January 2014

How to Measure and Mitigate Conduct Risk

How to Measure and Mitigate Conduct Risk

Financial organisations are coming to terms with a regulatory obligation to mitigate, measure and report on conduct risk under the new guidance of the Financial Conduct Authority.

The need is to ensure that culture is aligned to actual behaviour. This is not a new challenge and should be the focus for any customer centric organisation.  However, after recent scandals, it's clear that some financial services organisations have failed to meet this standard.

The costs of ‘mis-conduct’ are clear.  Remediation of the UK PPI issue is estimated at £10bn, the residential mortgage lending in the US is estimated at $25bn.  

The challenge? ‘Treating Customers Fairly’ no longer cuts the mustard. Conduct risk goes deep into the daily habits, practices and relationships held in the organisation. It’s about increasing the visibility and control around them.

Informing conduct risk comes from understanding how all stakeholders, not just customers, are assessing you – in other words, your reputation. Reputation is fuelled by the experiences, attitudes, beliefs and emotions that are held about an organisation.   It is reputation that informs conduct risk, allowing an organisation to actively monitor, predict and prevent incidents occurring. 

So boards find themselves having to ask three tough questions:

  1. How do we ensure that ‘doing the right thing’ remains a key focus for all those in our organisation? 
  2. How do we ensure the culture we wish to have is embedded and driven by actual behaviour and daily practices?
  3. How do we make the intangible tangible? How do we demonstrate and report on increased visibility and control of conduct risk?


First things first, get a true reflection of how internal culture and behaviour are ‘playing out’ externally.  See and understand the effects that culture is having on the reputation held externally and internally, as well as the reasons why.

Then, joining strategy with processes, structures and relationships, the answers to all these questions are clear

  1. Make sure that ‘doing the right thing’ comes naturally and is consistent by aligning personal and professional values of individuals and teams to that of the organisation.
  2. Understand how internal reputation is being enhanced through everyday practices.  Also how the habits and behaviours of leaders are supporting or detracting from the reputation you seek to hold.
  3. Know how and where in your ‘internal reputation system’ culture is strengthened or weakened by monitoring and reporting on internal and external reputation, evidenced with clear and simple management information.

Conduct Risk is yet another example of how reputation both internally and externally must be aligned.  It also shows how organisations are increasingly being asked to demonstrate transparency, to prove that they are on the inside who they claim to be on the outside.

The learning for the financial sector is that this is not just another form of risk to be protected and mitigated against, but an opportunity to understand and enhance corporate culture.

This is not simply another task on the job list of the Reputation Risk Officer.  It demands a fully integrated approach that joins up strategy, the infrastructure of the business, its processes, systems and the relationships that exist between management, individuals and teams.