Banks know they can’t afford to ignore conduct risk, but many don’t realise how urgent the issue is.
Financial institutions have proved slow in getting to grips with the definition of conduct risk and its relationship to organisational culture, and it’s to their detriment. Here are five big reasons why:
1. Conduct risk was the defining cause of the financial crisis
‘One of the key lessons from the crisis was that reputational risk was severely underestimated’ – The Financial Standards Board, Peer Review Report on Risk Governance, 2013.
Although banks had risk management structures in place at the time of the financial crisis, they simply weren’t up to scratch in most firms. According to the FSB report:
- The risk management function was ‘lacking the authority stature and independence to rein in the firm’s risk taking’.
- The ‘ability to address any weaknesses in risk governance identified by internal control assessment and testing processes was obstructed’.
- These oversights allowed ‘a culture of excessive risk-taking and leverage’ to take root.
The financial crisis, and the resulting years of economic uncertainty and mistrust that have followed, are a call-to-action for the banking industry to weed out the mistakes of the past and to protect their future.
2. Conduct missteps are costly
When banks do fall victim to conduct risks, they pay the price – literally.
Ten of the world’s largest banks have paid out about £143bn in ‘conduct costs’ since 2008, according to research by the London School of Economics. That’s equivalent to roughly five years of dividend payments to shareholders.
3. Regulations are not just a box to tick
The banking industry has developed ‘a tick-box and overly legalistic compliance culture within firms’ according to Clive Adamson, Director of Supervision at the FCA.
This has, in part been ‘encouraged by what has been seen as a tick-box regulatory approach’ by the FSA. But, Adamson also points out that ‘underpinning all of this is the issue of culture’. He says that banks have to be culturally responsible for:
- ‘Setting the tone from the top’
- ‘Translating this into easily understood business practices’
- ‘Supporting the right behaviours’
In order to protect organisations from further harm, the financial industry has to address the behaviours and motivators behind the regulations and risks they face.
Through cultural change, compliant financial firms need to recognise that regulations are just the starting point of a continual journey of improvement.
4. Business owners are liable
Since March 2016 in the UK, senior members of financial firms have become personally liable for failures in conduct risk.
These changes in regulations, brought about by the PRA and the FCA, highlight that addressing conduct risk is no longer a corporate responsibility. There’s no more hiding behind professional indemnity. Instead, every person within a corporation now has responsibility for conduct risk.
5. Banking matters
Financial organisations are not just another business. As the Salz Review outlined:
‘Banks matter. They hold a unique position in our society. Their smooth functioning is essential for people, businesses, governments and many other organisations.’
It’s important that people, businesses and government trust banks because they are critical to our economy and the way society functions. A misjudgment on the behalf of a bank doesn’t just pose a threat to that business, it poses a threat to the economy.
‘Trust’, the FCA state in their 2014 conduct risk briefing, is ‘the fundamental issue within the industry. Are we doing enough to earn that trust?’
Nearly a decade on from the financial crisis, banks can minimise their exposure to risk factors, safeguard the economy and regain the trust of their customers in the process. But, they can only do so through stable and consistent management of conduct risk.
For that reason, sound conduct risk management is more than a necessity for modern banks, it’s a responsibility.