Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda. April 2016

Similar documents
Under control 2015 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Keeping sight of your business Hot topics facing Financial Services organisations in IT Internal Audit

MiFID II/MiFIR. Implications for Fund Managers. May Deloitte LLP. All rights reserved.

Global Mobility for Professional Practices Managing a mobile workforce

Charity Audit Committee performance evaluation Self assessment checklist. October 2014

Enhanced Portfolio Management in uncertain times

Management Information for Conduct Risk Underpinning better decision-making

Extract of article published in International HR Adviser magazine The role of HR in global mobility

Addressing Cyber Risk Building robust cyber governance

January Senior Insurance Managers Regime Strengthening accountability in insurance

Deloitte Shared Services, GBS & BPO Conference SMAC / Enabling Technologies and Shared Services in the Public Sector

ISO27032 Guidelines for Cyber Security

Indirect Tax Conference VAT and Pensions. Alistair Jones & Andrew Dalah Financial Services VAT 14 November 2014

Transforming customer management in the water sector How to become a leader in customer service

Developmental assignments Enablers not solutions

Annual Shared Services and BPO Conference 2013 Continuous improvement end to end - who dares wins. Geoff Gibbons & Mathew Shreeve

A guide to investing. Appendix 11 Protecting your business intellectual property rights

A guide to investing. Appendix 10 Choice of business entity

On the horizon 2016 Hot topics for IT internal audit in financial services. An Internal Audit viewpoint

Need to know Financial Reporting Council issues FRS 103 Insurance Contracts

Operational continuity in recovery and resolution planning Exploring the Service Company structure

Tax Incentives in the Gaming Industry

Internal Audit at the University of Cambridge.

Governance in brief BIS and the FRC consult on options for UK implementation of the EU Audit Directive & Regulation

The Internal Audit fraud challenge Prevention, protection, detection

Brevan Howard Asset Management LLP Pillar 3 Disclosures. Brevan Howard (2014). All Rights Reserved.

A guide to investing. Appendix 7 Raising finance

Mobility cost optimisation Managing the whole mobility investment

Deloitte Shared Services, GBS & BPO Conference Shared Services Design Through to Implementation

IFRS industry insights

A guide to investing. Appendix 12 Checklist of items to consider when planning a project

BEPS Action 13: Transfer Pricing Documentation and Country-by-Country Reporting

Banking and Financial Services Internal Audit Group

The robots are coming. A Deloitte Insight report

Low Default Portfolio (LDP) modelling

Treasury Advisory Services Stability through effective financial risk and liquidity management. Audit. Tax. Consulting. Financial Advisory.

Annual Shared Services and BPO Conference 2013 Shared services from feasibility through to implementation. Tibor Nagy & Jeppe Larsen

From ICAAP/ORSA to ERM: Board and Senior Management Oversight. Leon Bloom, Partner, Deloitte & Touche LLP lebloom@deloitte.ca

D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

Finance Transformed. Changing the focus Finance Business Partnering

Cyber Security Evolved

Robotic Process Automation Overview and RPA Case Study. November 2015

CIIA South West Analytics in Internal Audit - Tackling Fraud

Exposure Draft Statement of Recommended Practice: Financial Statements of Investment Trust Companies and Venture Capital Trusts

Technology and Cyber Resilience Benchmarking Report December 2013

Policy Statement PS20/15 Strengthening individual accountability in banking: UK branches of non EEA banks. August 2015

A closer look Fair value measurement of financial instruments under IFRS 13

Managing and removing foreign national offenders

Finance Business Partnering Less than the sum of the parts. Organisational perception of Finance, percentage of respondents agreeing with statements

Capital Requirements Directive Pillar 3 Disclosure. December 2015

Dacorum Borough Council Final Internal Audit Report

IFRS industry insights

Contracts with Participation Features First set of decisions after extensive preparation and outreach activities

Implementation of Solvency II: The dos and the don ts

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

RISK MANAGEMENT POLICY (Revised October 2015)

HR Business Partnering A Custom Approach

IFRS industry insights

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

Exchange Rate - Codes of Best Market Practice and Shared Global Principles 1

OECD PROJECT ON CYBER RISK INSURANCE

APRIL FCA Business Plan 2014/2015 and Risk Outlook The key points

IFRS industry insights

CUSTOMER FUNDS PROTECTION AT SOCIETE GENERALE NEWEDGE UK LIMITED

Do what matters to you. School leaver opportunities

Business Planning & Budgetary Control 2012/13

Guidance for audit committees. The internal audit function

G Cloud III Framework Lot 4 (SCS) Project Management

Managing Complex Transformations Achieving excellence

Internal Audit Division

Stakeholder Engagement

The Compliance Universe

UK Indirect Tax Conference 2015 How does the EU do VAT? Aili Nurk 11 November 2015

Exposure Draft ED 2014/6 Disclosure Initiative (Proposed amendments to IAS 7)

WELCOME MIKE STRAWSON LEAD ASSOCIATE CHAMBER INTERNATIONAL

G20 HIGH-LEVEL PRINCIPLES ON FINANCIAL CONSUMER PROTECTION

Relationship Manager (Banking) Assessment Plan

INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS

Building Public Trust: Ethics Measures in OECD Countries

Transparency report 30 June 2016

Jupiter Asset Management Ltd Pillar 3 Disclosures as at 31 December 2014

OUR ASSURANCE PLAN 2016/17 MARCH Our Assurance Plan 2016/17

Business Effectiveness and Costs in UK

Corporate Governance Report

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Financial services mis-selling: regulation and redress

Current issues and trends in the Aerospace supply chain

CONTACT(S) Riana Wiesner +44(0) Jana Streckenbach +44(0)

asset management advisory services TCC Asset Management 1

Environment Sustainability and Highways

Global Workforce Management Best Practice Approach to Global Employment Companies. December 2015

The centre of government: an update

This image cannot currently be displayed. D-G4-L4-241 Predictive analytics (software as service) Deloitte LLP Service for G-Cloud IV

D-G4-L4-025 Mobile Working Technology Feasibility Study for a Healthcare Body Deloitte LLP Service for G-Cloud IV

D-G4-L4-235 Supply Chain Analytics Deloitte LLP Service for G- Cloud IV

Review findings on the quality of the risk governance of insurers

English UK VAT & Overseas Agents

Risks to customers from performance management at firms

our eye on the FCA Risk outlook & business plan

Transcription:

Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda April 2016

Wholesale Conduct Risk as a concept Since the global financial crisis, regulators globally have been grappling with a multitude of conduct related matters, which have put the integrity of wholesale markets under intense examination. High profile examples include: manipulation of benchmark borrowing rates, the LIBOR scandal ; investigations into the integrity of FX markets; and investigations into the sales of wholesale products to non wholesale customers, for example the interest rate hedging product review implemented in the UK by the Financial Conduct Authority (FCA). Poor conduct amongst firms and employees is a common factor in many of these issues that have arisen since the financial crisis. Thus the term Conduct Risk was borne by regulators. While regulators may have previously primarily focused on the conduct of firms interacting with retail customers, as exemplified by the Financial Services Authority s (FSA) Treating Customers Fairly initiative, there is now a strong realisation that the potential knock on effects of wholesale market misconduct are so great that heightened regulatory scrutiny of wholesale markets is necessary. There is a very strong expectation that conduct risk management arrangements in wholesale market participants will have been significantly enhanced since the financial crisis, and firms can expect regulators to be increasingly intrusive and challenging of firms approach to Wholesale Conduct Risk. What is Wholesale Conduct Risk? While the term Conduct Risk has evolved, the elements that underpin the concept are not new, and should be familiar to any internal auditor with some experience in the market. Indeed, the FCA s Principles for Business, inherited from the FSA and dating back to 1998, contain some very simple pointers on what regulators mean by conduct risk. For example, any regulated firm, retail or wholesale, is expected to conduct its business with integrity (Principle 1) and to observe proper market standards (Principle 5). More recent regulatory focus has identified firms culture and competition matters as important aspects to consider. The table below sets out a more detailed analysis of how present day Wholesale Conduct Risk might be defined. Wholesale Conduct Risk the concept Wholesale Conduct Risk is: What does this mean Conduct Risk can emerge due to: Undue detriment can manifest in: Mitigants are: The risks that the conduct of a firm directly, its employees, associates or representatives gives rise to: a) Undue financial or non financial detriment to clients, customers, or counterparties, whether the firm deals with them director via third parties b) damage to the integrity of the financial markets c) ineffective completition in the markets in which the firm participates d) non compliance with the law or the requirements and expectations of regulators and other authorities The failure of the firm to uphold and ensure good conduct and behaviour of employees and representatives Poor culture, leadership, incentives and remuneration practices Failure to provide adequate resources, systems and controls Clients distress, inconvenience, reduced choice, loss of opportunity or benefit Damage or distortion to the competiveness and/or integrity of the financial markets that the firm participates in To allocate clear responsibilities for managing and controlling condust risk in the 1LoD in each business line To use a risk based approach to focus management attention and resource on the material conduct risks identified in a Wholesale Contract Risk specific assesment processes Impact of the creation of the FCA on the conduct risk agenda For firms subject to UK regulations, a fundamental change occurred in April 2013 with the creation of the FCA. The FCA is more outcomes focused than its predecessor, the FSA, and requires firms to think about the impact of their business activities on customers, clients and counterparties. This requires more focus on fundamental drivers of wholesale conduct risk, meaning those factors inherent in the business activities of a bank that increase the likelihood of conduct risk matters emerging. Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda 1

The introduction of a competition objective for the FCA marks another important shift in focus on conduct matters. In this regard the FCA has launched a number of detailed market studies to understand the competitive dynamics of various markets, and include analyses of whether competition in the market is delivering effective outcomes for customers. Central to this theme, is of a focus on products value, which represents a significant change from the previous regime. Depending on findings, these studies could lead to market remedies where the FCA does not believe competition is functioning effectively. A market study of Investment and Corporate Banking was launched in May 2015, with initial feedback due in March 2016, which will set out any areas of concern on which remedies may be proposed. Drivers of Wholesale Conduct Risk Conduct risk in wholesale markets has the following fundamental drivers: Driver of conduct risk Information asymmetries Conflicts of interest Economic and regulatory pressures New technologies and the pace of change Examples Insider trading is driven by the abuse of information asymmetries Individuals execute trades that could be viewed as manipulative Banks are experts in the risks of an underlying transactions but their counterparty or client may not be Firms exploit knowledge of a client s trading intentions to deal ahead (front running a client order and make a proprietary trading profit) Firms or individuals are incentivised to carry out transactions that are not in the client s best interests, e.g. payment for order flow Reduced trading margins and falling volumes caused firms to move into new activities or find ways of increasing margins Adjustments to business models and cost controls can lead to conduct risks if systems, risk management and governance become unsuited to new levels of complexity or to changes in the scale and risk profile of a business Technological advances have increased firms dependence on systems meaning that the integrity of IT infrastructure has become increasingly important Recent failures include: customers being unable to process payments and flash crashes Legacy IT Infrastructure and systems prevents firm s management from effective oversight of conduct risks and behaviour FCA latest direction Wholesale Conduct Risk featured in the 2015/16 Risk Outlook, which formed part of the FCA s Business Plan. In particular the document noted: the FCA s continued focus on driving cultural change within wholesale markets, including through a focus on ensuring that firm structures, processes and incentives support better conduct outcomes; some specific topics that will be the focus of thematic reviews controls over flow of information, benchmarks, dark pools and a continued focus of conflicts of interest; supporting the UK Government s Fair and Effective Market Review of wholesale markets and undertaking a review of competition in the investment and corporate banking sector. It is vital that firms, in wholesale and retail markets, ensure that cultural changes have been made, to prevent poor conduct in future. FCA Business Plan, 24 March 2015 2

Framework, Governance and Implementation Frameworks We see that for most in the industry, the approach to the governance of wholesale conduct risk has been to build bolt on frameworks to or augment their existing operational risk frameworks to give Wholesale Conduct Risk the required prominence. And this reflects the industry s recognition of the fact that a large portion of all operational risk losses are caused by conduct or behaviour of staff. Furthermore, Wholesale Conduct Risk features prominently in the operational risk capital calculations of banks, ranking pari passu with all other risks in the firm. Governance and implementation While there are no specific conduct risk framework requirements Wholesale Conduct Risk can be managed within existing governance, risk management or Management Information (MI) structures there are a number of factors that firms should consider: the focus of the FCA has shifted from the compliance function as owner and advocate of Wholesale Conduct risk to the first line of defence, the risk owners and takers, to evidence effective management of the inherent conduct risks due to the business activities they undertake; in contrast to retail or private banking conduct model the customer life cycle approach is an unsuitable as a basis for considering Wholesale Conduct Risk given the transactional nature of wholesale markets; for institutions subject to the new PRA/FCA Senior Managers Regime, a new set of conduct rules came into force in March 2016, with a subset of these new rules applying to almost all employees. Common challenges for firms in implementing effective Conduct Risk management: Ownership Ownership is often an issue. It best sits within all three lines of defence. However clear and expressed accountability within the Significant Influence Functions and middle management as well as the control functions is often missing or not formalised. Collaboration Wholesale Conduct Risk management requires collaboration between Front, Middle and Back Office, Operational Risk, Compliance, Internal Audit, HR and crucially Senior Management. Firms in the market struggle with the level of collaboration needed, mainly because the individuals involved had not focused on WCR in the past and did not realise that existing good practices could be communicated better within the firm and be more widely adopted and standardised. Management information A high volume of MI is provided at multiple levels of the firm without sufficient prioritisation and assessment of quality or relevance. A lengthy process of iterations is required to clean up and calibrate the data to an effective set of MI. In spite of volume, senior management does not receive the MI they require to take informed action on emerging conduct risks. Tone from the top versus message from the middle Top senior management within firms is now well versed in setting the required tone from the top of the house. However, there is a significant risk that this tone from the top is muddled or diluted by middle management, whose everyday focus is not on meeting regulatory conduct expectations, but in getting the daily operational tasks completed. This may be a barrier to installing organisational wide cultural change to support good conduct outcomes. Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda 3

Role of Internal Audit in assessing Wholesale Conduct Risk Given the current regulatory focus, Internal Audit functions will need to build conduct risk explicitly into their programmes. Those Heads of Internal Audit who have an ongoing relationship with FCA supervisors can expect regular challenge and questioning on the adequacy of coverage of conduct risk. The table below sets out some conduct risk dimensions that should be considered by internal auditors. Conduct risk dimensions that Internal Auditors should consider Market integrity Market abuse Conflicts of interst Control of confidential information Financial crime Competition Market segmentation Transparency in the cost of services, bundling Availability of data Vertical Integration Customers, clients and counterparties Client categorisation Product complexity and disclosure Product pricing, value for money Target market Stress testing Bank infrastructure Governance Management information Client service and reporting Risk management CASS Transaction reporting Internal Audit functions will need to ensure coverage of the firm s material conduct risks (generic high level model shown above), including the respective conduct risk appetite and associated governance, risk management arrangements and management information. The annual planning processes should articulate how the plan adequately covers customer outcomes, and the influencing factors. Individual review planning arrangements should specifically identify Wholesale Conduct Risk and where relevant should identify audit testing of relevant controls, as well as sampling key front line processes supporting market integrity and good outcomes for customers, clients and counterparties. Audit programmes should also consider the extent to which first line functions are taking sufficient responsibility and accountability for good the Wholesale Conduct Risk that is generated due to their business activities. How should the regulatory focus on Wholesale Conduct Risk influence Internal Audit programmes? Integrate the assessment of Wholesale Conduct Risk into the annual audit programme, alongside all other risks types; Drive a risk based assessment of material inherent conduct risks and assessment of the adequacy of the conduct risk control environment; Promote testing of the alignment of inherent and residual Wholesale Conduct Risk with the conduct risk appetite as expressed by the Board; Shift the audit approach from auditing conduct compliance to auditing the effectiveness first line of defence controls; Promote the testing the effectiveness of governance arrangements, systems and controls, policies and procedures, MI and Training on all material inherent conduct risks. Internal Audit should evaluate whether the organisation is acting with integrity in its dealings with customers and in its interaction with relevant markets. Chartered Institute of Internal Auditors Effective Internal Audit in the Financial Sector, July 2013 4

Key contacts Financial Services Internal Audit Paul Day Lead Partner, FS Internal Audit 020 7007 5064 pauday@deloitte.co.uk Russell Davis Partner, Banking Internal Audit 020 7007 6755 rdavis@deloitte.co.uk Terri Fielding Partner, Investment Management Internal Audit 020 7303 8403 tfielding@deloitte.co.uk Matthew Cox Director, Insurance Internal Audit 020 303 2239 macox@deloitte.co.uk Mike Sobers Partner, Technology Internal Audit 020 7007 0483 rdavis@deloitte.co.uk Jamie Young Partner, Regions FS Internal Audit 0113 292 1256 jayoung@deloitte.co.uk Regulatory Compliance Nikki Lovejoy Partner, Regulatory Compliance 020 7303 2921 nlovejoy@deloitte.co.uk Daniela Strebel Senior Manager, Regulatory Compliance 020 7007 7888 dstrebel@deloitte.co.uk Phil Nicholls Associate Director, Regulatory Compliance 020 7303 8983 phinichollls@deloitte.co.uk Wholesale Conduct Risk Internal Audit s role in the refocused regulatory agenda 5

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.co.uk/about for a detailed description of the legal structure of DTTL and its member firms. Deloitte LLP is the United Kingdom member firm of DTTL. This publication has been written in general terms and therefore cannot be relied on to cover specific situations; application of the principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of the contents of this publication. Deloitte LLP would be pleased to advise readers on how to apply the principles set out in this publication to their specific circumstances. Deloitte LLP accepts no duty of care or liability for any loss occasioned to any person acting or refraining from action as a result of any material in this publication. 2016 Deloitte LLP. All rights reserved. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC303675 and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom. Tel: +44 (0) 20 7936 3000 Fax: +44 (0) 20 7583 1198. Designed and produced by The Creative Studio at Deloitte, London. J4988

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information