conduct risk – what corporates can learn from the financial sector

Conduct Risk – What can corporates learn from the financial sector?

SHINE Webinar

6 July 2017Lee O’Connell MScCorporate Compliance Director

Eversheds Sutherland | 10 July 2017 |Eversheds Sutherland | 10 July 2017 |

Overview

Conduct Risk – What can corporates learn from the financial sector?SHINE Webinar

An introduction to Conduct Risk

Issues in the Financial Services (FS) sector

Lessons learned

Relevance to non-FS corporates

Implementing the lessons learned for non-FS corporates

A compliance programme for corporates

2

An introduction to Conduct Risk


An introduction to Conduct RiskSHINE Webinar

What is conduct risk?Risks attached to the manner in which firms do business. These may

include:• The treatment of customers• The remuneration of staff• How you behave in the market• How you deal with conflicts of interest

These risks are likely to be associated with a firm’s:• business model and strategy• culture & behaviours• governance

4


An introduction to Conduct RiskSHINE Webinar

Poor conduct in the FS sector:• Financial penalties from regulators;• Expensive remediation programmes;• Reputational damage;• Criminal convictions.

Relevance to corporates outside of FS?• Different regulatory context, but there is read across. The most obvious

examples relate to issues such as: anti-bribery & corruption; sanctions; competition; and markets compliance.

• The FS industry has invested heavily in organising their businesses in a way which will mitigate against conduct risks. Corporates in other sectors can learn from this.

5

Issues in the Financial Services sector


Issues in the Financial Services sectorSHINE Webinar

Mis-selling• Products: PPI, interest rate swaps, mortgage endowments, pensions,

packaged bank accounts. • Estimated Cost: £57bn in penalties and redress since 2000

Treatment of customers• Foreclosure abuses in the US• Penalties: USD 25bn in 2012

Market Abuse• Examples: LIBOR fixing, manipulation of foreign exchange rates.• Penalties: £17bn since 2012

Sanctions• BNP Paribas – USD 8.97bn settlement with US authorities in 2014

AML• HSBC – USD 1.9bn settlement with US authorities in 2012

7

Lessons Learned


Why did things go wrong in the FS sector?SHINE Webinar

Senior management did not “set the tone from the top”

Inadequately defined corporate expectations and risk appetite

A focus on the short term gains

Inappropriate incentivisation of staff

Lack of individual accountability

Poor governance, systems and controls

9

The relevance to non-FS Corporates


Non-FS corporates are exposed to similar risksSHINE Webinar

Mis-selling• VW emissions scandal• Cost: USD 20bn

Treatment of customers• Npower Ofgem findings of mishandling billing issues and complaints• Penalty: £26m (2015)

Market Abuse• Google internet shopping antitrust finding in June 2017• Penalty: EUR 2.42bn

Sanctions• Chinese telecoms firms fined in US for breaching sanctions on Iran• Penalty: USD 1.19bn

Bribery & corruption• Worlds largest meatpacker agreed to pay a record setting $3.2bn fine for

its role in corruption scandals in May 2017

11


Factors for FS-Corporates to considerSHINE Webinar

Ever increasing regulatory burden on unregulated sectors• AML• Sanctions• Anti-bribery and corruption• Competition and markets• modern slavery act• Data privacy • Health and safety• Advertising standards

The internationalisation of regulation• Cross-boarder business may have more than one regulator• Increasing international cooperation between regulators

Regulators in previously light touch sectors gaining more teeth e.g.• Ofgem (SSE Plc shares slide)• Ofwat• Ofcom

12

Implementing the lessons learned for non-FS corporates


Why is culture important?SHINE Webinar

It is the key determinant of employee behaviour within an organisation

Without cultural integrity, ethics and compliance programs are seen as “tick-box” exercises or “obstacles” to business

Corrupt leadership or influential insiders will permeate a culture of bad practice throughout an organisation

Behaviour breeds behaviour

Good culture leads to satisfied customers, increased marketshare and better brand recognition e.g. John Lewis

The ‘Tone from the top’ is crucial in addressing ethical risks and fraud – it should set the culture of ethics and compliance throughout an organisation

14


Setting the tone from the topSHINE Webinar

Tone (and attitude) from the Top – not just talking the talk! Do as they say

Risk appetite “What would a conduct risk appetite look like: no more than two attempts to

manipulate global benchmarks? No more than £10m of products mis-sold that day?… Clearly a statement of conduct risk appetite on this model does not work…. [the appetite for conduct risk] can only be zero” (December 2014, Martin Wheatley, then Chief Executive of the FCA)

Lead by example, understand the culture

15

Consistent and visible executive sponsorship for ethics and compliance

Reward and recognise good behaviours

Enforcement for bad practices – open and transparent

Embedded systems and processes to support ‘Tone’ as BAU


Getting the culture rightSHINE Webinar

16

The Top 10

1. Organisational Values 6. Accountability

2. Tone at the Top (or attitude) 7. Recruitment practices3. Message consistency 8. Incentives & rewards4. Middle Management 9. Procedural advocacy 5. “Speaking up” 10. Actions and enforcements

A compliance programme


Risk & Compliance Programme

Prevention Methods

Detection Methods

Response Methods

Stakeholder buy-in

Organisation aligned

Responsibility & Oversight

Compliance Policy

Training & Awareness

Risk Assessment & Due Diligence

Monitoring & Audits

Regulatory Compliant

Enforcing & Rewarding

Integrated Approach & Technology

Clearly defined code of conduct

Defined policies / Core Standards

Training & employee engagement

Management Implementation and review

Establishing business specific compliance policies

Input to risk assessment

Incorporation of learning from investigation

Feedback on benchmarking

Technology

Support for early warning

Review and reporting to management

Hotline

Risk assessment triggers

Risk based audit

Due diligence

Third party screening

Effectiveness verification

Investigation and action

Investigations policy

Support in the legal team

Monitoring and follow up

SHINE Webinar

Driven by a governance and cultural change strategy

What good looks like?


U.S. Department of Justice FrameworkSHINE Webinar

Evaluating Corporate Compliance Programs – The 11 steps 1. Analysis and Remediation of underlying misconduct

2. Senior and Middle Management

3. Autonomy and Resources

4. Policies and Procedures

5. Risk Assessment

6. Training & Communication

7. Confidential Reporting and Investigation

8. Incentives and Disciplinary Measures

9. Continuous Improvement, Periodic Testing and Review

10. Third Party Management

11. Mergers and Acquisitions (M&A)

19


The DriversSHINE Webinar

Consider: Board endorsement and leadership

Right culture within the organisation

Proper and proportionate systems and controls

Monitoring and review

Third Party Vendor Management

Questions:

1. How do you identify the conduct risks within your business?

2. Who is responsible for managing the conduct of your business?

3. What support mechanisms do you have to improve conduct?

4. What Board and committee oversight of conduct is in place?

5. Are bonus and incentives schemes working for the good of the company?

20


What it means for compliance in your department?SHINE Webinar

Conduct Risk programme: highly visible CEO sponsorship together

with engagement and challenge by the Board

regular discussion at Board level of conduct and culture

senior executives taking leading roles in conduct risk design covering all functions

detailed roll-out plans with clearly defined short-term and long-term goals

clear ownership and responsibility for programme implementation by senior executives, sometimes supported by conduct specialists within the organisation

programmes integrated within strategic or operational risk management frameworks

use of a standardised conduct risk self-assessment process across the firm

21

a firm-wide taxonomy for conduct risk types, enabling consistent data capture and risk reporting

a forum to compare conduct risk across business lines and functions

active engagement by internal audit, including monitoring conduct risk and early stage effectiveness

training, promotion, performance management and remuneration all linked to conduct and culture objectives

long-term conduct risk initiatives becoming fully embedded in business as usual

for international firms, adoption or at least support of the UK conduct risk programmes from the head office


Questions?

22

eversheds-sutherland.comThis information pack is intended as a guide only. Whilst the information it contains is believed to be correct, it is not a substitute for appropriate legal advice. Eversheds Sutherland (International) LLP can take no responsibility for actions taken based on the information contained in this pack.

© Eversheds Sutherland 2017. All rights reserved.

Lee O’Connell MSc CIACorporate Compliance DirectorEmail: [email protected]

Tel: 029 2047 8012Mob: 0778 900 5320

Eversheds Sutherland (International) LLPOne Wood StreetLondon EC2V 7WS

CAR_LIB1-#13517375CAR_LIB1-#13517375

mailto:[email protected]

conduct risk – what corporates can learn from the financial sector

Law