9JULY 2025unresolved formalities deficiencies, unresolved credit shortfalls or deviations from customer protection-related due diligence requirements. Consideration should also be given to data reflecting the level of transparency of the banking relationship with the customer, incl. online banking, retained correspondence or changes of customer mailing instructions or contact details. · Employee-specific data, e.g., the volume of identified policy breaches, undue expense claims, cross-border issues, and RM-related financial data, such as the delta between the employee's financial targets and actuals. This collection of potential data to be aggregated to develop a meaningful measure for inherent employee-specific conduct risk requires close collaboration between different functions across the organization and lines of defence, including compliance, risk management, HR, operations, and finance. HR also plays a particularly crucial function in supporting employee conduct risk management from an employment law perspective. Identified relevant data may be aggregated in a dedicated data lake and converted into a score at the employee level. Consideration also needs to be given to comparability: businesses within wealth management may significantly differ, e.g., some units may focus on intermediaries business, while others focus on direct client relationships, which would lead to very different data volumes aggregated at the level of the employee. Therefore, a peer comparison approach is important to measure employee conduct risk correctly. The aggregated data should always adequately represent each of the three key aspects driving fraud and inappropriate employee behaviour: 1) Opportunity -> incl. the potential process deficiencies which an employee could exploit; 2) Motivation -> incl. employee pressure points such as being behind own budget; and 3) Rationalization -> incl. sense of superiority of the employee (this category is undoubtedly most difficult to measure). When aggregated, such data may result in a conduct risk score at the level of the employee expressing the employee's inherent conduct risk exposure. This information is no longer a direct indicator of actions and consequences to be taken against the employee or actual inappropriate behaviour. Still, it will serve as an important trigger to conduct targeted and risk-based control activities into the employee's behaviour. Employees knowing that their activities are being monitored will also behave differently. Thus, the knowledge of an existing control framework would also work as a deterrent for employees to act inappropriately.The last and most relevant aspect of an effective end-to-end Conduct Risk Management Framework is the consequences when employee misconduct has been confirmed. Consequences need to be impactful, i.e., where actual behaviour deviates from the expected norm (this should be communicated by top management across the organization), consequences should sufficiently impact total compensation and promotion of employees. In less severe cases, a coffee catch-up between the employee and his/her senior line manager on a Saturday morning to discuss conduct and behaviour might also do the job. In Wealth Management, conduct risk is particularly driven by a close relationship between the customer and his/her Relationship Manager (RM), who can often influence the communication between the bank and even the customer's behaviour, especially in long-standing relationships between the customer and the RM
< Page 8 | Page 10 >