This has given industry the opportunity to define what Conduct Risk means to them in the context of their objectives, client base and business models.
In the past few months, we have seen firms take a variety of approaches in coming up with a definition for Conduct Risk.
This is precisely what is happening; some firms have sought to define Conduct Risk in the context of the regulator’s operational objectives; this is not a bad idea given that the concept of Conduct Risk is, after all, being developed within this framework.
Others have sought to expand on previous regulatory initiatives – for example, in the UK, the six TCF Outcomes. This approach leverages existing policies and reporting structures and would make sense for most retail firms.
Some firms are following the view taken in the Financial Stability Board’s Peer Review Report on Risk Governance that Conduct Risk is linked to reputational risk – “One of the key lessons from the crisis was that reputational risk was severely underestimated; hence, there is more focus on business conduct and the suitability of products.”
Finally, there are those that view Conduct Risk as a type of operational risk, with the aim of managing it as part of their operational risk framework.
Regardless of how it is defined, it is clear that Conduct Risk will permeate nearly every aspect of a firm’s business and we must take a proactive, business-specific approach to managing it.
In our new Conduct Risk course, we set out our thinking of what Conduct Risk is and its role in driving risk management and governance. In addition, we continue to develop and refine our thinking about Conduct Risk in response to industry developments and regulatory pronouncements.