Conduct risk is the risk of not meeting expectations that customers’ interests come first. Expectations can be regulatory, societal, and contractual. Typically it covers market integrity as well as investor/customer protection. To be addressed effectively, conduct risk must be defined explicitly for your organization, taking into account activities, staff, and customers.
As expectations change, emerging themes need to be considered and addressed by all providers of financial products and services. Customer concerns and Complaints (IDR/EDR) are an excellent way for firms to learn more about their customers and essential drivers to manage conduct risk.
It is crucial to identify the key indicators that you want to monitor and measure as a first step.
- Customer concerns: Identifying customer concerns early is a great strategy not only to improve the customer experience but also to identify areas for improvement in product design, distribution, competitive strategy and gaps in terms and conditions. The volume of concern and repeatability are key attributes that need to be measured.
- Complaints (IDR): Complaints need to be identified as early as possible. The severity, volume, type and root cause of complaints play an important role.
- Complaints at AFCA (EDR): When a complaint ends up with the ombudsman body AFCA, it is a red signal. Although it is not necessary, it is always the firm who is at fault, given the fact that it has ended up at AFCA, highlights systemic risk.
AFCA’s complaint resolution approach may include
- legal principles
- applicable industry codes or guidance
- good industry practice
- previous relevant determinations of AFCA or predecessor schemes.
Besides the above principles, AFCA considers what is fair in all the circumstances. Since AFCA’s complaint resolution approach covers many of the fundamental criteria of conduct, some of these indicators should be incorporated in conduct risk measurement. Each of these criteria can be allocated a KRI to develop a risk-driven model.
To understand the full list of criteria and conduct risk mapping strategy, contact us (email@example.com) today for a free workshop.
New RegTech100 winners for 2021 just announced. We are glad that Cognitive View has been selected in the RegTech100 for 2021!
The Regtech 100 is a recognition of the world’s most innovative technology providers that address the challenges of regulatory compliance. This recognition is a true reflection of our commitment and passion for innovation.
RegTech Analyst reported significant growth of the Regulatory Technology industry in the last few years. Over $5bn have been invested in RegTech companies so far in 2020, driven by the compliance challenges exacerbated by the shift to remote working this year.
Cognitive View is a transformative Regtech that automates Compliance, Customer Experience, Conduct Risk, and Fraud. It analyzes customer communication channels, including contact centres’ voice data, identifying conduct-related issues, customer experience, and complaints, and ensures the staff meets its policies and quality standards
With over 1,000 long-listed companies, the competition was stronger than ever. A panel of analysts and industry experts voted top 100 finalists for their innovative use of technology to solve a significant industry problem, or to generate efficiency improvements across the compliance function.
For the complete RegTech100 list, visit www.RegTech100.com
The OECD Global Blockchain Policy Centre has recently invited Cognitive view to showcase its distributed ledger technology addressing public policy issues.
Cognitive view analyzes customer communication data to automate compliance, customer experience and conduct risk monitoring. It’s Regtech essentially helps firms improve consumer fairness, public trust in our financial services and enhance market integrity.
Continuous monitoring & reporting automation using Blockchain
Most organizations spend a great deal of time and energy wrestling dirty, poorly integrated data. They either cannot find the correct data or cannot trust the information they find. On top of that, they must deal with multiple industry regulations that are barriers to self-service and data democratization. As a result, they try to fix their data through various labour-intensive tasks, from writing custom programs to global replace functions – overall diminishing their productivity as data analysts and data scientists.
The opportunity is for regulated entities in continuous control monitoring and regulatory reporting that is much more efficient addresses the data quality issues and substantially reduces operational and non-financial risk. We believe technology has advanced enough and brought us to a stage that we can think beyond the boundaries and make regulatory compliance more efficient, cost-effective, and shift the paradigm.
Cognitive View generates a lot of data in real-time with its continuous control monitoring technology and analysis of unstructured data. Hence the opportunity to enable continuous monitoring and reporting with the right foundation.
We have introduced a private blockchain-based foundation that addresses some of the pressing needs of regulated entities in internal auditing & regulatory reporting. Blockchain-based audit/reporting is a new and still an optional feature; for regulated entities, provide the below capabilities when enabled.
Cognitive View monitors on a real-time basis for any compliance failures and generates incidents and breaches. All the breach information is written to an internal private blockchain. A smart contract is a digital contract that can self-execute automatically will create an alert when breach conditions are met.
Risk and compliance officer assesses the breach and decides to report to the regulator if meets significant breach reporting criteria. The transformative technology that enables a shift in the focus of compliance staff from information gatherers to information analysers. It is time for a paradigm shift in the financial services industry and the way regulatory compliance departments operate.
A private blockchain will allow regulated entities to
- Standardize the internal data reporting requirements
- Improve information flows between 3-lines of defence that is auditable & transparent
- 1LOD automation to ensure material risks/issues logged, prioritized, and then escalated. Addresses many of the data quality issues
- Detect & prevent instances of fraud and misconduct from occurring in the first place
- Trace obligations from frontline oversight through to Executive and then Board reporting
Regulators play a vital role in considering new policies, frameworks, standardization efforts, and ownership models for better industry adoption. Regulator publishes new regulations and assesses reports of significant breaches from the regulated entities. So any automation that does not include the regulator is incomplete. Regulator and regulated entity collaboration are absolutely critical in reducing the cost of compliance.
The future operational model and opportunities in a blockchain-based collaboration consortium
A hybrid blockchain framework can enable a consortium model. The regulated entities will have their own private Blockchain and will be able to join with the regulator’s public Blockchain based on regulatory engagement requirements and approval.
Firms will, for example, be able to measure their level of compliance in real-time, as will regulators. Indeed, as organizations within the financial sector become more technology-driven, this approach makes increasing sense – financial services organizations are already, in many senses, largely IT environments.
What are the Role Regtech or Suptech’s play in such collaboration and blockchain-based consortium?
Many mid-sized and smaller firms do not have resources and skills to build, whereas large firms may decide to build their own in-house technology solution. Regtech and Suptech will play a vital role in the consortium and technology adoption by regulated entities. Below diagram some of the key roles the Regtech and Suptech plays.
The Australian government has recently started a new set of measures for Deregulation with a laser focus on reducing the regulatory compliance burden on business. The measures are to reduce red tape, making it easier for businesses to invest, create jobs and grow the economy. The Deregulation Taskforce is also working on opportunities to adopt technological or ‘regtech’ solutions which make it easier for business to cost-effectively navigate and comply with regulatory requirements. The de-regulation does not necessarily have to be fewer regulations, rather increasing automation and operational efficiency will drive increasing de-regulation in all sectors.
Please reach out to firstname.lastname@example.org, for all the forward-looking organizations who are ready to participate and collaborate in this area.
Banks must ensure that communications and training about the code are delivered to all staff and supervisors, including any external third parties through whom they provide their services and offshore staff. This will enable banks to set expectations of what is required to comply with the Code and how the bank will monitor and report on their compliance. The Banking code compliance committee (BCCC) expects a positive customer-focused culture to be supported through training and considers that customer-facing staff are well-positioned to identify and escalate a possible breach of the Code.
Banks should review and develop KPIs & KRIs that ensure staff performance metrics promote behaviours that prioritise good customer outcomes and reflect the Guiding Principles and spirit of the Code. Senior executives understand that their organization’s measurement system strongly affects the behaviour of managers and employees. Risk plays a very important role in training and monitoring.
Risk-based supervision is largely outcomes and principles-based compared to a compliance-based approach. It seeks to assess, within a forward-looking perspective and making extensive use of judgment, the most important prudential and conduct risks posed by firms to supervisory objectives and the extent to which firms are able to manage and contain these.
Supervisors are mostly resource-constrained and requiring them to prioritize a variety of code compliance & conduct related activities rigorously. Risk-based supervision increases the effectiveness of compliance while increasing efficiency through improved resource allocation and processes. It assists in prioritization of resources to the areas of greatest conduct risk. Risks are not eliminated, but supervisors are able to address them in the most efficient and effective way of pursuing their objectives. This allows banks to address the risks in a systematic manner giving priority to what matters most.
Quick starting points on how to initiate a Risk-Based Supervision approach
- Risks need to be addressed in a systematic manner giving priority to what matters most
Risks need to be identified that would have the most significant detrimental impact. These are outcomes that would, for example, cause maximum damage to code compliance objectives. Risk-based supervision considers a combination of the effect of crystallization of risks and the likelihood that this will occur. The very highest impact firms and activities will be judged to be a potential source of systemic risk. Failure would result in extensive losses to consumers; broader reputational damage, fines, or regulator initiated a formal investigation.
2. Risk-based supervision requires the assessment and consistent grading or scoring of issues
3. Risks can originate from a variety of sources, so it is necessary to take a broader perspective and establish risk profiles
4. Risk-based supervision is dynamic and forward-looking. It allows risks to be identified and addressed early
Narrow compliance-based approaches may involve a fixed schedule of compliance checks which is relatively invariant to perceived risks. Risk-based supervision, by contrast, is a dynamic and continuous process that involves planning, risk assessment, execution of the supervisory programme and regular monitoring and evaluation on a risk-based cycle. It seeks to identify emerging areas of risk and the adequacy of management and financial resources to address these.
The emerging risks can be identified in both internal and external sources. External sources can be regulatory and ombudsman bodies like ASIC, AFCA. AFCA Insights service launched by us is a great source to learn so much on emerging risk patterns from complaint management data.
It also greatly facilitates dialogue on things that really matter. Continuous control monitoring and supervision strategies will differ from one firm to others but some foundations of forward-looking assessment based on risk remain the same.
To learn more about how to automate risk-based supervision for Banking code of practice and strategies to identify emerging risk patterns, send us an email (email@example.com)
The Australian Bankers’ Association (ABA) undertook an independent Review called “Sedgwick report” for product sales commissions and product-based payments in retail banking in Australia. The review was intended to build on the Future of Financial Advice (FOFA) reforms and identify options for strengthening the alignment of retail bank incentives, commissions and bonus payments (variable reward payments), practices and good customer outcomes.
The balanced scorecard was one of the key recommendations with the inclusion of variable pay components for individuals suggesting a range of performance criteria, not just financial measures, to ensure staff will be less focused on short-term sales/profits and, therefore, misconduct will be reduced.
Incorporating conduct risk in a Balanced scorecard
The balanced scorecard typically includes financial measures that tell the results of actions already taken. And it complements the financial measures with operational measures on customer satisfaction, operational risk, employee conduct.
Compensation tools play an important role in reducing misconduct risk by providing both incentives and performance assessment mechanisms that can help to promote good behaviour. Compensation must be adjusted for all types of risk, and not just be based on profit, and both quantitative measures and human judgement should play a role in determining risk adjustments. Performance measurement should include a firm’s risk appetite, assessed as part of risk-adjusting the overall variable pay pool/funding and/or as part of an individual’s performance assessment.
Risk and compliance should be incorporated into performance assessments at both the corporate and individual levels. At the individual level, metrics should include appropriate customer satisfaction, compliance adherence, quality of telephone calls, individual behaviour. The corporate variable pay pool is typically based on risk-adjusted profit and considering a scorecard of measures (capturing, for example, customer and risk management within the risk appetite).
So it is important not only to be able to define what conduct risk means for each business unit but also to measure it.
Sedgwick report can be downloaded here (https://www.retailbankingremreview.com.au/)
To learn more on conduct risk measurement strategy, drop an email on firstname.lastname@example.org
The Banking Code Compliance Committee (BCCC), Australia has conducted an inquiry between July and October 2019 into Code subscribing banks’ (banks) transition to the new 2019 Banking Code of Practice (the Code) to confirm whether banks have taken appropriate steps to ensure compliance with the Code. The objective of the inquiry was to have a holistic review of the banks’ transition to the Code.
BCCC has come up with a set of recommendation based on their observation of code adherence across the subscribing banks. The diagram below illustrates some of the key considerations that need to be made while incorporating the code of practices into the existing operations.
BCCC Recommendation #1
A good point to start this is to
- identify the compliance gaps between existing practices prior to Code approval and the obligations set out in the Code, and
- develop and implement appropriate policies, processes, procedures and system changes to ensure compliance with the Code from 1 July 2019.
What is important is to use a consistent taxonomy to differentiate a variety of these obligations. While identifying the obligations it is important to differentiate what can be automated, which are there to meet the legal compliance, which are there to support product design & distributions and which are behavioural and subjective in nature. Some common obligations may need to support more than one set of compliance or policy adherence objectives.
The number of obligations that need to be monitored for each control may vary based on a number of factors including product distribution model, geography, channel, process etc.
BCCC Recommendation #2
Mapping obligations into your existing compliance framework and business process
The code is equally applicable to all the entities, brands and subsidiaries. Irrespective of whether the products are offered under white-label agreements, e.g. credit or loan products, it requires uniform compliance. So the obligations need to be mapped to relevant metadata, geography, business processes and risk criteria.
— products and services
— business units
— services channels
— back-office and processing teams
— control environments (to ensure it can adequately report to BCCC).
— risk criteria
Every obligation needs to be assessed for individual and contextual risk and a risk definition needs to be attached to it.
Risk-based supervision increases the effectiveness of code compliance while increasing efficiency through improved resource allocation and processes. It assists in prioritization of resources to the areas of greatest conduct risk. Risks are not eliminated, but supervisors are able to address them in the most efficient and effective way of pursuing their objectives. This allows Banks to address the risks in a systematic manner giving priority to what matters most.
If you want to learn more about the obligation identification, mapping strategy, send us an email (email@example.com) for more information.