Are firms getting better at managing the challenges presented by the regulatory focus on culture and conduct risk? The fifth annual Culture and Conduct Risk Report shows some are, in some ways, but there's a lot of progress to be made.
Are firms more prepared for regulator scrutiny than they were half a decade ago? In some ways, yes, but not in others.
Those are the findings of the The Culture and Conduct Risk report for 2018. Thomson Reuters has undertaken its fifth annual survey on how firms around the world are managing the challenges presented by the regulatory focus on culture and conduct risk. Since its inception, the survey has highlighted distinct industry-wide and year-over-year trends against which firms can benchmark their own progress. Last year’s report was read by more than 5,000 entities, including global systemically important financial institutions (G-SIFIs), regulators, local government, law firms and consultancies.
Compliance and risk practitioners from more than 600 financial services firms across the world shared their views and experience for the analysis. Some of the main findings included:
- Over the five years of the survey, there have been persistent challenges in the creation of a separate working definition of “conduct risk.” Overall, progress has been made, with a threefold increase in the number of firms that now have a bespoke definition of conduct risk since the inception of the report. Almost half (43 percent) of firms reported having a separate working definition of conduct risk in 2018, compared to just 16 percent in 2013. G-SIFIs have made the most progress, with 66 percent reporting they had a separate working definition of conduct risk.
- Conduct risk continues to influence boardroom decisions. Firms continue to discard potentially profitable business propositions due to culture and/or conduct risk concerns (28 percent). This is further borne out by three-quarters of firms considering conduct risk factors when discussing business strategy.
- A quarter of firms reported implementing software solutions to manage and report on specific conduct risks an increase from 15 percent in the prior year. In addition, 23 percent of firms and over a quarter of G-SIFIs (27 percent) have deployed, or intend to deploy, a RegTech/FinTech solution to help the management of culture and conduct risk.
- The perception that personal liability will rise as a result of the regulatory focus on culture and/or conduct risk remains high. Overall, 70 percent of firms reported the regulatory focus on culture and/or conduct risk will increase the personal liability of senior managers, while in the G-SIFI population it is becoming less of a concern (68 percent in 2018, compared to 87 percent in the prior year).
The next phase in the development of the approach to culture and conduct risk looks to be tied up in personal accountability, with policymakers and regulators around the world introducing regimes which seek to allocate specific responsibility for risk management to senior managers. In parallel, the moves taken by the FSB (under the aegis of the G20) overtly linking inappropriate incentives to misconduct will again focus on individuals and their actions.
Firms may have reached the end of the implementation phase with regard to culture and conduct risk, but it is a long way from the end of the journey. The capacity to be able to demonstrate a strong positive culture in action as well as the ability to mitigate any conduct risks arising has become a required core competency for firms. By and large, a good start has been made, but it will need to be continuously refined to ensure it remains in line with not only all business activities, but also a continually changing regulatory landscape.
Read The Culture and Conduct Risk Report in its entirety.