5 reasons for conduct risk failures- and 1 shared solution


Conduct risk: “Risk associated to the way organisations, and their staff, relate to customers and the wider financial markets”

Chartered Institute of Internal Auditors, 2018

Conduct risk is a form of business risk that refers to potential misconduct of individuals associated with a firm. Over a decade on from the financial crisis, firms still need to maintain sound and consistent management of conduct, in order to avoid regulatory action, fines and reputational damage.

Over the past year the risk of misconduct has gone up due to increased levels of remote working and is now ranked 6th in the top 10 operational risks for 2021 by Risk.net.

In this article we explore the main causes of conduct risk failures and how they are all interconnected.

Examples of conduct risk across financial institutions

This diagram illustrates where conduct risk failures typically arise in financial institutions:


“The incidence of financial sector misconduct has risen to a level that has the potential to create systemic risks by undermining trust in both financial institutions and markets”

-Mark Carney, G20, 2018

5 reasons for misconduct

Understanding and addressing the drivers of conduct risk is essential in improving standards of behaviour. While there is no one-size-fits all approach, there are five core areas at the root of conduct risk:

  1. Lack of leadership

A firm’s culture – its distinct set of shared values is at the crux of ethical lapses in financial institutions. Good conduct is driven by a strong, harmonious culture and organisational culture is determined by a company’s tone at the top and actions by the top.

Leadership is critical to a company’s risk culture as behaviour within an organisation is guided explicitly or implicitly by messages communicated by leaders.  Leaders need to set the right tone and ensure the company’s mission and values are aligned throughout the organisation.

Over the past year the risk of misconduct has gone up due to increased levels of remote working and is now ranked 6th in the top 10 operational risks for 2021

In the UK, the recently enforced Senior Managers and Certification Regime (SMCR) has increased accountability for senior members of financial services firms for their conduct.

  1. Poor management of product life cycle

Poor conduct outcomes can arise when the commercial needs of a firm dictate product lifecycle practices rather than customer needs. Some companies do not adequately consider customer outcomes or market impact and this can foster misconduct, in particular mis-selling and irresponsible lending.

Often company staff, third-party distributors or other outsourcing vendors involved in sales or post-sale customer support are not given enough guidance and this can be especially problematic in cases where the customers are inexperienced or vulnerable. Post-sale, some financial institutions fail to investigate customer complaints, provide customer care or care that is provided is focused solely on procuring more sales rather than customer satisfaction. All serve to undermine good conduct as they disregard the customer perspective.

  1. Employee awareness

In some instances, financial institution staff or other representatives are not trained sufficiently or provided with the right tools to ensure customer and market interactions are conducted fairly and transparently. Employees may not completely understand the product features or potential impacts.

Complicated and labour-intensive policies and procedures can also be detrimental. Manual processes increase the chance of human error and accidental misconduct. Whereas, in large organisations, with intensive and intricate procedures, there may be a temptation for employees to overlook controls made to prevent misconduct.

  1. Wrong incentives

How an individual is incentivised plays a significant role in shaping their professional behaviour. In too many cases, remuneration still emphasises production and revenues over conduct.

Some firms could benefit from prioritising certain performance indicators over others. For example, rewarding customer satisfaction skills and risk awareness to encourage desired behaviours. However, even where financial institutions have modified incentive plans to align compensation better with company values, these programmes tend to apply to more senior level management and not necessarily all customer-facing staff.

  1. Inadequate management of reporting

Some financial institutions have inadequate processes for monitoring and reporting on conduct risks and have not implemented data analytic techniques to help identify root causes or perhaps even predict potential areas of risk.

Weak systems for monitoring and surveillance can result in misconduct going undetected and therefore risks not appropriately managed. A company culture may also discourage voluntary reporting of issues and problems. The result is a lack of transparency with an organisation’s leaders failing to identify and manage important risks.


These five reasons for conduct risk failures often overlap and as each firm is structured differently some may be more relevant than others. Nevertheless, they all ultimately point to the same source: a company’s culture. And changing a culture, although notoriously difficult is the shared solution to combat conduct risk failures.

Restoring trust – RegTech can help

A growing number of firms are adopting software solutions to better manage conduct risk. Such solutions help firms automate and streamline processes as well as track and monitor conduct-related compliance process flows.  RegTech solutions can help support a firm’s conduct risk management and optimise outcomes in a more cost-effective way.

To restore the trust deficit, financial services companies must refrain from pursuing their own financial interests so recklessly that their actions might harm customers or the financial markets. They must demonstrate to regulators that they are a company that is serious about their conduct risk management systems.  Designing the right conduct programme, supported by the right technological solution starts by bringing together business, technology, and regulation experts. Start your journey today by talking to our experts at 1RS.  We can help you find a bespoke and sustainable technological solution that inspires trust.



About Author

Avatar photo

Bea is Head of Risk & Compliance and Managing Director at 1st Risk Solutions. Bea has vast experience across all 3 Lines of Defence gained at some of the worlds largest global banks and financial institutions (HSBC, JP Morgan and American Express). She has been at the forefront of global change and risk programmes, driving the design and implementation of the associated operational risk framework for: • Global regulatory programmes such as SOX, SAO, FATCA, SM&CR • Global Financial Crime risk remediation • Operational Risk frameworks within global functions (technologies, finance, HR) • Global M&A and divestment programmes, managing buyer risk, separation risk and transitional service risk Bea also spent many years at American Express working globally within various areas across all 3 lines- Group Treasury, Group Internal Audit and within Group Operational Risk, obtaining in depth knowledge of credit services, Insurance products, and Private Banking.

Leave A Reply