Conduct risk is the threat of financial loss to an organization caused by the poor judgment of managers and employees. Conduct risk management gained more attention in the corporate sector, and especially the financial field, after it was revealed that unethical behavior was a primary cause of the 2007 financial crisis. According to the Financial Stability Board, an international financial regulatory body, a major takeaway from the great recession of 2007 is that risk to a firm's reputation should not be underestimated and more attention must be paid to improving the quality of products sold to consumers.
In the United States, a number of regulatory compliance bodies, including the Securities and Exchange Commission (SEC), include corporate culture as a factor when considering enforcement actions and recommending punishments. For example, a compliance audit may evaluate:
- How employees interact with customers.
- The firm's product approval process.
- How the company addresses regulatory requirements.
- How decisions are made.
- Whether the company has a whistleblower policy that allows employees to report dishonest or illegal business activities without repercussions.
The process for managing conduct risk will be different at each company based on factors such as the company's industry and its customer base. In general, a successful step-by-step conduct risk management approach includes the following:
- Identify and assess conduct risk vulnerabilities throughout the organization's departments.
- Develop and monitor key conduct risk metrics unique to the organization's needs.
- Educate and train staff about their conduct risk avoidance responsibilities, and reinforce training regularly.
- Evaluating employees' sales incentives programs and make sure employees are compliant with consumer protection rules when interacting with customers.
Conduct risk is often a problem during product development because it requires employees to actively manage potential risk issues throughout the product development lifecycle. Conduct risk management should not stop at product development, however, because it can permeate nearly every aspect business operations that involves customer interactions and does not fall under other risk categories such as credit, liquidity, market or operational risks.
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) is responsible for the creation of the Consumer Financial Protection Bureau (CFPB), an independent regulatory agency within the United States Federal Reserve System. An important objective of the CFPB is to manage conduct risk by prohibiting unfair, deceptive or abusive acts or practices (UDAAPs).