Second annual survey finds supervisory and industry progress, but large majority of financial firms still remain unclear about conduct risk or how to address it
LONDON/NEW YORK, January 26, 2015 – Thomson Reuters, the world’s leading source of intelligent information for businesses and professionals, today announced the findings of a new study which revealed that managing and mitigating conduct risk continues to be one of the highest regulatory priorities, yet financial services firms remain unclear about what conduct risk is and how to address it. This lack of clarity, coupled with recent regulatory actions, appear to be driving concern about personal liability consequences.
The Thomson Reuters Conduct Risk Report 2014/15 follows up on last year’s study by looking at what practical actions firms have taken and what changes and progress have been made over the past 12 months. The results show an increased focus by regulators on the behavior of firms and how they conduct their business. Firms have boosted the time and resources devoted to the management of conduct risk, yet there is still a significant gap between awareness and implementation of effective policies across a firm.
Thomson Reuters Accelus surveyed more than 200 compliance and risk practitioners from financial services firms across the Americas, Europe, Africa, Asia, Australia and the Middle East to gain insight into how the industry is defining and responding to conduct risk. Respondents represented firms from across the financial services sector, including banks, insurers and fund managers.
Key findings from the report include:
- 67 percent of respondents said the regulatory focus on conduct risk would increase the personal liability of senior managers.
- 81 percent of respondents still do not have a working definition of “conduct risk;” only a slight decrease from 2013, when 84 percent of respondents reported not having firm specific definitions.
- Firms are reacting to enhanced focus from regulators by creating specific teams or employing conduct risk specialists at all levels of an organization.
- Global systemically important financial institutions (G-SIFI’s) have appeared to have done more, with only 6 percent reporting no conduct risk-related changes in the past 12 months.
“We’re seeing regulatory bodies all over the world strengthening their guidelines and enforcement when it comes to conduct risk,” said Andrew Neblett, managing director, Enterprise Risk Management at Thomson Reuters. “Interest around conduct risk has grown significantly over the last year and will continue to be a focus point for regulators throughout 2015. Financial firms are going to have to continue to take tangible steps towards managing and enforcing compliance processes or else they will be subject to steep penalties and fines.”
“Tone From the Top” Driving Conduct Risk Approach
The results show that while regulators have been active, so have financial firms. Roughly half of respondents (48 percent) reported a “tone from the top” communication implemented in 2014. Nearly 40 percent of firms surveyed said there has been implementation of new policies and procedures and nearly 32 percent have undergone training to address conduct risk. Firms also reported working to increase new policies and training with nearly a quarter (24 percent) of respondents saying they created specific risk conduct teams, while 18 percent have introduced Board appointments.
“Tone from the Top,” the need for a firm’s leadership to be seen setting and driving a suitable compliant approach to all aspects of the business, was overwhelmingly the biggest change in the last 12 months, according to the survey. Respondents rated it the number one change in Asia (61 percent), Europe (42 percent), the Middle East (50 percent), the UK (57 percent) and North America (34 percent). Over one-third of respondents from Australia (36 percent) said that no changes have been made this year, while over one-quarter of respondents from Africa (27 percent) had the same response.
Even with a potentially worrisome 18 percent of all respondents indicating that no major changes have been made in the last 12 months, the results, by and large, show willingness by firms to try and embrace the concept of conduct risk. The implementation of conduct risk policies takes time, however. The survey noted “the true test of whether changes have been successful in firms is not the introduction of policies or training programs, but a noticeable change in behavior within firms.” The results indicate there is a concern that firms are doing the right things, but the changes and actions may not be manifesting themselves.
No Clear Definition of Conduct Risk
The survey found that a large majority of respondents still do not have a working definition of conduct risk (81 percent). The survey shows that one reason for the lack of working definitions by respondents is the deliberate decision taken by regulators not to create an overarching definition of risk, rather leaving it to firms to create a definition specific to their own organization.
The regional results showed that 100 percent of respondents from the Middle East did not have a working definition of conduct risk, nor did 91 percent from Australia , 90 percent from Africa, 84 percent from North America, 83 percent in Asia, 81 percent from Europe and 73 percent in the UK. Conversely, only 74 percent of G-SIFI firms said they did not have a working definition of conduct risk.
Approach to Risk Management
The survey found a developing picture when it came to the maturity of a firm’s approach to conduct risk. Many firms rated their approaches as either implemented, but requiring further work (37 percent) or in development (31 percent); only 14 percent considered their approaches to be robust and embedded. For G-SIFI firms, 21 percent of respondents claimed to have a robust and embedded network, with 46 percent rating their approach as implemented, but requiring additional work; 25 percent as in development; and only 7 percent reporting they had no formal framework.
In 2013, 62 percent of respondents said they implemented plans, but further work was still needed; 22 percent said that plans were in development or no formal program existed; while only 16 percent of firms reported having a robust and embedded framework in place. The results show that firms appear to have significantly progressed their approaches to conduct risk, but that progress is not yet being evidenced in an embedded framework.
These results show the continuing challenges that firms face. Conduct risk covers such a broad variety of different areas that complete adoption of an effective conduct risk approach is going to take time. Regulators have made their expectations clear when it comes to conduct risk, and it is now up to firms and senior individuals who lead them to respond, develop and implement a consistently strong approach that can be seen across an organization.
For a copy of the Thomson Reuters Conduct Risk Report 2014/15, visit http://accelus.thomsonreuters.com/special-report/conduct-risk-report-201415 .
Thomson Reuters Accelus connects business transactions, strategy and operations to the ever-changing regulatory environment, enabling firms to manage business risk. A comprehensive platform supported by a range of applications and trusted regulatory and risk intelligence data, Accelus brings together market-leading solutions for governance, risk and compliance management, global regulatory intelligence, financial crime, anti-bribery and corruption, enhanced due diligence, training and e-learning and Board of Director services.
Thomson Reuters
Thomson Reuters is the world’s leading source of intelligent information for businesses and professionals. We combine industry expertise with innovative technology to deliver critical information to leading decision makers in the financial and risk, legal, tax and accounting, intellectual property and science and media markets, powered by the world’s most trusted news organization. Thomson Reuters shares are listed on the Toronto and New York Stock Exchanges. For more information, go to www.thomsonreuters.com.