Intelligent data from Corlytics shows that regulators and policy makers around the world remain focused on conduct or misconduct risk. Corlytics analysed over a million data points, calculated via 60,000 cases with 50-160 data points per case, examining conduct of business enforcement actions published between 2012 and Q1 2018. Corlytics then further examined systemic issues between 2016 and Q1 2018 including those from US, Europe and Asia1.
Senior managers under pressure to drive better behaviours
The Financial Stability Board (which operates under the aegis of the G20) has a supranational mandate to focus on misconduct driven by its sheer persistence in the marketplace. Post crisis instances of misconduct have ranged from conspiracies to manipulate markets to widespread retail mis-selling with penalties including multi-billion dollar fines. As just one measure of misconduct, Mark Carney, governor of the Bank of England, said in March 2017 that ‘Global banks’ misconduct costs have now reached $320 billion – capital that could otherwise have supported up to $5 trillion of lending to households and businesses.”
Specifically, misconduct may further indicate that firms are unable to ensure their employees adhere to other standards, including those for sound risk management. Repeated and severe misconduct has implications for the financial system and has potential linkage to financial stability issues.
The approach to managing and mitigating conduct risk is evolving. The link has been made between conduct risk and compensation structures and there is a growing swell of regulatory change to increase the personal liability of senior managers to drive consistently better behaviours in firms.
Compliance oversight under pressure
Analysis of Corlytics data covering the misconduct elements in enforcement actions published by key regulators from around the world has highlighted some key trends and takeaways for senior managers, including:
- Disclosures and communication is the major root cause of misconduct penalties, accounting for 40 percent of the number of fines levied by regulators and three quarters (77 percent) of the total dollar amount of fines levied over the last six years. Implementation of major regulatory reform ranging from GDPR to MiFID II/R heightens the need for even greater focus on this area. Transparency is a key global regulatory theme requiring senior manager attention to ensure appropriate disclosure to both investors and customers.
- On average, at least one individual has been fined for misconduct every week for the last six years. This is set to increase substantially as individual accountability regimes are rolled out by regulators around the world. The top three fining authorities globally are Australia’s ASIC which has fined 159 individuals, UK’s FCA has fined 100 individuals and US CFTC has fined 59. However, the amounts fined tell a different story. The CFTC with 59 fines makes up 14.6% of the number global total of fines (402) yet 52.22% of the total values of fines.
- The top three control failures resulting in the largest monetary penalties in the last two years are underwriting and securitisation processes, compliance monitoring and oversight together with third party oversight. In fourth place is recordkeeping which is likely to feature more prominently in future enforcement activity as senior managers strive to evidence the discharge of their personal accountability and the new data privacy and protection requirements take effect.
- There are distinct regional variations in the supervisory approach towards senior manager misconduct. The US imposes the largest fines in terms of monetary value. In contrast Australia has imposed the greatest number of fines against individuals over the last six years, even before the new Banking Executive Accountability Regime and results of the Royal Commission into misconduct take effect.
- The international focus on misconduct will remain high on boards’ and regulators’ agendas. The FSB’s 2018 toolkit to mitigate misconduct risk has set the future benchmark for both firms and supervisors in seeking to raise standards and strengthen governance frameworks in the financial services sector.
- One in three of the non-financial penalties imposed for misconduct include an element of remedial action and redress. In addition to the often-significant operational impact of an enforcement action including the need for substantial senior manager involvement, in the last couple of years redress and restitution costs have added an additional third to the overall financial cost of misconduct penalties.
- The top three sectors most frequently fined for misconduct over the last six years are wealth management, retail lending and mortgage lending, reflecting the global regulatory focus on the need for consistently good customer outcomes.
- Regulators around the world will expect greater use of incentives and compensation practices in addressing future misconduct risk. It has become a boardroom priority with the FSB making clear that accountability for misconduct lies, first and foremost, with board of directors.
- Conduct of business concerns and specifically the costs of persistent misconduct remain key regulatory priorities. Regulators are tackling the issues arising through a variety of means including policy changes to enhance the potential for personal liability when a breach occurs.
- In an increasingly data driven and technologically enabled world senior managers that do not make use of relevant data and analytics will not only find conduct of business issues increasingly challenging but may well be asked by their regulators why they have not deployed appropriate solutions to aid both compliance and evidence of compliant activities.
John Byrne, CEO of Corlytics, comments: “Firms across the financial services sector face a huge challenge in not only implementing cultural and conduct changes but in measuring their culture and conduct risk. Then being able to demonstrate that to regulators, shareholders and customers.”
He continues: “To manage conduct risk, firms need to stay ahead of the regulatory curve by using high quality relevant data to not only analyse the key regulatory risks, lessons and priorities from past enforcement actions and key regulatory publications.”