Unit 1 / Section 2 - Core Components Flashcards
What is “The Right Conduct Culture” ?
Driving the behaviours that are required to embed and deliver customer-focused conduct in firms.
What are the activities that firms should consider in their efforts to build the necessary culture?
> Design / develop clear and well-defined statement of policies and procedures, explaining the firm’s culture.
> Risk appetite describes and explains thinking on risk.
> Comms and training continuously instill and reinforce culture.
> Clearly defined roles and responsibilities and expectations.
> Performance reviews and reward structures reinforce accountability.
> Progress to the goals constantly monitored and assessed.
A firm’s ongoing risk management approach must incorporate what three key areas?
1) Embedding risk appetite – tailored approaches to quantitative and qualitative elements and address hard to quantify risks in non-financial risk categories.
2) Drive risk culture initiatives, including tone from the top, better communications, enhanced accountability, and improved risk reporting.
3) Link culture and performance by embedding behavioural criteria into performance evaluation and remuneration assessments. Ethics and control issues central to employee pay and performance decisions.
When did conduct risks and other non-financial risks became priorities?
2014 - 2017
What has superceded conduct risks and other non-financial risks as top priorities since circa 2018?
Cybersecurity and digital transformation risks
According to the FCA Business Plan 2015/2016, what is required for a change in culture?
> Right tone at the top.
> Staff understand and accept the values and practices the firm espouses.
> Processes support and reinforce the culture.
What is the focus of systems and controls evolving into being able to recognise and understand?
What drives conduct, and whether conduct risks are increasing.
What must employees in the business environment understand?
Regulatory expectations and the firm’s own culture and values when it comes to conduct risk.
What are 10 examples of initiatives to monitor and measure conduct risk?
> RCSAs by the business
Risk and Control Assessments by the risk and compliance functions
Risk and Control Assessments by Internal Audit
Improved forward looking conduct risk assessments
Improved data collection on past events
Scorecards developed for conduct risk
Conduct risk broken into component parts for measurement
Improved analysis of intrinsic risks
Improved stress and scenario analysis
Standalone conduct risks modelled separately from operational risks
Firms need to have evidence of their monitoring of those areas they have agreed as being critical success factors, and the evidence should cover…
Operations, market propositions, behaviours and culture, and breaches of policy or regulation
What are 6 qualitative measures which can provide raw data from which conduct management information (MI) can be derived?
> Staff opinion surveys
> Complaint analysis
> Compliance monitoring results
> Internal audit results
> Individual performance objectives
> Internal attestations on culture and conduct risk
** What six key principles must conduct risk MI satisfy?
1) Outcomes-focused - good outcomes achieved consistently
2) Forward looking - potential/emerging as well as materialised risks
3) Accurate and timely - robust, and produced regularly
4) Acted upon - RCA followed by actions that are subsequently tested
5) Efficient - no superfluous info and readily understandable by audience
6) Support strategic decision-making - can be adapted to changes in firm and equal priority to financial MI
What is the main challenge with risk appetite?
Effectively cascading and communicating the risk appetite and what it means in practice. Need to address the mindset of all employees.
** What 9 things must a company have in order to ensure “Good Conduct”?
1) Focus on excellent Customer Outcomes
2) Correct Internal Culture
3) Strong Leadership and Management
4) Policies, Processes and Procedures
5) Systems and Controls
6) Evidence, MI and Decisions
7) Risk Mgmt and Risk Appetite
8) Management (cascade and communicate)
9) Tolerance (alert & response)
What regulatory imperative w.r.t. collation and analysis of conduct data into meaningful MI is in the UK FCA’s Senior Management Arrangement Systems and Controls (SYSC) Handbook, section 3.2.11A?
1) Firm’s must furnish its governing body with the information to identify, measure, manage and control risks of regulatory concern. Three factors for that info are:
> Relevance;
> Reliability;
> Timeliness.
2) Risks of regulatory concern are those risks which relate to:
> Fair treatment of the firm’s customers;
> Protection of consumers;
> Effective competition;
> Integrity of the UK financial system
