Some key non-financial risk exposures of financial institutions active in the Wealth Management industry stem from incidents driven by significant employee misbehaviour and internal fraud. Insufficiently managed conduct risk in the wealth management industry continues to lead to significant financial losses, loss of reputation, and mandatory scrutiny for affected financial institutions. Large instances may even harm customers' trust in the financial services industry overall. Key regulators such as the UK Financial Conduct Authority (FCA) and others increasingly focus on this type of non-financial risk and require institutions to establish and maintain an effective framework to measure and manage employee conduct risk.
It is important to establish an effective control framework capable of identifying deviations from the expected norm in employee behaviour. Many financial institutions focus on cultural initiatives to positively influence the behaviour of their employees. However, the impact of cultural initiatives on employees' actual behaviour is difficult to prove, including to which extent such initiatives reduce residual risk levels of employee misbehaviour and fraud. Culture is expressed by the actual behaviour of employees "when the lights are switched off", i.e., when employees know their behaviour is not supervised. Therefore, cultural initiatives do not necessarily impact the behaviour of employees who are already prone to misbehaviour and fraud, which might be due to financial pressure, their sense of superiority or having the "right" to do so. Therefore, focusing on Culture is certainly a good thing to do, but in isolation, it is insufficient to address conduct risk.
Regulators expect financial institutions to develop their conduct risk definitions and strategies and put in place a tailored framework to address the specific conduct risks of their business areas. In Wealth Management, conduct risk is particularly driven by a close relationship between the customer and his/her Relationship Manager (RM), who can often influence the communication between the bank and even the customer's behaviour, especially in long-standing relationships between the customer and the RM.
But how do we identify and measure employee conduct risk? Larger financial institutions should use a comprehensive collection of relevant data to identify employees, e.g.. These client relationship managers are particularly prone to act themselves in a way that might cause harm to their employer. Such data may be derived from various sources, including:
"In Wealth Management, conduct risk is particularly driven by a close relationship between the customer and his/her Relationship Manager (RM), who can often influence the communication between the bank and even the customer's behaviour, especially in long-standing relationships between the customer and the RM."
• The customer relationships the RM is managing, e.g., volumes of insufficient Know-Your Customer profile updates, insufficient transactional due diligences, unresolved formalities deficiencies, unresolved credit shortfalls or deviations from customer protection-related due diligence requirements. Consideration should also be given to data reflecting the level of transparency of the banking relationship with the customer, incl. online banking, retained correspondence or changes of customer mailing instructions or contact details.
• Employee-specific data, e.g., the volume of identified policy breaches, undue expense claims, cross-border issues, and RM-related financial data, such as the delta between the employee's financial targets and actuals.
This collection of potential data to be aggregated to develop a meaningful measure for inherent employee-specific conduct risk requires close collaboration between different functions across the organization and lines of defence, including compliance, risk management, HR, operations, and finance. HR also plays a particularly crucial function in supporting employee conduct risk management from an employment law perspective.
Identified relevant data may be aggregated in a dedicated data lake and converted into a score at the employee level. Consideration also needs to be given to comparability: businesses within wealth management may significantly differ, e.g., some units may focus on intermediaries business, while others focus on direct client relationships, which would lead to very different data volumes aggregated at the level of the employee. Therefore, a peer comparison approach is important to measure employee conduct risk correctly.
The aggregated data should always adequately represent each of the three key aspects driving fraud and inappropriate employee behaviour: 1) Opportunity -> incl. the potential process deficiencies which an employee could exploit; 2) Motivation -> incl. employee pressure points such as being behind own budget; and 3) Rationalization -> incl. sense of superiority of the employee (this category is undoubtedly most difficult to measure). When aggregated, such data may result in a conduct risk score at the level of the employee expressing the employee's inherent conduct risk exposure. This information is no longer a direct indicator of actions and consequences to be taken against the employee or actual inappropriate behaviour. Still, it will serve as an important trigger to conduct targeted and risk-based control activities into the employee's behaviour. Employees knowing that their activities are being monitored will also behave differently. Thus, the knowledge of an existing control framework would also work as a deterrent for employees to act inappropriately.
The last and most relevant aspect of an effective end-to-end Conduct Risk Management Framework is the consequences when employee misconduct has been confirmed. Consequences need to be impactful, i.e., where actual behaviour deviates from the expected norm (this should be communicated by top management across the organization), consequences should sufficiently impact total compensation and promotion of employees. In less severe cases, a coffee catch-up between the employee and his/her senior line manager on a Saturday morning to discuss conduct and behaviour might also do the job..
