May 9, 2018 / 3:58 PM / a year ago

CULTURE AND CONDUCT RISK REPORT 2018: Executive summary and regulatory developments

LONDON/NEW YORK (Thomson Reuters Regulatory Intelligence) - Thomson Reuters has undertaken its fifth annual survey on how firms around the world are managing the challenges presented by the regulatory focus on culture and conduct risk. As in previous years, the research provides an opportunity for firms, and specifically compliance practitioners, to give their views and opinions on how they manage culture and mitigate conduct risk in the financial services industry.

Taillights from vehicles are shown in a time exposure as motorists depart Atlantic Beach, North Carolina, which is located on a barrier island, September 16, 2003.

Since its inception, the survey has highlighted distinct industry-wide and year-on-year trends against which firms can benchmark their own progress and has proved to be a valuable and trusted resource for firms and their compliance officers. Last year’s report was read by more than 5,000 entities including global systemically important financial institutions (G-SIFIs), regulators, local government, law firms and consultancies.

Compliance and risk practitioners from more than 600 financial services firms across the world shared their views and experience for the analysis. Firms from across the financial services sector including banks, brokers, asset managers and insurers took part in the survey, and as with previous years, Thomson Reuters specifically asked G-SIFIs to identify themselves to enable comparison between themselves and other smaller firms, to recognize apparent trends.

The main points were:

- Over the five years of the survey there have been persistent challenges in the creation of a separate working definition of conduct risk, distinct from other, similar, categories such as “regulatory risk”. Overall, progress has been made with a threefold increase in the number of firms that now have a bespoke definition of conduct risk since the inception of the report. Almost half (43 percent) of firms reported having a separate working definition of conduct risk in 2018, compared to just 16 percent in 2013. G-SIFIs have made the most progress with 66 percent reporting they had a separate working definition of conduct risk.

- There is international agreement on the key components of conduct risk, with the top three having held their place over the last five years of the survey. This year’s top three key components of conduct risk were again identified as: culture, ethics, integrity (54 percent); corporate governance, tone from the top (44 percent); and conflicts of interest (41 percent).

- Measuring culture and conduct risk remains a challenge for firms, with a combination of compliance monitoring results, staff opinion surveys, complaints analysis and internal audit results all being widely used as metrics. G-SIFIs also reported using internal attestations on culture and conduct risk as a cultural indicator.

- Conduct risk continues to influence boardroom decisions. Firms continue to discard potentially profitable business propositions due to culture and/or conduct risk concerns (28 percent). This is further borne out by three quarters of firms considering conduct risk factors when discussing business strategy.

- A quarter of firms reported implementing software solutions to manage and report on specific conduct risks an increase from 15 percent in the prior year. In addition, 23 percent of firms and over a quarter of G-SIFIs (27 percent) have deployed, or intend to deploy, a regtech/fintech solution to help the management of culture and conduct risk.

- The greatest conduct risk challenge boards are expected to face in the next 12 months was seen as establishing and embedding an appropriate conduct risk framework at their firms. This is reflected in the fact that only just over half (56 percent) of firms reported having implemented a formal approach to culture and conduct risk management, with 16 percent having a robust and embedded framework and resources in place.

- The ‘ownership’ of conduct risk within an organization shows G-SIFIs to be taking a more holistic and enterprise wide approach. Twenty two percent of G-SIFIs stated that everyone in the firm is deemed to ‘own’ conduct risk compared to 10 percent in the wider population. The compliance function (22 percent) and the board (21 percent) were the top two nominated owners in the wider population of firms.

- The perception that personal liability will rise as a result of the regulatory focus on culture and/or conduct risk remains high. Overall, 70 percent of firms reported that the regulatory focus on culture and/or conduct risk will increase the personal liability of senior managers, while in the G-SIFI population it is becoming less of a concern (68 percent in 2018, compared to 87 percent in the prior year).


Thomson Reuters has undertaken its fifth annual survey of how financial services firms are managing conduct risk and embedding cultural change policies to meet growing regulatory expectations. The results highlight year-on-year and regional trends, enabling firms to benchmark their approach to the practical implications of culture and conduct risk with the wider industry. The report provides valuable insight into industry challenges and emerging best practices, with the aim to meet ever-increasing regulatory expectations.

Compliance and risk practitioners from more than 600 financial services firms across the world, including G-SIFIs, banks, brokers, asset managers and insurers, took part in the survey, which closed in the fourth quarter of 2017.

Taking a five-year view, there is a sense that firms are now at the end of the beginning phase of coming to grips with culture and conduct risk and that the concepts, approach and practices have entered the mainstream of business practices. That is not to say that the job is done. Culture and conduct risk are qualitative issues which evolve in line with changing regulatory expectations and as such require an iterative approach to ensure continuing compliance.

Firms have invested substantial resources in building the risk and compliance infrastructures required to implement, embed, monitor and measure culture and conduct risk and, after five years, it appears that progress has been made.


- Click (here) to view the infographic "Spotlight Analysis:Global systemically financial institutions"

The wider roll-out of new senior management accountability regimes was a notable development during 2017. In the UK, both the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) launched consultations on extending the Senior Managers and Certification Regime to all firms. The regime will be extended to insurers in December 2018 and all other firms at a date to be set by HM Treasury.

In late 2016, Hong Kong’s Securities and Futures Commission (SFC) announced via a circular that it would be introducing a Manager-In-Charge Regime during 2017. Firms were provided with a six month transition period to adapt to the new regime running from April 18, 2017 to October 16, 2017.

Julia Leung, executive director in charge of licensing and supervision of intermediaries at the SFC, speaking at the AIMA APAC Annual Forum at the beginning of the year, said that the aim of the new regime was for a regulatory outcome in which compliance was not only the prerogative of one department, and where front line managers nurtured a culture of acting honestly, fairly and in the best interests of their clients and the integrity of the market.

In Australia, where a number of misconduct issues resulted in the appointment of a Royal Commission in late 2017, the Banking Executive Accountability Regime (BEAR) was introduced in September 2017. The BEAR regime is intended to make directors and senior executives of financial institutions more accountable, and subject to greater scrutiny if the organizations for which they are responsible fail to meet regulatory expectations.

BEAR will be linked with assessments of organizational culture and risk culture by the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA). ASIC has previously already incorporated culture into its risk-based surveillance reviews.

In Canada, the Office of the Superintendent of Financial Institutions (OSFI) released proposals late in 2017 to revamp governance requirements for banks and insurers. One of the most notable changes to the requirements is a shift towards increased board accountability over corporate governance, risk management and prudential matters. Under the revised guidelines, while senior managers would be responsible for implementing policies and procedures, the board would ultimately be accountable for the successes and failures of those practices.

Moves toward similar accountability regimes were also signaled in Singapore, where proposals were put forward in February 2017 that will require banks to specify the roles and responsibilities of officers and employees. In Ireland the Central Bank of Ireland (CBI) responded to a Law Reform Commission’s Issues Paper on whether its supervisory and enforcement powers were adequate or needed to be supplemented.

Among the specific recommendations made by the CBI was that the proposed reforms strengthening the accountability of senior personnel in regulated entities be adopted. The CBI has emphasized that in its supervision it will be continuing to challenge the effectiveness of the underlying culture of banks. It is due to carry out behavior and culture assessments of Ireland’s five main lenders in spring 2018.

The legacy of misconduct issues such as the creation of unauthorized accounts by employees of Wells Fargo and the sales practices of life insurers and brokers in Australia continued to inform efforts to underpin good corporate culture with an appropriate incentive or compensation system. Also in Australia, the Banking Code of Practice was revised following an independent review launched in July 2016. The revised Code has been submitted to ASIC for approval.

New Zealand’s conduct regulator, the Financial Markets Authority, in its 2017 conduct outcomes report said that it had observed positive change in embedding customer-focused conduct in firms. However, that positive change was not universal. The FMA reported that for newly licensed firms the explicit and organization-wide focus on customer outcomes was not yet embedded.

In June 2017, the Financial Stability Board (FSB) launched a consultation on supplementary guidance to its Principles and Standards on Sound Compensation Practices. The supplementary guidance provides recommendations on better practice that specifically address the link between compensation and (mis)conduct.

The year also saw the release of a number of new or revised Codes of Conduct. Of particular note was the release in late May of the FX Global Code of Conduct, which aims to provide a common set of guidelines to promote the integrity and effective functioning of the wholesale foreign exchange market.

To access the full report click

(Stacey English is head of regulatory intelligence and Susannah Hammond is senior intelligence expert at Thomson Reuters Regulatory Intelligence.)

This article was produced by Thomson Reuters Regulatory Intelligence and initially posted on May. 4. Regulatory Intelligence provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Regulatory Intelligence compliance news on Twitter: @thomsonreuters

0 : 0
  • narrow-browser-and-phone
  • medium-browser-and-portrait-tablet
  • landscape-tablet
  • medium-wide-browser
  • wide-browser-and-larger
  • medium-browser-and-landscape-tablet
  • medium-wide-browser-and-larger
  • above-phone
  • portrait-tablet-and-above
  • above-portrait-tablet
  • landscape-tablet-and-above
  • landscape-tablet-and-medium-wide-browser
  • portrait-tablet-and-below
  • landscape-tablet-and-below