards; and fit and proper regimes.  Global standard setters are also currently examining the systemic nature of the conduct risk with a view to mandating globally acceptable but locally relevant standards. This is expected to change the conduct risk landscape further, necessitating consistent and ongoing review of regulatory maturity at granular levels.


Tags: BankingConduct Risk
Previous Post

TRACE: Offsets: What on Earth?

Next Post

Supreme Court Tightens Whistleblower Protections

Subramanian Venkataraman

Subramanian Venkataraman

Subramanian Venkataraman is a Senior Consultant in the Risk Management Practice of Tata Consultancy Services’ Banking and Financial Services Business Unit. He drives initiatives in the areas of credit risk, conduct risk and other allied areas. He manages research and competency development for the group. His risk consulting experience revolves around ERM, credit risk, market risk, stress testing, model validation and risk-adjusted performance management. He has developed a number of solutions for banking clients and authored point of views.

Related Posts

NEW Nacha Rule – Third-Party Sender (TPS) Roles and Responsibilities

NEW Nacha Rule – Third-Party Sender (TPS) Roles and Responsibilities

by Aarti Maharaj
February 24, 2023

Recent updates to the Nacha Operating Rules are further clarifying the Roles and Responsibilities of Third-Party Senders (TPSs) who use...

North American – 14th Third Party Risk Management And Oversight For Financial Institutions

North American – 14th Third Party Risk Management And Oversight For Financial Institutions

by Aarti Maharaj
November 28, 2022

This marcus evans conference will showcase best practices to strengthen third party risk management frameworks, through procurement of new vendors,...

amazon web services

Dark Clouds: Capital One Proves Financial Institutions Can’t Rely on Providers for Security

by Michael Volkov
September 7, 2022

Going by the online handle “erratic,” a former Amazon software engineer conducted an extensive hacking scheme that gave her access...

boats stuck at low tide

Lifting All Boats in the Investment Banking Ecosystem Means Scaling the Trust Layer

by Federico Baradello
August 17, 2022

The U.S. government places extensive regulations on investment banking and related activities, including the use of technology. And while this...

Next Post
man protected from lightning by bubble

Supreme Court Tightens Whistleblower Protections

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT