Choose to know


Choose to know

Are you in? Conduct – it’s everyone’s responsibility 

Making an active and decisive choice to know what is happening at the coalface of your business begins with examining sales practices to ascertain whether good customer outcomes are consistently achieved.

Leaders who choose to know should make the required investments to enhance monitoring and supervision capabilities to be predictive and preventative.

Are you in? Conduct – it’s everyone’s responsibility

Find out where your sector sits

Choose to know

Conduct vulnerability inventory

Choosing to know and choosing to act

When organisations are called upon to defend their reputation they should have ready a reasonably defensible position. This means being able to demonstrate proactive efforts to find and fix conduct vulnerabilities.

It's not a machine

Organisations have all the characteristics of complex living systems - not of machines. They need constant care and attention like humans do, and possess the same fears, biases, ambitions, strengths and weaknesses that all people can relate to.

There is widespread acknowledgement of the eco-systemic nature of organisations. However, risk management practice - specifically monitoring - has been slow in responding to the implications of a systemic view of organisations where the margins for error are small and the consequences great.

It is often useful to think of vulnerability in organisations in medical terms. For instance, would it be good medical practice to have an acceptable risk tolerance for cancerous skin lesions because they are small isolated events? Of course not, but organisations seem to tolerate such thinking when it comes to monitoring and supervision - this is because organisations are thinking in mechanical, not systemic terms.

The power of the 1%

To lead on conduct, organisations need to think like doctors do when examining a patient. We need to recognise, like in medicine, the power of the 1%. Organisations are judged by the 1% of what goes wrong, not the 99% of what goes right. It is the 1% that has the potential to compromise the entire organism.

That means organisations need to invest in finding the 1% of issues in good time, and doing something about them with speed and urgency.

Working within the limitations

The limitations of the mechanical model of risk monitoring is also compounded by an over-reliance on compliance when addressing conduct matters. Of course, compliance is important, yet, because the pace of social regulation is much more rapid than the pace of formal regulation, compliance driven conduct and reputation risk management approaches generally fall short.

The law follows the ethics of society and people expect companies to behave in a certain way, often long before such behaviour is regulated.

What every company in every sector should realise is the strategic value in choosing to know - comprehensively - and then choosing to act - decisively. This means identifying all known and suspected vulnerabilities and listing them. This inventory must be an honest and robust assessment of the known and suspected conduct vulnerabilities in the organisation.

Identified vulnerabilities must also be coupled with effective remedial action and dealt with in a timely fashion. Nothing is more damaging than vulnerabilities that are known for some time, yet not acted upon quickly.

A further benefit would be to revisit this inventory on at least an annual basis to make sure it is current and relevant to changing circumstances.

Working within the limitations

Having a systematic approach to identify and address vulnerabilities is key to building a reasonably defensible position when facing market conduct queries.

A vulnerability inventory may focus on:

  • Products - terms and conditions, target markets, uptake, marketing and complaints
  • Distribution - commissions and fees, third party referral fees, volume incentives, soft dollar payments
  • Customer experience - protections for vulnerable customers, transparency and informed choice
  • Systems and governance - platform limitations, policy formulation, resourcing, as well as governance oversight structures.

The creation of a conduct vulnerability inventory will go a long way to building a business culture that deals with unaddressed risks, searches them out, and then fixes them comprehensively. This is a culture not based on trying to comply with regulation, but a culture grounded in ethical leadership and social duty which results in regulatory compliance should the behaviour in question ever become regulated. It is a subtle but important shift in emphasis.

Case study spotlight

A financial services company applied standard risk management methodologies to its credit book. The company was satisfied that its book was performing and that non-performing loans were within the appropriate risk appetite.

After receiving a series of complaints, the company discovered that a small percentage of loan approvals were not responsibly granted. It turned out that affordability assessments were poorly done and some of those borrowers were entitled to hardship relief they did not receive.

Although this accounted for much less than 1% of its total loan book, the company has spent many millions in direct remediation costs, and millions more in lost management focus in dealing with this risk, instead of growing and cultivating a thriving organisation.

If they spent a fraction of the remediation costs on building a proactive conduct vulnerability inventory, the company would have saved millions in direct and opportunity costs.

Read more

Choose to know

Enhanced monitoring and supervision

A focus on being more predictive and preventative

By having a complete and enhanced picture of your organisation through robust monitoring and supervision, you can continue to put your best conduct foot forward.

Possessing enhanced monitoring and supervision capability is at the heart of the conduct conversation as it can deliver sound understanding of the end-to-end processes and stakeholder outcomes.

However, a common theme with monitoring and supervision practice is often its ineffectiveness. During almost a decade of global focus on conduct, the number of conduct scandals have multiplied in spite of billions of dollars of investment in controls and more stringent regulation.

Under these conditions of waste and ineffectiveness, enhanced monitoring and supervision is a commercial strategic imperative worthy of attention on every board and executive committee. It is not only about more effective risk management but also about ensuring a proper return on your control dollars.

You cannot control yourself out of something you behaved yourself into

Culture will always trump control. Which means monitoring and supervision requires a more strategic - leadership driven - and less operational approach for its success.

Imagine a world where monitoring is more systems driven and risk-based. Where technology improves the quality and availability of compliance books and records, and data analytics allow organisations to spot opportunities for growth and predict risks before they occur. This is already possible.

Opportunity orientated monitoring and supervision

Conduct monitoring focuses primarily on risks or, more accurately, compliance with regulatory inputs. Ironically such an approach may result in poorer compliance. This is not to say that compliance is not important - but that a different approach is needed to achieve better conduct outcomes.

A more effective approach is to focus on stakeholder outcomes - what actually happens at the coalface. Most fundamentally, it enables organisations to identify opportunities for growth and improvement - for making organisations better - and in the process - address risk. In the majority of cases an outcomes and opportunity based approach to conduct addresses risks and regulatory compliance as well. The reverse is not true. A compliance approach to conduct does not necessarily recognise growth opportunities.

Using data to understand stakeholder outcomes

In order to understand granular outcomes at scale, data analytics plays a fundamental role. Proper use of data allows for screening of entire populations instead of small, random and unrepresentative file samples being drawn for monitoring purposes. Such an approach is inaccurate to spots risks, is usually blind to opportunities and at best, reactive, and prone to lull organisations into a false sense of security that proper monitoring has been performed.

Through the use of data analytics, populations can be segmented into categories. This means that monitoring can become targeted and efficiently directed to where issues and impacts are more likely to be greater, than in other lower impact areas.

The key is to ensure that the data is presented in 'real-time' and not on an ad-hoc basis. This means business processes, and in particular customer interactions, need to be better technology enabled. Business platforms that are technology enabled provide the foundation to better data, which in turn enables better monitoring, and supervision.

The magic lies in being able to turn data and insights into a repeatable process in order to support a consistent monitoring and supervision approach.

Show me the file

Monitoring and its support through data, should coincide with concerted efforts at better records management. Again, technology such as robotic process automation, block-chain and cloud-based records warehousing provide significant opportunities to improve record keeping, at scale and at lower costs.

The importance of books and records cannot be overstated. Regulators may talk culture, but they support it in books and records.

Being able to demonstrate adherence to the highest principles of good conduct and ethical business practices in an agile and bureaucratically lean way, requires careful planning and appropriate professional advice.

Monitoring is not a standalone

There needs to be organisational infrastructure to receive monitoring insights, and then enable the organisation to act upon what it has learned. Some organisations do have the ability to know what is happening at the coalface. Yet, somehow they cannot find the will and resolve to act in a timely and comprehensive fashion.

It may be that the information received is too fragmented to recognise the opportunity or the threat, or that those that receive it do not have the mandate to do something about it. For this reason a supervision program forming part of a larger conduct framework is so important.

Once monitoring data is received the conduct framework specifies what is to be done with the information: how is it reported, where is it tabled, who is responsible, where can employees blow the whistle on observed misconduct, where can customers lodge complaints and what is done with these reports.

Case study spotlight

A large organisation had two divisions. In one division it operated a monitoring and supervision framework that was very deeply compliance driven and reactive in its approach. Results were tabled at the divisional risk and compliance committee, with limited wider organisational impact.

The other division elected to take a conduct approach and initially incurred greater cost to enable it to understand customer outcomes and build the supervisory framework to oversee monitoring at the executive level of the organisation.

The first division failed to predict or prevent significant conduct concerns and was often subject to distracting regulatory scrutiny.

The other division made greater investments initially, but then had better predictive infrastructure and managed to anticipate most conduct concerns, and fix them, before regulatory action was an option. Instead of being distracted by regulatory investigations, management could focus on growing the organisation.

Read more

Explore further conduct themes:

Did you find this useful?