Choose to act

Article

Choose to act

Are you in? Conduct – it’s everyone’s responsibility 

Optimising the complaints management process is an effective way to ensure rapid and demonstrable improvements in customer centricity.

Complaints management gives customers the opportunity to voice concerns and appeal for redress. Employees, suppliers and business partners should be given the same opportunities through reward and discipline as well robust whistleblowing.

Are you in? Conduct – it’s everyone’s responsibility

Find out where your sector sits

Choose to act

Conduct governance

Who is driving and overseeing your conduct framework?

We don't need to look too far to find organisations that knew about core conduct concerns, but could not find the leadership and ability to act with speed to resolve these concerns.

Building the ability to act

The careers of leaders are often made or broken by their action or inaction in the face of a conduct crisis. For executives and non-executives alike, finding the will to act is essential to ensure conduct risks are proactively mitigated and conduct opportunities are seized in a timely fashion.

In larger organisations, this is easier said than done. Executives have to contend with scale, complexity, and a diversity of priorities competing for airtime and resources. Also, due to operational silos, information can be fragmented - reducing the ability to connect the dots and produce a holistic appreciation of the risks and opportunities.

The choice to act is of such strategic importance, that it may require your organisation to make structural and resource changes to how conduct has traditionally been managed.

Does the status quo work for tomorrow?

It's time for leaders to ask the difficult questions.


  • Do teams truly work towards common conduct goals?
  • When and where in your organisation do the product designers, marketers, distributors, information technologists, risk and compliance and customer care specialists sit around the same table to review and solve for conduct risks and opportunities?

Traditional approaches to risk governance tend to be functionally orientated rather than centred on product and customer life cycles. Let's take IT and risk as examples. IT people tend to gather in IT governance forums to discuss and oversee IT. The same can be said for risk and compliance people gathering in risk committees to oversee risk and compliance. But, what if a deficiency on an IT platform generates a conduct or regulatory risk? Or the solution to a regulatory risk deeply impacts IT platforms and budgets?

How agile is the organisation in reacting to challenges that cut across silos? Where are such issues resolved?

A lateral approach is key

An approach where governance oversight is based on the product or sales lifecycle makes much more sense than traditional functional approaches to governance.

If customer centricity is truly a strategy and not just words, then structural elements such as governance committees should be designed to follow a customer lifecycle, which cuts across functions and business areas. That does not mean you cannot retain a functional focus to governance where it makes sense. The larger an organisation is, the more conscious it needs to be in developing governance that connects dots and ties together separate parts of the organisation to common goals. Organisations that cannot achieve this coherency may struggle to act in an appropriate and timely fashion to address known conduct vulnerabilities.

How can you achieve this?

Here are some common themes for effective conduct governance no matter what size your organisation is:

Formalise the conduct focus at the executive leadership level

Out of sight out of mind, the saying goes. Therefore, ensure that conduct is a standing item on your executive committee agenda. Conduct needs a place on the most senior business body in an organisation. This is usually the executive committee comprising the CEO and his or her immediate team.

A standing agenda item on conduct signals intent, and builds discipline and the right language around conduct matters. This is vital considering how rapidly social expectations on conduct are evolving and how impactful regulatory and reputation risks can be when organisations fail to act in time.

Importantly, an executive committee is also the one body in an organisation where the lifecycle of the customer is best represented - finance, marketing, sales, risk, and strategy sit around a single table with a mandate to make firm-wide decisions. That is where you want your conduct agenda point to be.

In some organisations, the scale and complexity of conduct risks and opportunities warrant the creation of a dedicated conduct body - a so called conduct executive committee.

Instead of only having an agenda item on conduct, the executive team dedicates time in a separate meeting solely focused on conduct and ethical business practices. To make such meetings meaningful there needs to be dedicated managerial responsibility for conduct programs.

Appoint a conduct officer

If the strategic value in acting on conduct risks and opportunities is significant enough, you should consider how to ensure managerial ownership of the conduct framework. It is certainly true that if you combine talent with focus, you get results.

While good conduct is the responsibility of all employees, someone has to take responsibility for the design and management of a conduct framework. Committees do not manage - they oversee. Individuals manage.

The right person for this part-time or fulltime role will be someone with strategic vision, commercial insight, and access to sound regulatory advice when needed. If your organisation has elevated to high conduct impacts, consider a fulltime role so you can truly own the conduct conversation and explore its strategic opportunities.

People in this role can be called ethics, integrity or conduct risk officers but what is common to the role is that they are a member of senior management in charge of an overarching framework on conduct and ethical business practices aligning strategy, policy, platforms, and monitoring standards and activities. It may also mean, in some cases, an expanded mandate to customer advocates.

Ensure board focus on conduct

Boards should also have conduct as a standing agenda item, whether part of the audit, risk or main board committees.

In some countries, a separate ethics and conduct committee at board level, is a statutory requirement for organisations above a certain employee population size and revenue.

Whatever the format, a board must be able to take comfort that there is adequate investment in knowing, and adequate investment in acting within the organisation. The quality of governance on a board level is largely determined by the quality of governance on a managerial level.

The key is to ensure that conduct governance is bottom up, and that there is granular management attention to conduct vulnerabilities in the organisation, with someone, whether part time or full time, responsible for a coherent conduct framework that is actively managed and capable of producing reliable governance information.


Case study spotlight

The chairman of a major banking group foresaw the rise of regulatory and reputation risk on conduct matters and actively encouraged the creation of a conduct office. This office, led by a senior member of management with a direct reporting line to the board, designed and embedded a conduct risk framework across several countries and divisions of the bank.

This bank, with the right leadership focus and governance on conduct and ethical business practices, was able to avoid the major conduct scandals that plagued the banking industry.

While their competitors were mired in regulatory action and suffered reputation damage, this bank could focus on growth and leading the market, which is convincing evidence that investment in prevention is never more expensive than reactive remediation.

Read more

Choose to act

Root cause remediation

Fix to improve and prevent

With conduct vulnerabilities, the key is to fix any issue fast. Don't wait for a problem to fester for months or years because with every passing day it will be more difficult and costly to resolve.

Raising the bar on remediation

Remediation is fundamentally the fixing of a firm's failure to meet its stakeholder obligations. These obligations are often subject to regulation or regulatory scrutiny.

Ideally, organisations should fix concerns as part of normal business-as-usual improvement activities. Yet occasionally a conduct concern is so significant that it needs dedicated operations and resources to be corrected.

Remediation can mean anything from the issuing of new documents to financial compensation - and is determined on a case by case basis.

It is always better to be proactive and avoid remediation.

However, if remediation is required it is best done with experienced assistance, and with a learning mindset. The lessons learned from remediation usually have wider application in the organisation, and if correctly applied can help an organisation to continuously improve its broader business operations and prevent future remediation.

Set standards and ensure oversight

Finding elegant pragmatic solutions to remediation problems comes with experience and it is for this reason that remediation without the benefit of experienced professional advice or assistance is not recommended.

It can be difficult for organisations to master both the technical and operational requirements of remediation while running a going concern. Depending on scale and complexity, it is a bit like running a small factory within a factory, where many issues arise frequently.

Setting up remediation policy, principles and governance are important first steps to clarifying remediation objectives, ensuring that there is a consistency of approach and appropriate oversight.

Resourcing for success

Setting clear remediation objectives is crucial to ensuring that remediation will meet regulatory expectations, but also, to ensuring resourcing of people and technology can be accurately calculated.

The processes, tools and infrastructure for remediation can be a costly so it is important to be precise. It may also be necessary to consult with actuaries and statisticians to ensure remediation populations and compensation amounts are correctly calculated.

Each sector has unique remediation causes and requirements. Here are some examples

  • Financial advice has been subject to remediation related to the appropriateness of the advice as well as fees and charges
  • Non-bank credit providers have been subject to responsible lending related charges
  • Franchises have been subject to remediation related to the accuracy of salary payments to employees of franchisees
  • Energy providers have been subject to remediation relating to fees and charges.

Sectors most at risk of remediation seem to be running decentralised business models, with poor record keeping, and without proper monitoring and supervision in place.

Ready for robust remediation?

Organisations should not drag their feet or bury their head in the sand when it comes to uncovering and tackling conduct issues.

It is always better to prevent rather than remediate. But when organisations do need to remediate, it is always better to do so with urgency and impact.

Similarly, voluntary remediation is better than compulsory remediation - i.e. remediation as a result of regulatory enforcement. A known issue that is not fixed in a timely manner is very damaging.

The cost of doing nothing or doing it only once a regulator forces an organisation to act, can be much more expensive than taking immediate and adequate action.


Case study spotlight

An organisation engaged consultants to design a remediation program. However, the organisation lacked experience and was unable to resource or use the methodology.

The methodology, while legally correct, was not practical and could have resulted in significant unnecessary costs. After reviewing their stagnant program, they contracted an experienced remediation provider who was not only capable of redesigning the remediation principles, policy and governance, but actually provided the processes, tools and infrastructure to get the job done.

The organisation saved a considerable amount of money and managed to satisfy the licence conditions imposed on them by the regulator.

Read more


Explore further conduct themes:

Did you find this useful?