Conduct risk refers to any action or omission by a firm or its employees that can harm customers or undermine market integrity. Understanding conduct risk, as well as strategies for managing and mitigating conduct risk, and meeting the FCA's expectations in this area, is essential for maintaining a strong reputation and avoiding regulatory penalties.
What is conduct risk?
The Financial Conduct Authority (FCA) defines conduct risk as any action of a regulated firm or individual that leads to customer detriment or has an adverse effect on market stability or effective competition. For more context, please refer to the FCA Conduct Rules.
This encompasses a wide range of behaviours, including:
Mis-selling
Mis-selling is a common conduct risk that occurs when financial products are sold to customers who are not suitable for them or when misleading information is provided. This can happen for various reasons, such as a lack of due diligence, misleading marketing or pressure to sell which leads to inappropriate recommendations for customers.
Examples of mis-selling include selling complex investment products to customers who don't understand the risks involved, misrepresenting the performance or risks of a financial product or failing to disclose important information about a product, such as potential fees or charges.
Fraud
Fraudulent activities can pose significant risks to both businesses and customers. Common examples include insider trading, money laundering, market manipulation and identity theft.
Fraud can have serious consequences, including criminal penalties, damage to company reputation and financial losses.
Conflicts of interest
Conflicts of interest arise when a firm or its employees have personal or corporate interests that could influence their decisions or actions. This can occur in various situations such as when employees hold conflicting roles and interests, when incentive structures deprioritise customers and any unvetted relationships with third parties.
Examples of conflicts of interest include a financial advisor recommending a product that benefits the advisor personally rather than the customer or employees using their position to obtain personal benefits.
Product design issues
Product design issues can occur when financial products are overly complex, difficult to understand, or unsuitable for certain customer segments. This can lead to customer confusion, mis-selling and increased regulatory scrutiny of your business.
Examples of product design issues include structured products with multiple components that are difficult to understand, derivatives that are highly leveraged and carry significant risks or products with hidden fees or charges that are not disclosed.
Inadequate controls
Inadequate controls can increase the risk of conduct risks occurring or going undetected. This can happen due to various factors, such as a lack of oversight, weak governance, technological deficiency and inadequate risk management.
Examples of inadequate controls can include a failure to conduct due diligence on customers, insufficient staff training and education, lack of independent oversight of business activities, or reliance on outdated technology systems.
The FCA's expectations for managing conduct risk
The FCA expects businesses to take a proactive approach to managing conduct risk. Effective management of conduct risk requires a comprehensive approach that involves:
- Culture and values
Fostering a culture that prioritises customer interests, ethical behaviour, and compliance with regulatory requirements. - Governance and oversight
Ensuring that the board of directors and senior management are actively involved in overseeing conduct risk management. - Training and education
Providing staff with training and education on conduct risk and compliance requirements. - Controls and monitoring
Implement effective controls to prevent and detect conduct risks and continuously monitor for changes in the risk environment. - Incident management
Having a robust incident management process in place to respond to and learn from conduct risk incidents. - Regulatory engagement
Maintaining open and transparent communication with the FCA and other regulators.
How to perform a conduct risk assessment
A conduct risk assessment involves identifying potential conduct risks, assessing their likelihood and impact, and evaluating the effectiveness of the firm's controls. We've identified the key steps in a conduct risk assessment.
- Identify conduct risks: find the specific conduct risks that the firm is exposed to, such as mis-selling, fraud, and conflicts of interest.
- Assess likelihood and impact: evaluate the probability and potential impact of each identified risk.
- Review controls: assess the effectiveness of the controls in place to mitigate these risks.
- Identify gaps: find any gaps in the control framework and take steps to address them.
- Prioritise risks: arrange the identified risks based on their likelihood and impact.
Want to learn more about FCA Compliance?
We have created an SMCR roadmap to help you navigate the compliance landscape, supported by a comprehensive library of FCA Courses.
We also have over 100 free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.
