LONDON/NEW YORK(Thomson Reuters Regulatory Intelligence) - Personal liability, monitoring and reporting feature prominently in Thomson Reuters’ fifth annual survey of how financial services firms are managing conduct risk and embedding cultural change policies to meet growing regulatory expectations. The results highlight year-on-year and regional trends, enabling firms to benchmark their approach to the practical implications of culture and conduct risk with the wider industry. The report provides valuable insight into industry challenges and emerging best practices, with the aim to meet ever-increasing regulatory expectations.
Compliance and risk practitioners from more than 600 financial services firms across the world, including G-SIFIs, banks, brokers, asset managers and insurers, took part in the survey, which closed in the fourth quarter of 2017.
The ‘ownership’ of conduct risk within an organization shows G-SIFIs to be taking a more holistic and enterprise wide approach. Twenty two percent of G-SIFIs stated that everyone in the firm is deemed to ‘own’ conduct risk compared to 10 percent in the wider population.
-Click (bit.ly/figure-24) to view figure24:G-SIFIS analysis: who owns the conduct risk policy in your organization?
The compliance function (22 percent) and the board (21 percent) were the top two nominated owners in the wider population of firms. Regionally there are mixed results, with almost a third (30 percent) of firms in UK and Europe allocating ownership of the conduct risk policy to compliance, compared to 23 percent among firms in North America and Asia.
-Click (bit.ly/figure-25) to view figure25:Who is accountable for implementing and embedding your organization?
Accountability for implementing and embedding the conduct risk policy predominantly lies within the compliance department (31 percent). Perhaps as a result of available resources, 15 percent of G-SIFIs said accountability resided to a specific conduct risk area or team. The compliance function continues to take precedence in implementing and embedding the conduct risk policy within an organization. This was evident in the UK and Europe (37 percent), North America (33 percent), Asia (31 percent), Africa (25 percent), and South America (32 percent).
-Click (bit.ly/figure-26) to view figure26: Do you have a named senior manager responsible for conduct risk?
A new question on whether firms have a named senior manager responsible for culture was included in 2016. This year’s results have shown a marginal increase in having a dedicated senior manager responsible for culture (35 percent yes in 2016; 37 percent in 2017). Over half of firms (51 percent) in Australasia have a named senior manager responsible for culture, closely followed by firms in Africa (50 percent) and Asia (48 percent).
-Click (bit.ly/figure-27) to view figure27: Do you have a named senior manager responsible for cukture?
Continuing the trend of previous years, the expectation among compliance practitioners is that personal liability for senior managers will increase. The perception that personal liability for senior managers will increase is particularly evident with firms in Asia, with a 10 percent increase from 2016 (77 percent in 2017).
-Click (bit.ly/figure-28) to view figure28: Spotlight analysis: firms in the UK and Europe
This may be reflected by the Securities and Futures Commission’s full implementation of the Manager-In-Charge (MIC) regime, following a six-month transition period which ended on October 16, 2017.
-Click (bit.ly/figure-29) to view figure29: Do you think regulatory focus on culture/conduct risk will increase senior mananger personal liability?
In line with the results on embedding tone from the top, there is cause for concern regarding the persistence of firms reporting that they haven’t implemented training but know they need to. These are probably not the same firms year on year, but where training is seen as needed, it should be attended to quickly. Training is a key indicator for regulators that a firm has taken its compliance obligations seriously and has maintained and updated the knowledge and skill sets of all staff as necessary.
-Clcik (bit.ly/figure-30) to view figure30: Year-on-year analysis: has your firm implemented training on conduct risk?
Measuring culture and conduct risk remains a key challenge for financial services firms. Consistent with previous years, firms continue to rely on compliance monitoring results (53 percent); staff opinion survey results (51 percent); and internal audit results (51 percent), as the major indicators used to assess culture. This is also evident in G-SIFI firms, with the addition of internal attestations on culture and conduct risk (44 percent). Regionally, firms in the UK and Europe have increasingly used internal attestations on culture and conduct risk as an indicator to assess culture (29 percent in 2015, 29 percent in 2016, and 34 percent in 2017).
What indicators do you use to assess culture?
-Click (bit.ly/figure-32) to view figure32:Year-on-year analysis: how often does your board review culture/conduct risk issues?
To meet increasing regulatory expectations, boards need to remain informed and keep up to date on any potential culture and conduct risk issues within their firm.
Consistent with most previous years, around a third of boards review culture and/or conduct risk issues on a quarterly basis. The percentage doing so on an ad hoc basis has fallen back from the 2016 figure of 29 per cent to 24 per cent; the 2017 number is more consistent with previous years. This year’s results show a gradual increase in boards reviewing culture and conduct risk issues annually (18 percent in 2017). The results also show that monthly reviews are at their lowest point in four years at only 7 percent. From a regional perspective, the majority of firms worldwide were aligned on reviewing culture and conduct risk issues quarterly, with the exception of North America where 29 percent review culture and conduct risk issues on an ad-hoc basis.
-Click (bit.ly/figure-33) to view figure33: Year-on-year analysis: for conduct risk matters, are reports to the board from the compliance, risk and internal audit functions agreggated?
The percentage of firms in Asia with a separate working definition of conduct risk has seen a significant rise to 52 per cent. This marks the highest percentage of firms in Asia who have a separate working definition of conduct risk since the inception of the survey in 2013 (4 percent yes; 96 percent no).
-Click (bit.ly/figure-34) to view figure 34: Spotlight analysis: firms in Asia
With the roll-out of the Manager-in-Charge regime in Hong Kong and suggestions Singapore may be moving toward something similar, it is perhaps unsurprising 2017 saw an increase in the percentage of firms who anticipated an increase in senior management accountability.
Click (here) to access the full report.
(Stacey English is head of regulatory intelligence and Susannah Hammond is senior intelligence expert at Thomson Reuters Regulatory Intelligence.)
This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on May. 15. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters