• No results found

Conduct risk and IAD

N/A
N/A
Info
Downloaden
Protected

Academic year: 2022

Share "Conduct risk and IAD"

Copied!
32
0
0

Bezig met laden.... (Bekijk nu de volledige tekst)

Download het nu ( 32 pagina )

Hele tekst

(1)

Conduct risk and IAD

Do you have the current developments on your radar?

Tessa Sprokkel & Ksenia Yuzhanova

(2)

Agenda

Ø Introduction

Ø Conduct risk defined Ø Quick Quiz

Ø EY’s view on conduct risk

Ø Conduct risk & IA – research results

Ø Conclusions & Recommendations

(3)

Ø Introduction

(4)

Research question:

“How is conduct risk currently addressed by the Internal Audit?”

Introduction: Research EY/IIA

Data collection method:

§ Interviews with the heads of IA departments

§ Detailed questionnaire

Research goal:

§ Conclusions and recommendations

§ Publication of research paper

(5)

Ø Conduct risk defined

(6)

Conduct risk aspects

Behavior

Reputational risk

Soft controls

Bribery

Fraud

Conflicts of interest

Code of conduct

Stakeholder Management

Corporate Governance

Ethics

Sales practices

Culture

Responsible

(7)

“…with great trust comes great

responsibility….banks should treat their customers fairly when providing various services and financial products to them, and should stand in customers’ shoes in pursuing profit.”

(Norman Chan, HKMA, October 2015) Supervision of behavior and culture has proved to be a valuable supplement to the more traditional forms of supervision, as it addresses the causes of behavior that impacts the performance and risk profile of financial institutions and

consequently on financial stability (The Dutch Central Bank, September 2015)

Increasing regulatory focus

Ø Treating customers fairly has evolved into the more broader term conduct risk

Ø Broader questions are now being raised about where conduct risks arise and how they are managed

Ø New areas of discussion include culture, behaviour and ethics

(8)

Customers

Ø Central focus point of the conduct risk

Ø Increasing focus on vulnerable cust omers

Suitability aspect: ensure right customer buys right product.

Informat ion asymmet ry

Unsuit able product s and services

Remediat ion

Embedding a culture which places consumer interests at the heart of the business will ensure the protection of consumers, market integrity and effective competition.

Competition

Ø Promoting healthy

funct ioning of market s e.g.

innovat ion.

Ø More client specific products and services (cust omer

value).

Markets

Ø Focus on price transparency, market abuse and financial benchmarks.

Ø Protecting and enhancing the int egrit y of market s

Ø Helps to regain the trust in corporat ions

High ent ry barriers t o t he market

Innovative culture

Supply and demand misalignment

Cult ural and conduct improvement s

Communication to society

Manipulat ion of informat ion

Typical challenges Typical challenges Typical challenges

The main focus is on customer conduct risk

(9)

Conduct risk: a hot topic in the news

(10)

Institutions and frameworks focus on conduct risk

FSO Non-FSO

(11)

Ø Quiz

(12)

Quick Quiz #1

What is the total conduct-related fines and charges for the 15 largest global

banks between 2011 and 2016?

A B C D

€ 330 million

€ 988 million

€ 198 billion

€ 733 billion

(13)

Quick Quiz #2

What should be integral to firm’s conduct risk frameworks?

A B C D

Consumer Protection and market integrity Market integrity

Consumer protection Business revenue

(14)

A B C D

Benchmarking and price manipulation Misuse of information

Collusion Bribery

Quick Quiz #3

Which of these is not

a type of market abuse?

(15)

True False

Quick Quiz #4

True or False?

US regulators do not officially recognize Conduct

Risk as a term.

(16)

Ø EY’s view on conduct risk

(17)

Definition &

Mission Statement

Existing Risk Management Frameworks

Management Components (based on firm’s unique business model)

Setting and execution of strategy and business planning

Senior Management accountability and governance

Assessment, review and challenge (from business and 3 LoD) Risk Identification, Management and Mitigation

Clients / customer Markets Competition

Culture Values

EY’s conduct risk framework

Moving towards a strategic based approach

Important notes:

Ø Align conduct risk with ERM framework

Ø Set a risk appetite for conduct risk

Ø Align conduct risk with

mission statement

(18)

Delivering and embedding a Conduct Risk

framework is the responsibility of the business…

Culture

Customers / Clients

Conduct should never be ‘outsourced’ to the risk functions….

First Line Front Office Second Line Compliance, Risk & HR

Internal Audit

Provides independent testing and verification the operating effectiveness of the Conduct Risk Framework (recent focus on outcome testing)

Third Line Internal Audit

Board and Executive Management

Leverages conduct risk MI for decision making

Accepts, transfers or mitigates identified conduct risks

Establishes risk appetite and evaluates BU strategy on a risk- adjusted basis

Business Units

Identifies, manages,

mitigates and reports on risk using Conduct Risk

Assessment

Consider conduct risk in strategy assessments

Metrics review

Compliance

Interprets regulations and advises on prioritizing conduct risks

Develops and monitors policies and procedures

Human Resources

Designs and monitors the onboarding and performance management processes

Collects behavioral related data to share with the front office and risk

Risk Management

Designs and deploys the overall risk management framework

Compiles reports and escalates risk/control issues

(19)

Embedding conduct risk in the risk culture

Culture and conduct risk are interconnected

Ø A strong culture leads to fewer conduct failings and helps to mitigate conduct risk Ø Failures related to conduct risk may be an

outcome of a weak culture

Conduct risk

Culture

(20)

View on EY’s risk culture framework

Strengthening culture includes using

culture mechanisms and enforcement of behaviors

Advocate

Adaptable

Communicative

Ethical and compliant

Lead and influence

Analyse and interpret

Collaborative

Responsible and accountable

Behaviors

Risk framework

Communicating the right message

Establishing the right environment Providing the right

motivations

Taking the right risks

Employee life cycle

Rewards

Risk transparency

Risk appetite

Tone from the top

Risk behaviours

standards Roles and responsibilities

Risk

governance Organisation Leadership Incentives

Mechanisms Correlation

(21)

Ø Conduct risk & Internal Audit –

Research results

(22)

How would you respond to these questions?

Do we have a framework in place to manage, measure and analyze our Conduct Risk exposure?

What is our definition of Conduct Risk?

Do we understand those “moments that matter“ particularly prone to Conduct Risk?

Do we have early- warning indicators for misconduct in place?

What is our Conduct Risk

appetite? Do we have appropriate data

in place for implementing predictive controls?

Do we have adequate controls in place, and are they effective?

Are we confident we nurture the right culture of risk awareness and business ethics?

(23)

“Our integrity department is responsible for conduct related policies.”

“The risk department can support the business in managing conduct risk.”

Three lines of defense:

Who is to address the conduct risk?

“We like to limit ourselves on internal behavior.

Management should focus on external aspects.”

“The business is responsible for managing conduct risk.”

“Line managers are responsible for managing conduct risk.”

“We spend a lot of time on auditing the approach the organization takes with regard to culture and behavior.”

“When we perform audits, we take conduct risk as a separate risk area.”

3

rd

Line

(Internal audit)

2nd Line

(Group Functions)

1st Line

(BUs)

(24)

How do you address conduct risk in the audit plan?

Conduct risk in IA plan

FSO

Special audits related to

conduct

Behavioral root cause

analysis

Product lifecycle

process

Non-FSO

What is relevant

(25)

►Reactive

►Backward looking perspective

►“We only do audits on culture and

behavior when it turns out to be a key risk”

►Proactive

►Forward looking perspective

►“We need to be ahead of the curve”

How do you react to conduct risk?

FSO

Non-FSO

(26)

What is the foundation for your approach to conduct risk?

Bottom-up regulations

Less regulatory bodies involved

Investigate the relevant topics

Not easy to say that change is needed

FSO Non-FSO

Top-down regulations

Basel Committee, FASB, AFM

Tick-box approach

Easy to say that change is needed

(27)

What are your challenges for the future?

FSO Non-FSO

Shared Challenges

Ø Unpredictable regulations

Ø Unpredictable public opinion

Ø Creativity needed

Ø Data analytics Ø Regulatory burden

Ø “Wrong behavior” in the past

Ø Robotization

Ø Tick-box approach

Ø No standards

Ø Focus on hard controls Ø Limited budget

Ø Lack of specialists in the topic

Ø Support of the board

(28)

Ø Conclusions &

Recommendations

(29)

Research conclusions

Conduct Risk areas are evolving, encountering challenges

Internal Audit Department in the right place to tackle developments

Large difference between industries

Increasing importance of data analytics

Priorities not always clear

(30)

Recommendations

Role of the IAD

Ø Managing and mitigating conduct risk integral part of IA plans

Ø Asses whether controls in place are adequate and effective to mitigate risk

Ø Assess whether the organization has the right forward-looking view

Lessons learned

Ø Need to establish robust framework to manage conduct risk.

Ø Beyond regulation: to be embedded in strategy, values and culture.

Ø More and more forward looking: greater emphasis on reporting and data analytics.

Learn from each other!

(31)

Ø Your questions?

(32)

THANK YOU!

Referenties

Download het nu ( PDF - 32 pagina - 2.62 MB )

GERELATEERDE DOCUMENTEN

A risk culture comparison between risk practitioners and business managers

When external auditors identified a lack of buy-in into risk management in a telecommunications organisation and gave a ‘risk immature’ rating, it aligned with the

Risk culture in support functions at a government department

No significant differences in risk management culture perceptions were found among employees in the support functions although the Finance function reported a higher

Risk Formation and Management in International Business

The aim in this study is to investigate whether changes in institutional variables will explain political risk formation in developing countries. For the past

The Distributed Conduct of War

Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of

What can controllers and internal auditors do to support risk ownership?

Given the first letters of objectives, uncertainties and doing, the three questions will be easy to remember as OUD-questions. Second and third line professionals may train

RISK MANAGEMENT AND ORGANIZATIONAL CULTURE: TOWARDS AN UNDERSTANDING OF MANAGING THE RISK CULTURE

It is introduced that the risk culture of firms may form a key element in understanding where to improve risk management and to guide appropriate

Calculating the Equity Risk Premium and the Risk-free Rate

The future market risk premium is based on the Dividend Growth Model, using data from Bloomberg, and is based on the average of the last three years’ of long-term Dutch data.. 4.2

Risk Communication: Risky Business in a Risk Society

In this section, the importance of institutional trust will be discussed in relation to risk communication, as well as communication needs, citizen participation, and