Over the last few years, there has been increasing pressure for transparent governance, culminating in an unpreceded swath of royal commissions, reviews, recommendations, and new regulations. As a result, multiple sectors in Australia are in crisis, in large part driven by challenges to set up appropriate risk management systems and respond in line with community expectations.

Commissioner Kenneth Hayne in his Final Report on the Royal Commission into the Financial Services Industry asks business groups to improve management of compliance risk, conduct risk, regulatory risk, and operational risk:

“There exists a culture of complacency and a lack of capability in addressing material matters of (non-financial) risk, including early indicators of emerging risk. These governance gaps exposed businesses and their customers to serious risk and harm.” – Kenneth Hayne

What is conduct risk?

Greg Medcraft, when he was chairman of ASIC, described conduct risk in a speech to the Institute of Internal Auditors as “the risk of inappropriate, unethical or unlawful behaviour on the part of an organisation’s management or employees. That conduct can be caused by deliberate actions or may be inadvertent, because of inadequacies in an organisation’s practices, frameworks, or education programs.”

Conduct risk exists in almost every part of a business. For this reason, it is essential for highly regulated industries (financial, insurance, energy, superannuation and managed funds) to be able to identify, assess, control, manage, monitor, and test conduct risk across three main lines of defence: governance, risk management and compliance.

The impacts of managing conduct risk

We have observed the negative impacts conduct risk management can have on a frontline workforce and their customers with some of Australia’s most recognised brands.

Frontline team members can often feel anger, fear, frustration, stress, and anxiety due to their exposure to conduct risk measures.

Staff members become fearful of providing customers with the quality service a customer needs for fear of making a mistake or breaching compliance requirements or ruining their average handling time.

The flow on effects for customers can be huge. While the reason conduct risk exists in the first place is sound (to safeguard the consumer against unethical behaviour), implementation of conduct risk frameworks can lead to unintended consequences for customers. For example, impersonal, robotic conversations that are highly scripted may lead to customers feeling as though they are not being listened to. Other tactics such as the use of pre-recorded audio played to the customer to tick the conduct risk box, may cause customers to disengage from the conversation all together.

A balance of having truly amazing customer centric conversations with conduct risk and compliance requirements is a challenge to get right. If managed poorly, the impacts are significant.

Culture always wins

A key driver to influencing the way people act is culture.

Culture should be the centre of an organisation’s risk management system. Without a culture of integrity, organisations are likely to view their compliance programs as a set of tick-the-box activities. Even worse, some firms see it as ‘just another thing I have to do’ or a roadblock to achieving business objectives and performance, as we have sometimes seen.

In their article, ‘Corporate culture: The second ingredient in a world-class ethics and compliance program’, Deloitte outlines nine key characteristics in building a culture to support managing compliance and conduct risk, below are four of our favorites:

1. Consistency of messaging: Operational directives and business imperatives align with the messages from leadership related to ethics and compliance.
2. Middle managers who carry the banner: Frontline and mid-level management turn principles into practice. They often use the power of stories and symbols to promote ethical behaviours.
3. Comfort speaking up: Employees across the organisation are comfortable coming forward with legal, compliance, and ethics questions and concerns without fear of retaliation.
4. Incentives and rewards: The organisation rewards and promotes people based, in part, on their adherence to ethical values. It is not only clear that good behaviour is rewarded, but that bad behaviour can have negative consequences.

What are the consequences of getting it wrong?

Regulatory requirements around managing conduct risk won’t disappear anytime soon and the impact of getting it wrong is severe.

Misconduct can result in significant financial costs, including the cost of customer remediation, compensation, and fines. Boston Consulting Group has estimated that banks have paid over US$321 billion in fines since the global financial crisis. This number continues to climb every year.

The reputational damage misconduct can cause is perhaps even greater than the fines, given some reports suggest intangible assets such as IP and brand now account for over 80% of a firm’s value versus 20% forty years ago.

Put that statistic next to AON’s most recent Global Risk Management Survey that shows that the number one risk for an organisation in APAC is damage to reputation or brand, and it is clear there is a compelling argument to make sure your company gets conduct risk management right.

Accepting the challenge

Regulators in Australia are particularly interested in the key origins of conduct failures such as:

• sales and service frameworks
• the conversations employees have with customers
• product disclosures
• the ways that complaints are handled
• the process for remediation
• the ability to report on the entire risk ecosystem.

Finding the right software services and systems to support this challenge is…well…a challenge.

Getting the balance right

YakTrak’s conduct risk solution incorporates all of our learnings and feedback working with clients over many years to help get the balance right between compliance and quality conversations.

YakTrak provides the board, leaders, and teams with real-time insights into the conduct of people – and how this compares to what should be done. YakTrak provides the tools to close the gaps, including encouraging regular employee coaching and human interaction to ensure team members are supported as required.

Managing conduct risk for your organisation? Read more about YakTrak’s conduct risk solution or get in touch with us to find out how YakTrak can support you today.

Photo by Ryoji Iwata via Unsplash