Underpinning better decision-making by employing Effective Management information for conduct risk
The philosophy of “conduct risk” has bubbled to the top of firms’ and regulators’ agendas in the last few years. In the UK, the FCA expects conduct risk management as being implanted into firms’ risk management frameworks, promoted by proper management information (MI).
Developing on existing regulatory and supervisory expectations and our practical experience of what works well in practice at firms, ten principles of strong conduct risk MI have been identified that our company believe provide a stable bedrock for conduct risk MI across all of financial services firms and sectors.
The 10 principles of strong conduct risk MI are;
- Linked to strategy, culture and risk management framework
- Holistic and used to support analysis of trends
- Efficient and proportionate
- Accurate and timely
- Measured and reported on at an appropriate frequency
- Comprehensible and traceable
- Supports open communication and challenge
- Acted upon and recorded
Associated to strategy, culture and risk management framework
Conduct risk MI is taken into account when the firm talks about its strategy and the firm establishes a process to evaluate the conduct risk MI it accumulates, if the strategy or business conditions should change (e.g. due to the economy, developments in policy and regulation, or technology).
Conduct risks are overseen with the same rigour, and given the same priority, as prudential risks.
A range of indicators are used to inform senior management on how adequately the firm’s culture has been embedded. Conduct risk MI is used as an aspect of performance appraisals and in taking into account staff remuneration and promotions, as an example, as an aspect of a balanced scorecard.
Firms continue to cultivate conduct risk appetite statements for key risks and report MI against conduct risk appetite limitations and triggers.
As a component of the product governance procedure, firms articulate what a good outcome would certainly be for the target end client, including the inherent risks of the product or service, and distinguish the MI they need to keep track of this.
MI enables a consultation of whether good outcomes are achieved regularly, for example, through monitoring whether the product offers value for money, rather than just paying attention to whether poor outcomes are avoided.
Deep-dive inspections, mystery shopping, customer sales reviews, branch visits and other exercises are often used to strengthen an image of the service or product from the client’s standpoint.
Not all conduct risk metrics must be outcomes-focused, as firms need a package of metrics to develop an overall picture of conduct risk. Such as, it is still vital to receive MI on customer satisfaction, although, on its own, this does not always make evident a good customer outcome.
Holistic and in support of trend analysis
Enterprises use a suite of MI, formed on a consultation of what is needed, instead of what is readily accessible through existing systems and processes, to ensure a combination of indicators is measured and used to identify potential problems to be investigated further. Using existing risk or control indicators may only provide a skewed view of the situation. We always encourage firms to set an ideal scenario and employ back from the future thinking.
MI is analysed in different ways to identify trends:
– Over a time period (consistent on a period-to-period basis) e.g. to identify increases in complaints over time for a product;
– Across products e.g. to identify products with fairly low claims ratios or low investment returns;
– Across distribution channels e.g. examining breaches of conflicts of interest policies in different parts of the business; and
– Paying attention to one team or individual e.g. reviewing a variety of indicators from a trading desk to identify patterns.
MI reports on possible and emerging conduct risks, besides crystallised risks, i.e.,, monitoring whether a product is sold to the target audience.
The company takes into account the emerging conduct risks and trends from the FCA, e.g. those highlighted in the Risk Outlook, as well as lessons gained from previous mis-selling scandals or other regulatory enforcement action, and talks about whether any modifications are needed to MI and whether present MI suggests there may be challenges that need more investigation. For instance, when the FCA’s Risk Outlook for 2014 highlighted that house price growth may give rise to conduct issues, firms that provide mortgages should have paid attention to, for instance, affordability and equity release loans.
The business is starting to use analytics resources to link data and enable identity of underlying conduct risks, such as, linking post codes with types of mortgages sold and house price growth in the area to understand the risk of customers falling into arrears or the risk of customers being sold an unsuitable product. Many firms will already have this data for credit risk purposes.
Efficient and proportionate
The business takes a risk-based approach to reporting MI to avoid a torrent of information; information that would not provide value to senior management is not included in MI.
There is a clear delineation of the purpose of conduct risk MI from other MI to eliminate duplication and overlap.
Accurate and timely
Decisions are made founded on the right information, obtained sufficiently quickly after the relevant business activity has taken place, to enable action.
The second and third lines of defence are participating in open conversations with the business on expectations relative to the quality and timeliness of data and what is possible.
Internal Audit reviews the process governing how MI is collected, analysed and reported, and managers review and sense-check information on a sample basis.
Measured and reported on at an appropriate frequency
To allow practical, as opposed to just reactive responses, conduct risk MI is provided to senior management as part of monthly, quarterly and annual reporting (as agreed with senior management), and on an ad hoc basis e.g. where risk appetite triggers are breached.
The firm’s resources, systems and processes allow sufficient adaptability in the frequency with which MI is measured and reported; if necessary, data can be aggregated quickly.
Comprehensible and traceable
Senior management is given clear and concise MI that accentuate the key messages and risks in an easily digestible format; it is possible to drill down into the information for more detail and to trace where the information was derived.
Conduct risk MI includes a mix of both quantitative and qualitative analysis, which is accompanied by remarks that explain what the MI means, why any conduct risk issues have developed and how critical they are, how MI was measured (including any limitations), and the proposed actions.
Senior Managers examine and challenge ratings across the ‘Red Amber Green’ (RAG) rating spectrum, as opposed to just working on ‘red’ ratings, and drill down into the analysis to determine risk ratings.
Firms ensure robust thresholds to avoid just ‘green’ and ‘amber’ ratings being reported, giving an incorrect sense of comfort.
Anomalous or unexpected results are challenged and verified e.g. more than expected sales volumes in certain products, or continued successful market predictions from a certain trading desk.
Senior management openly reviews and seeks to understand weakness in how MI is collected and analysed.
Acted upon and recorded
Once potential, emerging and crystallised conduct risks are identified, the source are investigated and actions are tracked and studied to ensure they addressed the risks.
Conduct risk MI includes reporting on agreed remedial action and whether the action addressed the conduct risk proficiently.
An audit trail is maintained detailing how areas of concern detected within conduct risk MI have been acted upon and monitored.
If you have any queries, please call us on 0207 097 1434
Lee Werrell Chartered FCSI