Financial Conduct AuthorityConsumer Vulnerability Februa

Financial Conduct Authority
Consumer Vulnerability
February 2015
Occasional Paper No.8
Consumer
Vulnerability
6
Executive summary
Many consumers in vulnerable circumstances are not receiving
fair treatment
from their financial services providers. Whilst there are
examples of good
practice in some firms, some people find communicating with
providers or
accessing products difficult. They may find that they are unable
to obtain
a flexible, tailored service that meets their needs from firms.
We want to
help firms identify consumers in potentially vulnerable
circumstances, and
to attempt to describe what ‘good’ looks like in serving those
consumers.
This paper aims:

• to broaden understanding and stimulate interest and debate
around
vulnerability and
• to provide practical help and resources to firms in developing
and
implementing a vulnerability strategy
During the course of this project the authors were constantly on
the lookout
for examples of good practice in identifying and interacting
with vulnerable
customers. These have been collated and presented in a
Practitioners’
Pack, which may support firms to understand what they could
be doing to
generate better outcomes for consumers in vulnerable
circumstances (see
Appendix 4). This resource consolidates a range of good
practice guides,
tips from industry and consumer organisations, together with
case studies.
Why this matters
Much consumer protection legislation is underpinned by the
notion of the
average or typical consumer, and what that typical consumer
might expect,
understand or how they might behave. However, consumers in
vulnerable
circumstances may be significantly less able to represent their
own interests,
and more likely to suffer harm than the average consumer.
Regulators and
firms need to ensure these consumers are adequately protected.

Financial services have become more important as consumers
are expected
to take greater responsibility for their financial wellbeing.
Services including
payment systems are essential for full participation in society
and are a key
gateway to other services; therefore it’s vitally important that
these services
and the customer support that goes along with them are
designed in an
inclusive way.1 This is a particular challenge as services are
increasingly offered
remotely and online – which does not meet the needs of all
customers.
Financial services need to be able to adapt to the changing
circumstances that
real life throws at people, rather than being designed for the
mythical perfect
customer who never experiences difficulty. Vulnerability can
affect people’s
interaction with any consumer market, but it is particularly
challenging
in the context of financial services due in part to the long-term
nature of
commitments, and the complexity of products and information.
Increasingly, policy-makers both in the UK and internationally
are realising that
a flexible approach is necessary to meet the needs of a diverse
customer base.
The FCA has developed the following definition to guide its
work in this area:

Consumer
Vulnerability
1 We use the definition of inclusive in the British Standards
Institution publication BS 18477:2010 which is “the
availability,
usability and accessibility of a service to all consumers equally,
regardless of their personal circumstances”.
A vulnerable consumer is someone who, due
to their personal circumstances, is especially
susceptible to detriment, particularly when a firm
is not acting with appropriate levels of care.
Consumer
Vulnerability
8 Financial Conduct Authority
Types of vulnerability
Vulnerability can come in a range of guises, and can be
temporary, sporadic
or permanent in nature. It is a fluid state that needs a flexible,
tailored
response from firms. Many people in vulnerable situations
would not
diagnose themselves as ‘vulnerable’. The clear message from
the research
carried out for this paper is that we can all become vulnerable.
To enable
firms to identify potential vulnerability and prioritise their

efforts, one
option is for firms to use a risk factor approach (for example,
bereavement,
or illness diagnosis, could be considered risk factors – see p.23
for more
details). Multi-layered vulnerability, and sudden changes in
circumstances,
are particular indicators of high risk.
Vulnerability is not just to do with the situation of the
consumer. It can be
caused or exacerbated by the actions or processes of firms. The
impact of
vulnerability is strong and many people are trying to cope with
difficult
situations and limited resources, energy and time. Stress can
affect state
of mind and the ability to manage effectively. In such
conditions, being
confronted by a complex telephone menu system that gives no
option of
talking to a person; a ‘computer says no’ response; a call
handler without
time or inclination to listen, or a system that fails to record
what may be
distressing circumstances and forces the customer to repeat
themselves
at every point of contact, can all create a spiral of stress and
difficulty,
resulting in detriment.
Case studies
A mortgage customer who was diagnosed with terminal
lung cancer made a claim on a critical illness policy. The
customer decided to repay the outstanding mortgage with
the proceeds. The customer subsequently received a letter

from the lender to say that an early repayment charge
was payable. Despite contact being made by the family to
explain the situation, it was only with the intervention of a
third party that the lender waived the charge.
__________________________________________
A registered blind person was asked to go into his
branch with photographic identification to withdraw
funds from his account as his card had been blocked
following fraud on his account. He didn’t possess a
driving licence or passport, and was told by the bank
that his blind person’s bus pass with a photo on it was
not adequate. He was unable to obtain money from his
account while awaiting new cards.
__________________________________________
When Adnan’s mother died, he travelled home to
Turkey for a month to organise her funeral. As he
would need time off work, he was worried about his
mortgage payments. He called his bank to explain the
situation and asked if it would be possible to have a four
month ‘holiday’ from his payments. After valuing the
house, Adnan and his wife were told they were short of
£1,000 in equity in the house to be granted a holiday.
Instead, they were offered two months on a reduced
payment schedule. Since this time, Adnan and his wife
have seen their debt levels rise from £1,000 on credit
cards to £13,000 to make bill and mortgage payments,
and cover expenses related to the death.
__________________________________________
A woman in her eighties had an arrangement with her
local bank branch whereby they helped her pay her credit
card bill over the counter. Following suspicious activity on
her account, she moved to a new bank. The new bank told

her she couldn’t pay her credit card bill at the counter and
she would have to pay over the phone with a debit card.
She had never done this before, and it took her some time
to manage it. As a result she had a late payment charge.
__________________________________________
A customer awaiting surgery for cancer was expected
to make a full recovery, but would miss work for three
months because of the surgery. Holding a current
account, overdraft and unsecured loan with the same
bank and anticipating a problem meeting repayments
during this period, the customer contacted the bank
to discuss options to manage the temporary loss of
income. The bank refused to consider any options as no
payments had yet been missed and told her to call back
when in arrears.
Financial Conduct Authority 9
S
u
m
m
a
ry
Mental illness
In any given year,
one in four adults
experiences at
least one mental
disorder (NHS, 2007)

Internet
Of the 7.1m adults in the
UK that had never used
the internet in May 2013,
over half were disabled
(3.7m) and nearly half were
over 75 years of age (3.1m).
(Department for Business,
Innovation and Skills, 2013)
Savings
Almost half of adults do not
have enough savings to cover an
unexpected bill of £300 (Money Advice Service)
The scale of consumer
vulnerability in the UK
Fair treatment of all customers is central to core conduct
1 in 8 adults care,
unpaid,for family
and friends (Carers UK website, 2014)
There are 800,000 people in the UK living with
varying degrees of dementia, and this is expected
to double over the next 40 years
NOW
+40 YEARS
Caring responsibilities
6.5m people in the UK have
signi�cant caring responsibilities.

Carers UK project this will reach
9m by 2037.
NOW
+20 years
+30 years
Old age
Over 1.4m people in the
UK are aged 85 or over.
The number of people over
85 in the UK is predicted to
double in the next 20 years
and nearly treble in the
next 30 years (Age UK, 2013)
By 2020 half of the
UK population can
expect to be
diagnosed with
cancer at some point
in their lives (Macmillan 2014)
Cancer
Every two minutes someone in the UK is
diagnosed with cancer (Cancer Research UK 2014)
Living with dementia
Disability
16%
of working
age adults
have a disability

(Family Resources Survey,
2011/12).
Literacy and numeracy
One in seven adults has
literacy skills that are expected
of a child aged 11 or below.
And...
Just under half
of UK adults have
a numeracy
attainment age
of 11 or below
(Department for Business,
Innovation and Skills, 2012)
Dementia affects 1 person in 6 over 80
(Age UK,2013)
Consumer
Vulnerability
Financial
services,
products and
systems often
‘streamline’
consumers and
are not designed
to meet non-
standard needs
of those who

don’t fit into a
set mould.
The response of
frontline staff –
whether it’s in a
branch or on the
phone – is crucial
to the customer’s
experience. The
firm may have
great specialist
teams or policies,
but if frontline
staff don’t deal
with the situation
appropriately,
access to a good
outcome may be
missed.
Staff on the
frontline do
not need to be
experts, but they
need sufficient
training to
facilitate a proper
conversation,
to know where
internal expertise
lies, and know
how and when
to refer on.
Most problems

relate to poor
interactions,
or systems
that don’t
flex to meet
needs, therefore
making people’s
situations more
difficult.
Some
consumers are
overwhelmed
by complex
information and
can find it hard
to distinguish
between
promotional
material and
important
messages about
their products.
In some areas,
an inaccurate
interpretation
or overzealous
implementation
of rules (such
as those around
data protection
or affordability) is
preventing firms
from meeting
the needs of

vulnerable
customers.
Many
vulnerable
consumers may
be valuable
customers if
firms respond
to their needs
and treat
them flexibly.
However, these
consumers may
withdraw from
the mainstream
market and their
problems may
spiral if their
needs are not
met.
Who is this relevant to?
Vulnerability can affect consumers across all financial products
and services.
The issues raised in this paper are relevant to all financial
services firms that
engage with consumers.
The FCA’s research
To reach a broader understanding of the role of vulnerability in
consumers’
interactions with financial services, the FCA commissioned
research

amongst a range of consumers in potentially vulnerable
circumstances
(Rowe, Holland, Hann, & Brown, 2015 – this is referenced
throughout this
paper as Vulnerability Exposed Report). This was combined
with a review
of available evidence and literature, engagement with consumer
and advice
groups, collection of examples of good practice and analysis of
information
provided by firms, to build up a picture of the market.
This research found that:
E
xe
cu
ti
ve
su
m
m
a
ry
Problem areas

Our review of all the evidence collected for this project showed
that there
are problems at every stage, from high-level policy, through
system design,
to the products that are available and ways that staff implement
policies and
sell products.
Policy
• Many firms lack an overarching strategy or policy on
consumer vulnerability.
• Policies designed to prevent financial abuse and fraud can
inhibit staff empowerment to use
discretion, particularly regarding legitimate access by third
parties.2
Systems
• Failure of internal systems, where firms fail to communicate
and connect information
internally. For example, this can lead to customers having to
tell firms multiple times about
bereavement, resulting in numerous duplicate letters from
different areas of the business
being sent.
• Interfaces or channels of communication that are not
inclusive.
• Increasing automation and use of call centres may create
challenges in spotting potential
vulnerability and ensuring customers are referred on to
specialist teams where necessary.

Products
• Inflexible products and services that are designed for a
standardised perfect customer and
do not factor real-life events into their design. Some customers
who face a change in
circumstances are therefore not able to receive a flexible,
tailored response.
• Product and information complexity and confusing
communications.
• Lack of suitable affordable products for people in some non-
standard situations.
• Lack of solutions for temporary delegation (enabling a family
member or carer to manage
your affairs for a short time) which retain privacy and safety.
Implementation
• Policy/practice gap at firms, where frontline staff are not
aware of or do not implement
head office policies. Frontline staff may not refer people on to
specialist teams.
• Consumer time is not valued highly and many people give up
if the process is too time-
consuming, especially if they are in a stressful situation with
other demands on their time.
• Inconsistent approach around flexible temporary forbearance.
• Arrangements around temporary delegation (enabling a family
member or carer to manage
your affairs for a short time) and accompaniment (sitting in or

helping with a phone call or
interview) not sufficiently developed and flexible to enable
family and carers to help.
• Inappropriate selling and sales practices which exploit
behavioural biases.
• Issues around disclosure3 of a vulnerability and data
protection – inaccurate or overzealous
application creates unnecessary problems.
2 For example problems faced by those with power of attorney
or third party mandates.
3 Throughout this paper we use the term ‘disclosure’ to
describe the voluntary communication or divulgence of personal
circumstances by the consumer to the
firm. References to disclosure in this paper are not related to
the Market Abuse Directive (Disclosure Rules) Instrument 2005.
Consumer
Vulnerability
12 Financial Conduct Authority
What can firms do?
We believe this is an area where firms can take action
and have the power and capacity to create good
outcomes for the customer if they develop effective
strategies and manage interactions well. This can have
beneficial commercial outcomes. Products and services
that are designed in an inclusive way will also work
better for the majority of customers, increasing levels
of customer satisfaction. Plenty of resources exist to

assist firms in developing strategies and putting them
into practice (see Appendix 4). We outline in this paper
what we believe ‘good’ looks like for the customer,
and provide some tips and examples that result from
discussions with firms and advice organisations (see
From the firms’ perspective: what has been reported
to work well, p85). It is up to firms to decide how to
achieve good outcomes.
Key areas for firms to explore
• To ensure a consistent approach that is
embedded across all operations, it is important
to have a high-level policy on consumer vulnerability
in place.
• It is important that all relevant staff are aware of
the policy.
• Firms could begin by auditing current practice.
• Ongoing evaluation of the effectiveness of a
vulnerability strategy plays a significant role.
• Research demonstrates that it is important for staff
on the front line to have sufficient training to
facilitate a proper conversation and that they
know where internal expertise lies.
• Flexibility in the application of terms and
conditions of products and services plays a
significant role in ensuring the needs of consumers
in vulnerable circumstances are met.
• An efficient process for referring consumers on

to specialist teams who have authority to make
flexible decisions is important.
• Good policies and practice in handling
disclosure or communication needs of consumers
and recording of that information effectively play
a key role for consumers and are helpful to staff.
Actively encouraging disclosure, by staff able to
have proper conversations, has been shown to be
helpful here.
• Clear, simple information and explanation
throughout the product life cycle is important to all
consumers.
• Policies around data protection in particular,
but also safeguarding and affordability,
need to be implemented based on a correct
understanding. If staff are well trained they are
less likely to apply such policies in an overzealous
manner which can create problems for customers.
For example, proper affordability is vital to the wider
protection of consumers, but firms should have
systems in place to allow for appropriate discretion.
E
xe
cu
ti
ve

su
m
m
a
ry
What does ‘good’ look like to consumers?
Based on the FCA’s research, we believe consumers in
vulnerable circumstances need to trust that they will
experience the following outcomes when they approach
financial services providers. Many of these would also
be beneficial to all consumers:
• Having financial products that are clear and
easy to understand.
• A choice of ways of communicating to be available
whenever you need to make contact and for these to
be designed in an inclusive way so that they are
clear, easy to understand and meet your needs. This
could relate to the method of communication (e.g.
audio/braille/face-to-face) or the service delivery
(e.g. agreement to talk at a particular time of day
depending on carers and medication).
• Feeling that firms will treat you as an individual
and you won’t face the ‘computer says no’ response
just because your personal circumstances do not fit
the standard mould.
• Knowing that, should you experience a sudden
change in circumstances, you will be offered a

flexible and tailored response from your financial
services provider.
• Being able to talk to someone who will take
the time to listen, who is flexible enough to let
the conversation take its natural course, and who is
sufficiently trained to spot signs of vulnerability and
refer on to specialists where necessary.
• Being referred on to someone who has the authority
and discretion to take a tailored approach to your
situation and offer flexible solutions, including
use of specialist sources of help and advice if
necessary.
• Feeling confident that your firm encourages
disclosure, that they will work with you in your best
interests.
• Knowing that if you do disclose information about
your needs, that information will be recorded
properly so that you do not have to repeat it every
time you make contact with all departments of a
particular firm.
• Knowing firms will proactively contact you if they
suspect you may be having financial difficulties.
• Knowing appropriate action will be taken if a
firm spots suspicious activity that may signal
abuse or fraud.
• If you are trying to speak to a firm in a caring
capacity, finding that the firm listens and makes
a note of your concerns even though it may not be
able to divulge any information to you.

• If you are recently bereaved, have a power of attorney
or a third party mandate, receiving consistent
advice and treatment.
Case studies: what ‘good’ can look like
Although vulnerability is a complex area and there are no quick
fixes, there are
firms that are already implementing positive policies. During
the course of our
research we talked to a number of firms that put fair treatment
of vulnerable
customers high on their agenda. For more details, see Chapter 7.
Approach embedded throughout
organisation
A relatively new bank told us that its approach is embedded
throughout all aspects of the organisation. It reports
that it educates staff to see customers as people rather
than statistics. Staff are encouraged to understand the
reasons behind debt, and take on board the longer term
implications of not resolving the situation for the customer
(such as an impaired credit record).
__________________________________________
Training and feedback
A firm in the credit sector told us it uses speech analytics
software to help with auditing performance. This
analyses all calls and picks up on specific key words that
may be triggers or clues to vulnerability, such as mention
of illness, treatment, diagnosis, depression etc. Managers
can then assess how these calls have been handled,
and give feedback where improvements are needed.
Performance assessment includes managers listening to a

sample of calls, and assessing how potentially vulnerable
people are handled.
__________________________________________
Excellent links with charities
Close collaboration with the advice and charity sector has
been instrumental in developing another firm’s approach
to vulnerability. It uses the Money Advice Trust and Royal
College of Psychiatrists tools such as TEXAS and COMPASS
to assist with implementation and finds these very
effective (for more information on these see Appendix 4).
It has different levels of training for mainstream collectors
and the specialist unit, and has worked extensively with
charities such as StepChange, Macmillan Cancer Support,
the Samaritans and Christians Against Poverty to develop
this area. It points out that signposting is most effective
if a firm puts time and effort into building relationships
with the advice sector, knowing what parts of which
charities can offer specialist help, and ensuring customers
are passed to the most relevant person. It believes that
handling vulnerable customers in the right way leads to
better job satisfaction.
__________________________________________
Creditors are not rescuers
Another firm told us that one element of its approach
to vulnerability is to recognise that creditors are not
rescuers. Staff need to know where they can get help
and signpost people appropriately, rather than rescuing
people themselves. In its view, obtaining help and support
so that people can get back in control of their financial
situation is vital to its vision. The firm told us that it values
emotional intelligence highly, both for frontline staff and
their specialist team. Frontline staff use the TEXAS model
(see Appendix 4) and pass on to the specialist team where

necessary. It told us that staff are encouraged to listen and
look out for a wide range of clues, some of which can be
subtle. This includes signs of agitation such as pitch, tone
of voice and breathing, as well as indicators such as “I’ve
not taken my tablets”. Staff are empowered to move away
from scripts where they have a gut feeling that something
isn’t right. Training for staff in the specialist team involves
lots of role play around emotionally difficult situations so
that staff feel confident in handling these sorts of calls.
__________________________________________
Banking accessibility
We also came across examples of creative approaches in
the banking sector, including roadshows that demonstrate
a bank’s accessible services (such as high visibility debit
cards and talking ATMs), and highlight partnerships with
key charities.
Consumer
Vulnerability
Financial Conduct Authority
Managing conduct risk
Addressing drivers, restoring trust
Managing conduct risk | Contents
Contents

Introduction� 01
Drivers�of�misconduct� 02
Restoring�trust� 14
A�new�approach�through�innovation� 22
Conclusion� 27
Contacts� 29
Managing conduct risk | Introduction
01
Improving conduct within industry is
an essential part of rebuilding trust and
supporting future sustainable growth.
Further, the regulatory focus on conduct
is expected to persist and firms will
continue to face pressure to be alert to
poor behavior.
To help financial services firms be
proactive about misconduct, this paper
explores its fundamental drivers. By
drawing out the broad themes and
drivers, the focus will naturally shift from
addressing individual instances of bad
behavior to obtaining a broad view of its
root causes that will help in the design of
enterprise-wide and preventative
conduct risk programs. The eight drivers
of misconduct that we have identified are
summarized in Figure 1 on page 3.
We also review the various industry

and regulatory initiatives that have
arisen in response to conduct failings
within financial services firms and
provide a summary of approaches that
can be considered to address the eight
identified drivers of misconduct (see
Figure 2 on page 15).
While much has been done to set
standards and to restore trust, there is a
desire to improve both capabilities and
cost effectiveness in meeting
expectations around managing conduct.
With this in mind, we have set out
possible ways in which new innovative
technologies might be enlisted to
optimize responses (see Figure 3 on
page 23). Innovation that can help to
improve the effectiveness and efficiency
of conduct management programs will in
turn create better customer and
regulatory outcomes.
—
Introduction
There has been no shortage of well-publicized and
highly damaging misconduct scandals within the
financial�services�industry�over�the�past�decade.�
Conduct is a lens into the culture of organizations,
and conduct failings seem to be widespread across
several�jurisdictions,�cut�across�financial�services�
organizations and involve both the retail and wholesale
sides�of�business.�A�large�number�of�customers�have�
claimed�sizeable�loss�and�there�has�been�significant�
reputational�and�brand�damage�to�firms.�A�raft�of�new
�

regulatory�initiatives,�substantial�fines�and�expensive�
remediation�programs�have�also�ensued.�
02
Managing conduct risk | Drivers of misconduct
The numerous instances of poor
practices within the financial services
industry that have been exposed across
the globe have resulted in clients’
interests being overlooked, unfair and
inequitable outcomes, considerable
financial impact for customers, and
damage to the integrity of the market.
Firms are facing enhanced regulation,
hefty penalties and substantial
remediation costs. The impact has not
only been felt on bottom lines and
through increased regulation. It has also
caused a significant loss of trust amongst
customers, and the public more broadly.
Understanding and addressing the
drivers of misconduct is an essential
step in improving standards of behavior,
being able to identify key conduct risks,
designing pre-emptive enterprise-wide
conduct programs and meeting
regulatory and marketplace expectations.
As such, we have explored the findings
of various conduct related enforcement
actions, regulatory and industry reviews,
government inquiries and firm

remediation programs to discover
the common themes that lie beneath
poor conduct.
While many of the recent high profile
cases of misconduct have occurred
within banking (and therefore many
examples in this paper are drawn from
that sector), conduct is not a bank
only issue. Regulatory and community
interest and expectations around
conduct cut across sectors, and
financial services organizations of all
types are under scrutiny.
The eight key drivers of misconduct that
we have identified are further explored in
the pages that follow. The root causes
identified in our paper are not behind all
recent conduct failings. Rather, we have
focused on those drivers that firms are
more readily able to control and
synthesized these into broader, more
manageable themes. The eight drivers
often overlap and, because each firm is
structured differently, each driver will
have differing levels of relevance. The
drivers also work together, to create an
environment that incentivizes, reinforces
and spreads problematic behavior.
—
Drivers of
misconduct
Conduct�is�a�current�priority�for�both�the�financial�
services�industry�and�its�key�regulators.�Understanding�

what�has�driven�poor�conduct�in�the�past�can�help�fir
ms�
design responses to restore trust and prevent problems
emerging�in�the�future.
03
Figure 1.
Drivers of misconduct
Drivers of conduct that
can harm customers, employees,
business reputation and
the integrity of the market
The product lifecycle
is not guided by customer
needs and suitability
Manual and
complicated processes
and procedures
Disparate subcultures
or problematic
prevailing culture
Individuals and leadership

are not responsible
or held to account for
poor conduct
Weak systems
for monitoring and
surveillance
Conflicts of interest
are not identified
or managed
Human resource decisions
are not based on a
“balanced scorecard”
Complex, disconnected or
“growth at all costs”
business model
In 2016 33,000 respondents from 28 countries
said banking and financial services is the
least trusted
sector globally…
Banking and financial services
has held this position for the past

5 years*
Less trust
Escalating costs
More regulation
$275 billion in legal costs for global banks since 2008 translates
into
more than $5 trillion of reduced lending capacity to the real
economy†
Common�Equity�Tier�1�ratios�of�EU�G-
SIBs�would�be�around�
two percentage points higher�without�fines‡
Costs spent on conduct for 20 major banks: ^
2008 to 2012
£197.76bn
2010 to 2014
£205.84bn
2011 to 2015
£252.00bn
Dodd-Frank
Wall Street
Reform and
Consumer
Protection Act
(US)
Principles

for Sound
Compensation
Practices (FSB)
Reforming
Major
Interest Rate
Benchmarks
(FSB)
Yates
Memo (US)
Market
Abuse
Regulation (EU)
Managers-
in-Charge
Regime (HK)
Future of
Financial
Advice (AU)
Markets in
Financial
Instruments
Directive II (EU)
Senior
Managers and
Certification
Regime (UK)
FX Global

Code (BIS)
04
05
Customer needs and
suitability not guiding
product lifecycle practices
Poor conduct outcomes can arise
when product design, marketing,
sales and advice, as well as post-sale
practices, are driven by concerns
about “what will sell the most” rather
than what the customer needs and
what is most suitable for these needs
(“is this right for them?”).
Product design dictated primarily by
the�commercial�needs�of�a�firm�and�
that does not adequately integrate the
customer perspective can foster poor
conduct, in particular mis-selling and
irresponsible�lending.�When�the�goal,�
for�example,�is�to�attain�the�highest�
revenues from the mass market, the result
may be generic products that are less
likely�to�be�fit�for�purpose�or�tailored�to�
individual�needs.�The�pressure�to�innovate,�

if not tempered by considerations of
customer suitability, may result in overly
complex�and�opaque�products�whose�
characteristics�and�risk�profile�may�be�
difficult�to�understand,�thereby�augmenting�
the�chances�of�mis-selling.�Regulators�have�
also been critical of design strategies that
can take advantage of human behavioral
biases that may lead to poor choices, such
as incorporating hurdles to switching,
complex�features�and�price�structures,�
mezzanine fees, products catering to high
loss�aversion�(e.g.,�insurance�for�small�risks)�
and�free�trial�periods.
Marketing, advice and sales practices that
are�similarly�driven�by�maximizing�volumes�
and�that�do�not�give�sufficient�weight�to�
customer utility can also lay the foundation
for�undesirable�outcomes.�
For�example,�quotas�or�league�tables�that�
celebrate sales volumes can encourage
customer suitability to be overlooked (or
made�a�secondary�consideration)�and�make�
inappropriate reporting of transactions
seem�a�reasonable�trade-off.�Techniques�
such as teaser rates, insurance add-ons,
product bundling, cross-selling and default/
opt-out settings may suit some customers
and�provide�rewards�and�savings.�However,�
they also tend to increase the possibility
that customers will be confused about
what they have agreed to and question
whether the product they purchase is in
their�best�interest.�Again,�there�has�been�

some criticism of sales and marketing
strategies�that�profit�from�human�mistakes�
bought about by in-built cognitive biases
or information asymmetries, such as
poor disclosures, deliberately misleading
marketing campaigns or making a product
easy�to�sign-up�to,�but�with�difficult�
cancellation�procedures.
Post-sale customer care that is absent
or whose purpose is more focused on
procuring additional sales rather than,
say, ensuring customer satisfaction or
ongoing product suitability, can also lead to
adverse�outcomes.�Failure�to�escalate�and�
investigate customer complaints can do the
same.�These�are�other�elements�that�can�
work to undermine good conduct as they
reduce the chance that customer needs
and�suitability�are�being�heard,�filtered�
through an organization and are guiding
future product design, marketing, sales
and�advice.
06
Managing conduct risk |Drivers of misconduct
How�an�individual�is�incentivized,�evaluated�
and�compensated�also�plays�a�significant�
role�in�shaping�their�professional�behavior.�
Performance-based remuneration
structures which peg compensation mainly
to sales volumes, revenue generation

or�profit�targets�(such�as�commissions�
or�an�annual�discretionary�bonus)�can�
tend�to�focus�attention�on�maximizing�
short-term�profit�and�crowd�out�other�
important concerns about longer-term
value generation, needs of customers and
broader�market�integrity�and�ethics.�
That�is,�it�is�easier�to�sacrifice�good�conduct�
and�take�on�excessive�risk�when�faced�with�
the�opportunity�to�make�extra�money�or�
the�pressure�to�deliver�against�targets.�
A case in point is recommending products
because they pay the highest commission
or incentive, rather than because they
are�the�best�fit�for�the�customer.�Another�
example�is�trading�strategies�that�ignore�
market integrity rules and longer-term
performance, because an individual’s
bonus is based on short-term
trading�profits.
Professional development programs
that do not adequately incorporate training
on values, ethics and conduct can further
exacerbate�risks.�Clearly,�people�cannot�be�
expected�to�abide�by�conduct�obligations�if�
they are not regularly made aware of what
those obligations are and taught how
to apply them to their day-to-day
business�activities.
Promotion, and other types of reward
and�recognition�programs,�which�chiefly�
reward money making abilities and give
little attention to other performance
indicators (such as adherence to business

values, people management skills,
customer and employee satisfaction
and�risk�awareness),�can�also�increase�
the�risk�of�unwanted�behavior.�
Similarly,�key�performance�indicators�(KPIs)�
that reward a large quantum of claims or
complaints�being�finalized�and�that�do�not�
incorporate consideration of the quality
of claims or complaints management can
incentivize�misconduct.�Other�examples�
include promoting the “bad apple” or
celebrating the employee at the top of the
sales league table (and pressuring those
at�the�bottom).�Paralleling�such�reward�
and recognition practices are decisions on
discipline, demotion and dismissal, such
as�failing�to�exit�the�high�performer�when�
they breach conduct codes or job security
based�on�meeting�quarterly�financial�
reporting�targets.
The human resource practices sketched
out above reinforce one another to
foster the belief that revenue generation
matters more than anything else within
the�organization.�In�this�context,�good�
conduct is not perceived as a professional
advantage.�When�faced�with�a�choice�
between�maximizing�profit�(or�minimizing�
costs)�and�acting�in�accordance�with�codes�
of conduct, decision-making can be skewed
to�the�former.
Failing to have a “balanced
scorecard” for human

resource decisions
Recruitment, remuneration,
promotion, professional development,
and dismissal decisions that value
short-term revenue generation
over other important aspects
of performance can incentivize
misconduct.
Hiring�decisions�that�are�chiefly�guided�by�
an�individual’s�ability�to�create�profits�for�a�
firm�have�been�identified�as�a�problematic�
feature�across�the�financial�services�
industry�by�regulators�worldwide.�For�
example,�recruitment�that�consistently�
ranks a history of sales or trading success
above other key factors (such as customer
satisfaction, management skills, technical
expertise,�integrity�or�conduct�record)�
will tend to build a workforce whose
behavior�mimics�this�ranking�(for�example�
by�placing�profitable�conduct�ahead�of�
ethical�conduct).�Conduct�goals�may�also�
be harder to achieve if the focus is only
on recruiting those who have attained the
highest academic scores without regard
to�areas�such�as�diversity�of�experience�
and�expertise�across�all�levels�of�the�
organization.�A�lack�of�focus�on�conduct�
and compliance history of employees has
been critiqued as allowing “bad apples” to
be�recycled�through�firms,�which�in�turn�
can facilitate the perpetuation and spread
of�unwanted�behavior.�A�2016�US�study,�
for�instance,�found�that�financial�advisory�

firms�who�hire�individuals�with�misconduct�
records usually have a higher rate of
misconduct�themselves.1
07
are not responsible or held to
account for misconduct
Just as conduct within a firm is
heavily influenced by what is seen
to be rewarded, failure to penalize
individuals involved, as well as
managers in charge, for ethically
or legally questionable behaviors
supports its perpetuation and can
foster a culture of impunity.
When�people�do�not�have�to�bear�the�
risk if things go wrong, they have a reduced
incentive�to�treat�that�risk�as�important.�
When�breaches�of�conduct�standards�
are not penalized, the message is sent
that contraventions are acceptable and
rules�are�bendable.�
A common critique to surface from conduct
related enforcement actions and inquiries
was the absence of personal responsibility
within�firms.�Many�individuals�were�aware�
that their activities were unacceptable but

openly�engaged�in�abuses�and�exhibited�
a belief that no negative consequences
would�follow.�Those�employees�who�
witnessed bad behaviors often failed to
report or escalate the matter, suggesting
they viewed the conduct as acceptable
practice or that raising concerns would not
lead�to�any�action�against�the�wrongdoer.�
Worse�yet,�in�some�cases�employees�may�
have felt that speaking up might have
resulted�in�retaliation.
Many�firms�have,�likewise,�been�faulted�
for�accountability�deficiencies�in�regards�
to the managers and supervisors who
presided�over�conduct�failings.�In�some�
organizations, there was no formalized
or hierarchical structure for management
accountability.�
In others, managers or supervisors
were unclear on their responsibilities for
a team’s professional behavior or
expressed�ignorance�of�poor�practices.�
Some�were�aware�and�even�complicit�in�
transgressions.�Each�of�these�scenarios�
indicate managers and supervisors had
a�level�of�confidence�that�they�were�not�
responsible or would not be admonished
for�their�team’s�standards�of�conduct.�
Another important part of discussions on
accountability has been the erosion and
reconfiguration�of�the�role�of�the�first�line�of�
defense�(individual�business�units)�and�the�
second line of defense (typically the risk,

compliance�and�product�control�functions).�
The�first�line�is�traditionally�responsible�
for “owning” the risks and therefore
responsible for assessing and managing
the risks in their business lines (including
conduct�risk),�while�the�role�of�the�second�
line is to monitor compliance with internal
and�external�requirements�as�well�as�to�
challenge,�question�and�engage�in�dialogue.�
In addition, the role of internal audit as the
third line, is to test and escalate matters
to help identify thematic issues such as
conduct patterns and provide assurance
to the board that the organization is
addressing�these�issues�satisfactorily.�
However,�what�gradually�happened�in�
many�firms,�and�what�enabled�conduct�
to�slip�in�many�cases,�was�that�the�first�
line delegated responsibility for managing
conduct�risk�to�the�second�line.�The�second�
line could then not carry out their duty to
provide�effective�and�proactive�challenge�
over business practices as they were on the
hook�for�operating�the�controls.�Similarly,�
internal audit has been criticized for not
being�adequately�staffed�to�help�identify�
thematic�problems.�
�“When�breaches�of�
conduct standards are
not penalized,�the�message�
is sent that contraventions
are acceptable and rules
are�bendable.”

08
Managing conduct risk |Drivers of misconduct
Failing to identify and
manage conflicts of interest
When an individual has two
competing objectives (a conflict of
interest) and there is an incentive to
act opportunistically, they may forgo
compliance with a competing legal,
professional or ethical obligation.
Failing�to�identify�and�manage�conflicts�of�
interest has been recognized as playing an
important role in the cases of misconduct
emerging�over�the�past�decade.�If�
conflicts�go�unmanaged,�opportunities�for�
misconduct�can�be�more�prevalent.�
Conflicts�can�arise�in�a�range�of�ways�in�
different�parts�of�a�firm.�Some�well-known�
examples�of�conflicts�that�have�been�
identified�as�incentivizing�misconduct�
within�financial�services�firms�include:
• Traders�being�able�to�both�influence�
the setting of a benchmark and trade in
products�that�reference�those�benchmarks.�
The potential risk being that the benchmark
will be manipulated to support successful
trading�strategies.
• An advisory team possessing non-public

information�about�a�customer.�The�
potential risk being that a team member
may�engage�in�insider�trading.�
• A�firm�that�engages�in�proprietary�
trading while its clients are active in
relevant�markets�at�the�same�time.�
The potential risk being that traders
may�exploit�knowledge�of�a�client’s�
confidential�trading�positions�to�advance�
their own strategies, to the detriment
of�clients�or�counterparties.
• A�firm�that�produces�research�reports�
for�customers�on�financial�products�and�
also�issues�or�trades�in�those�financial�
products.�The�potential�risk�being�that�
report recommendations may be designed
to�support�firm�product�sales�or�trading�
strategies and may not provide unbiased
advice�to�customers.
• Commissions are given to sell certain
products.�The�potential�risk�being�that�the�
firm’s�advisors�may�recommend�products�
that pay the highest commission over
those�that�best�meet�customer�needs.�
• Advice or wealth management businesses
that incentivize or metricate company-
developed�products.�The�potential�risk�
being that advisors may recommend
company-developed products at the
expense�of�those�that�may�be�the�most�
suitable�for�clients.

• Transactions, including loans and
trades,�are�executed�with�insiders�or�
affiliates�on�preferential�terms.�The�
potential�risk�being�that�it�may�expose
the�firm�to�claims�of�client�favoritism.
Subject�to�any�specific�legal�and�regulatory�
requirements,�conflicts�can�also�be�
managed�in�a�variety�of�ways�(for�example�
through disclosure, physical segregation of
individuals and teams, restricting access to
information�or�outright�prohibition).
�“If�conflicts�go�unmanaged,�
opportunities for
misconduct can be
more�prevalent.”
09
Complex, disconnected or
“growth at all cost”
businesses models
Conduct within complex or
disconnected organizations can be
difficult to manage. There may be
a tendency to develop silos where
different cultures, behaviors and
operational practices incubate. This
can erode enterprise-wide cohesion,
communication and coordination on

managing conduct. Further, business
models and strategies that are solely
focused on growth typically contain
inherent conduct vulnerabilities that
allow problems to spread and grow
more rapidly.
In a number of the cases of misconduct,
early warning signs were overlooked
or treated in isolation, patterns of poor
behavior�were�not�identified,�matters�were�
not escalated, detached teams had their
own unique ways of operating, and lessons
learnt in one business unit were not
applied�to�the�rest�of�the�organization.�
Offering�a�multiplicity�of�services�makes�
creating simple or uniform standards and
procedures�extremely�hard,�particularly�if�
operating�across�several�jurisdictions.�Such�
organizations are usually working within a
variety of cultural norms and are subject
to a diverse stack of often inharmonious
and challenging state, national, and global
regulation.�In�this�context,�policies�and�
processes around conduct can become
too generic or too convoluted, resulting in
unintended�or�discordant�interpretations.�
Often�a�myriad�of�technology�systems�
and data sources have accumulated over
time, making retrieval and connection of
information�arduous�and�time-consuming.�
Responsibility and accountability may
also�be�worn�thin�by�size�and�complexity;�
identifying the individual responsible for
an act can be tough when decision-making

is scattered across several jurisdictions,
numerous�business�units�and�different�
teams.�Similarly,�complex�and�disconnected�
organizations may face misplaced
confidence�amongst�their�people�that�
someone, somewhere else, is taking care
of�an�issue.�This�is�particularly�so�when�
control�and�responsibility�is�diffused�
through third party distribution and other
licensing�agreements.
In the environment described above, it is
challenging to know what remote teams
are doing, to comprehend the bigger
picture, connect dots and identify patterns
(critical to identifying potential or systemic
issues),�and�to�design�simple�conduct�
programs suitable to roll out across an
enterprise.�How�issues�are�tackled�end-
to-end may vary and the urge may be to
solve problems in a piecemeal or isolated
fashion, resulting in only minor and
temporary�improvements.�
Further, business models that do not take
customer needs into consideration, or that
are�otherwise�premised�on�the�existence�of�
one or more of the drivers of misconduct
for their success, can create an inherent
bias to “growth at all costs” throughout an
organization.�Growth�and�profitability�are,�
of course, important considerations for any
business;�however,�negative�outcomes�can�
occur from unrealistic or unsustainable
market�share�or�return�on�equity�goals.�
Product�complexity,�a�move�into�unknown�

or niche markets or prioritizing higher
margin�businesses�can�result.�As�business�
models have enterprise-wide impact,
undesirable behavior may also scale up
and spread rapidly across an organization
when the model is not conduct or
customer aligned, and such a model can
undermine controls designed to manage
misconduct�or�render�remediation�efforts�
as�only�localized�and�fleeting.
10
Further,�people�can�experience�unwieldy�
processes and procedures as pointless
bureaucratic roadblocks that undermine
business�agility.�The�danger�is�that�
individuals become skeptical about the
value of requirements, hostility develops
and it can then seem reasonable to ignore
controls, carry out manual workarounds
or�adopt�a�“tick-box”�attitude�toward�
compliance.�As�Thomas�C.�Baxter�of�
the�Federal�Reserve�Bank�of�New�York�
has�observed:�“In some large, complex
organizations, the rules can be difficult
and tedious … we comply … only because it
represents a mandatory but silly rule … and
not because the sanction seeks to address
a problem that all should find abhorrent” 2.�
Evading controls designed to prevent
misconduct�or�executing�a�procedure�
because you have to (rather than
appreciating�the�reason�for�it)�enhance�

the�risk�of�misconduct.�Internally-
developed procedural requirements that
serve less-critical conduct and compliance
purposes,�where�prolific,�can�also�work�
to undermine the integrity of risk and
compliance�approaches.
Manual and complicated
processes and procedures
Labor intensive or convoluted
processes and procedures increase
the chance of error and give people
the incentive and opportunity to
ignore controls that are designed to
prevent misconduct.
Compliance policy documents that span
hundreds of pages, inconsistent and at
times contradictory guidance, repetitive
risk approval processes, manual data
entry,�multiple�form�filling�on�a�single�issue,�
countless obligation databases, constant
change�in�process�and�procedures.�
This�is�a�state�of�affairs�that�is�not�
unfamiliar to many highly regulated and
complex�businesses.�The�result�may�be�
accidental�misconduct:�manual�processes�
are more prone to human error and a
dense policy or convoluted procedure
may not be correctly followed, because
it�was�not�understood.
�“People�can�experience�

unwieldy processes
and procedures as
pointless bureaucratic
roadblocks that undermine
business agility … it can
then seem reasonable to
ignore controls, carry out
manual workarounds or
adopt�a�“tick-box”�attitude�
toward�compliance.”
Disrespect for systems of governance
and�control�bought�about�by�complex,�
inconsistent and manual processes and
procedures�will�naturally�extend�to�those�
who are seen as responsible for their
design and administration, usually being
the�risk�and�compliance�function.�When�
such a mindset evolves, guidance and
challenge from these functions is unlikely
to be valued or followed, particularly when
up�against�potentially�conflicting�views�of�
highly�profitable�and�powerful�business�
units.�As�noted�previously,�weakness�in�
the second and third lines of defense has
been highlighted as a factor that made
possible�the�financial�services�misconduct�
seen�in�recent�years.�
11
Concerns have not just centered on absent
or substandard systems for identifying
poor�behaviors.�As�touched�on�in�the�

section on responsibility and accountability,
the failure to then take action and escalate
problems�that�have�been�identified,�as�
well as to use such intelligence to inform
updates to controls and to create more
proactive procedures, has also been the
subject�of�criticism.
While�recognizing�the�critical�importance�
that trust and autonomy plays in employee
satisfaction and productivity, it should
also be noted that internal monitoring
and surveillance for misconduct is a core
aspect of compliance and required under
many�regulatory�regimes.�Further,�if�
systems for monitoring and surveillance
are inadequate, management information
on conduct will likely be lacking, leaving
leadership unable to identify and manage
important�risks.
Weak systems for monitoring
and surveillance
If monitoring and surveillance
is nonexistent or inadequate,
misconduct can go undetected and
risks may not be appropriately
managed. Further, some individuals
may be more likely to engage in poor
behaviors because they estimate their
chance of being discovered as low.
The�UK’s�Fair�and�Effective�Markets�Review�

has commented that “an important lesson
from the enforcement actions of recent
years is that firms must ensure they have
the means to detect wrongdoing (since they
are closest to the actions of their own staff
and counterparties) and act decisively when
it is detected (since they stand to lose the
most, financially and reputationally)” 3.
Indeed weaknesses in monitoring and
surveillance were found to be an important
factor�in�explaining�how�behaviors�exposed�
in the benchmark manipulation cases could
be perpetrated by numerous individuals
over several years using electronic
messaging�services,�emails�and�telephone.�
The failure to monitor the quality of sales
processes,�for�example�by�recording�face-
to-face and telephone conversations, has
similarly been criticized in cases of mis-
selling.�Likewise,�the�failure�to�adequately�
monitor employee activity is a common
theme�in�rogue�trading�cases.�
“If systems for monitoring
and surveillance are
inadequate, management
information on conduct
will likely be lacking,
leaving leadership
unable to identify and
manage�important�risks.”
12

Disparate subcultures or a
problematic prevailing culture
Poor conduct can develop in a firm
that has various disparate subcultures
or when the prevailing culture does
not balance short-term financial
success with other important business
and ethical imperatives.
The shared set of values, mindsets and
assumptions�distinct�to�a�firm�–�its�culture�–�
is increasingly being seen as at the heart of
ethical�lapses�within�financial�services.�
In many cases, damaging behaviors
have been attributed to a corporate
culture that failed to balance concerns
about short-term commercial success
with other important business objectives
such�as�longer-term�sustainability;�the�
interests of customers, counterparties
and�employees;�the�maintenance�of�wider�
market�integrity;�and�upholding�ethical�
principles.�In�many�respects,�the�drivers�
of misconduct�discussed�above�can�be�
seen as observable manifestations of
such�a�culture.�
The failure to have a uniformity of culture
that is established at the very top of the
house, underpinned by a single guiding
business�purpose,�has�also�been�identified�

as allowing problematic subcultures to
emerge and go unmanaged within many
financial�services�organizations.�Clarity�of�
purpose and values means it is less likely
that�outcomes�are�traded�off�across�each�
other.�Without�such�clarity,�messaging�(and�
behavior)�can�become�inconsistent.�
For�example,�having�a�formal�customer�
centric purpose statement but then a
business model or regular communications
that focus on the centrality of superior
shareholder�return�can�result�in�mixed�
messages and confusion amongst
employees about the relative importance
of treating customers fairly versus
managing�profitability.�This�is�likely�to�be�
replicated across an enterprise, from
management reporting to budgets to items
on�meeting�agendas.
Another critical element of the discussion
on culture is the importance of leadership
in�defining,�communicating,�embedding,�
and substantively testing risk-related
attitudes, ethical values and standards
of�behavior�(i.e.,�risk�culture).�Authority�
provides the principal check on conduct
and those who possess authority set the
parameters of what is acceptable and
unacceptable.�That�is,�behavior�within�an�
organization is ultimately guided by the
explicit�and�implicit�messages�that�leaders�
communicate;�through�what�they�say�and�
also�what�they�do.�When�leaders�fail�to�
actively set the right tone and ensure that

it�infuses�throughout�the�firm,�the�reality�
of conduct may not match aspirations and
the “mood in the middle” or “echo from the
bottom”�can�differ�substantially�from�the�
“tone�at�the�top”.
13
The eight drivers often
overlap and, because each
firm�is�structured�differently,�
each driver will have
differing�levels�of�relevance.
14
Managing conduct risk | Restoring trust
Significant energy and resources are
being invested by the financial services
industry and its regulators to improve
conduct. Addressing misconduct is one
of the Financial Stability Board’s (FSB)
priorities and, to this end, the
international body is pursuing “a major
work program” that has seen a working
group set up to drive efforts and
recommendations on reducing

misconduct in the financial sector due
for release in the first half of this year.4
The importance of embedding a good
culture and cultivating good conduct is
recognized as key in restoring
reputational capital, retaining customers,
building a sustainable business and
maintaining a competitive advantage.
This is perhaps even more pressing in the
current environment where governments
are looking for ways to augment and
diversify competition in the financial
services industry. Some of the responses
to restoring trust are outlined on the
pages that follow.
—
Restoring trust
Industry, regulators and governments are designing
ways to address the drivers of misconduct and raise
standards�within�financial�services�firms,�which�in�turn
�
is�helping�to�restore�trust�in�the�industry.�
Challenges,�however,�still�remain.
15
Figure 2.
Responses for
restoring trust
Responses for restoring
trust in the firm and

to support employees, customers
and market integrity
Customer needs and
suitability steer
the product lifecycle
Automated and
streamlined processes
and procedures
A clear unified culture,
underpinned by a
singular business purpose
have clear responsibilities
and are held to
account for poor conduct
Advanced systems
for monitoring
and surveillance
Conflicts of interest are
proactively identified
and managed throughout
the organization

Human resource decisions
based on
“balanced scorecards”
that reward good conduct
A cohesive organization
with a conduct-aligned
business model
16
Many�firms�are�continuing�to�identify�better�
ways to incorporate the customer’s needs
and suitability into the entire product
lifecycle;�from�design�to�marketing,�sales,�
distribution�and�post-sale�customer�care.�
This includes new training modules on
needs and suitability, mystery shopping,
post-sale customer surveys/analytics,
enhancements to complaints and
escalation procedures, and tightening rules
on how to treat customers, as well as new
processes for assessing a customer’s level
of�financial�sophistication.�
Ensuring customer needs
and suitability steer product
lifecycle decisions

Various product governance and consumer
protection obligations across jurisdictions
mean�that�firms�need�to�understand�
whether�products�are�fit�for�purpose�
and actions are in the customer’s best
interest.�In�the�EU,�the�Markets�in�Financial�
Instruments�Directive�II�(MiFID�II)�will�
introduce new rules in 2018 to enhance
investor protection by regulating all stages
of the lifecycle of investment products
and�services.5 The Insurance Distribution
Directive will introduce similar rules in 2018
in relation to insurance products6.
In Australia, new product design and
distribution obligations are being
proposed to ensure that products are
targeted at the right people7.�Behavioral�
analytics�is�also�being�explored�by�both�
regulators and industry to provide better
customer�outcomes.�The�UK’s�Financial�
Conduct�Authority�(FCA)�has�published�a�
paper describing how it uses behavioral
economics�in�the�regulation�of�financial�
conduct8�and�the�Australian�Securities�and�
Investments�Commission�(ASIC)�has�set�
up a behavioral economics team within
its strategic intelligence unit9.�Further,�
in�the�US�rules�were�proposed�around�
standards�of�fiduciary�duty�and�incentive�
compensation, and the Consumer Financial
Protection�Bureau�(CFPB)�was�created.�
�“Many�firms�are�continuing�
to identify better ways to
incorporate the customer’s

needs and suitability into
the�entire�product�lifecycle;�
from design to marketing,
sales, distribution and
post-sale�customer�care.”
17
Building “balanced scorecards”
for human resource decisions
Organizations�are�placing�increased�
emphasis on an individual’s ethical,
compliance and regulatory history
during the hiring process and refreshing
recruitment, induction, training and
development�frameworks.�Regulators�
are enhancing the information that is
available about the conduct of individuals,
as well as toughening punishments for
misconduct.�Ways�to�raise�standards�of�
professionalism,�for�example�through�
educational requirements, are also being
investigated.�In�the�UK,�mandates�are�
being implemented to help prevent the
“recycling”�between�firms�of�individuals�
with poor conduct records through
a more comprehensive references
process10.�In�the�US,�the�Financial�
Industry�Regulatory�Authority�(FINRA)�
is using advanced analytics to identify
registered representatives with potentially

problematic regulatory histories11 and in
2017 will be devoting “particular attention”
to�firms’�hiring�and�monitoring�of�high-
risk and recidivist brokers12.�In�Australia,�
legislation has been passed to raise
the professional, ethical and education
standards�of�financial�advisers13 and the
Monetary�Authority�of�Singapore�(MAS)�
is adding an ethics and skills component
to�existing�financial�adviser�and�market�
intermediary competencies14.
There�has�been�significant�focus�on�
compensation�and�remuneration.�
Many�firms�have�put�limits�on�bonuses,�
aligned internal policies on variable
compensation to longer-term risk and
implemented mechanisms for in-year
bonus adjustments, deferrals, and
clawback�in�cases�of�misconduct.�Firms�
are now focusing on building structures to
encourage positive conduct, such as linking
performance objectives to ethical codes
and�incorporating�non-financial�objectives�
into�performance�assessments�(e.g.,�
customer satisfaction and cooperation
with�control�functions).�In�Europe,�the�
remuneration requirements under Capital
Requirements�Directive�(CRD)�IV�require�
firms�to�identify�“risk�takers”�and�have�
specific�requirements�in�relation�to�bonus�
caps and long-term incentive structures
to encourage key people to think beyond
short-term�profits15.�The�Financial�Stability�
Board�(FSB)�is�taking�action�to�improve�
the alignment between remuneration and

conduct risk by conducting consultations
on the use of compensation tools and
recommendations for consistent national
reporting and collection of data16.�
�“Organizations�are�
placing increased
emphasis on an individual’s
ethical, compliance and
regulatory history …
There�has�been�significant�
focus on compensation
and�remuneration.”
18
Proactive processes for
identifying and managing
conflicts of interest
Rules�on�conflicts�of�interest�have�been�
strengthened�by�some�authorities.�In�the�
EU,�for�instance,�MIFID�II�requires�that�
“all appropriate steps be taken to identify
and to prevent or manage conflicts of
interest” 21�and,�in�the�US,�the�Volcker�Rule22
has�prohibited�proprietary�trading.�The�
FSB�meanwhile�has�been�coordinating�the�
global reform of benchmark design and
methodology�to�address�inherent�conflicts.�
Firms are conducting enterprise-wide
reviews to develop a deeper understanding
of�where�conflicts�may�occur�and�designing�
controls�to�manage�those�conflicts,�

for�example�by�enhancing�information�
barriers, physically segregating teams and
ensuring�supervisory�oversight�of�conflicts.
Ensuring individuals and
leadership are responsible and
accountable for conduct
Regulators and prosecutors have been
devising ways to augment accountability for
misconduct.�The�UK’s�Senior�Managers�and�
Certification�Regime�(SM&CR),�for�instance,�
makes senior managers personally
accountable�for�firm�contraventions�of�
relevant requirements unless they have
taken reasonable steps to prevent the
contravention17. In�the�US,�a�2015�memo�
from�the�Deputy�Attorney�General�of�
the�United�States�(“the�Yates�Memo”)�
included�requirements�that�firms�provide�
all relevant facts about individuals involved
in corporate misconduct in order to qualify
for cooperation credit18.�Hong�Kong’s�
Securities�and�Futures�Commission�(SFC)�
has also recently introduced measures
for strengthening senior management
accountability19. The�FSB�is�examining�
whether steps are needed to improve
standards�in�the�fixed�income,�currency�
and commodity markets in order to
increase individual accountability and
support�enforcement�efforts20.�
“Firms meanwhile are

focusing on ensuring
the�first�line�owns�risk�
in their business line,
strengthening second line
challenge, and creating a
‘speak�up’�culture.”
“Firms are conducting
enterprise-wide reviews
to develop a deeper
understanding of where
conflicts�may�occur�and�
designing controls to
manage�those�conflicts.”
Firms meanwhile are focusing on
ensuring�the�first�line�owns�risk�in�their�
business line, strengthening second
line challenge, and creating a “speak up”
culture.�For�example,�management�maps�
are being drawn up to clearly articulate
and communicate roles and
responsibilities, rotations between
business and risk management are
being implemented, and new training
is being rolled out for business units
on risk and to the second line on how
to�effectively�perform�their�challenge�
function.�In�addition�employee�issue�
escalation processes and customer
complaints�workflows,�with�special�
attention to whistleblowing, are being
reviewed�and�strengthened.�Key�areas�
of focus include the implementation of
measures to ensure issues and complaints
are actioned in a timely and consistent

manner,�confidentiality�of�the�reporter�is�
maintained, and the necessary
provisions are in place to protect
against�potential�retaliation.�
19
Strengthening and
modernizing monitoring and
surveillance capabilities
Legislation�requiring�recording�and�
monitoring of transactions and
communications, as well as reporting
and recordkeeping of the same, have
been�boosted�in�many�key�jurisdictions.�
MIFID II and the Market Abuse Regulation
(MAR)24�in�the�EU�and�Dodd–Frank�Wall�
Street�Reform�and�Consumer�Protection�
Act�in�the�US�are�examples.�Many�firms�are�
making improvements to their monitoring
and surveillance capabilities to meet
these�regulatory�expectations.�Some�are�
scaling�up�headcount.�Others�are�applying�
sophisticated technology and analytics to
leverage current data and create predictive
and�preventative�systems.
Creating a cohesive organization
with a conduct-aligned
business model

Industry and regulators are both working
to ensure that good governance and
supervision�are�bought�into�the�core.�
Isolation or remoteness is no longer
being�accepted�as�an�excuse�for�instances�
of�misconduct.�Governance,�conduct�
and risk management frameworks are
being designed to have enterprise-wide
penetration and with direct lines to the
executive.�Firms�are�reviewing�their�
business models, making them more
customer centric and identifying any other
potential�conflicts�with�desired�conduct�
outcomes.�Regulators�are�also�adopting�
a more holistic and forward looking
approach.�Japan’s�Financial�Services�Agency�
(JSFA)�“dynamic supervision” approach is
one�example�and�involves�the�regulator�
concentrating on “better quality financial
services to customers (or best practices)”
rather than “a formality check of financial
institutions compliance with rules and
regulations (or minimum standards)”, as
well as a move from “individual parts to
total picture” in which underlying root
causes are addressed “rather than focusing
too much on individual instances” 23.
Automating and streamlining
processes and procedures
Some�firms�are�reviewing�and�refreshing�
their risk and compliance processes and
procedures to simplify, rationalize, and
optimize�them;�such�that�there�are�fewer,�
but�better,�rules.�Duplicate�or�overlapping�

requirements are being consolidated,
contradictions�clarified�and�procedures�and�
processes�identified�as�unnecessary,�low�
value�or�redundant�are�being�axed.�Other�
firms�are�challenging�and�changing�the�
way processes and procedures are set, or
leveraging technology to automate manual
routine�tasks.�Regulatory�concerns�and�
expectations�around�effective�processes�
and procedures seem primarily driven by
reporting�requirements�(for�example,�those�
around data gathering and aggregation for
capital�stress�testing).�However,�a�knock�
on�effect�has�been�to�provide�further�
urgency to enhancing the quality of risk
and�compliance�rules�and�requirements.�
Similarly,�digital�transformation�projects�
aimed at modernizing the business so as to
meet�evolving�customer�expectations,�are�
providing�an�additional�impetus�for�firms�to�
overhaul labor intensive and cumbersome
processes�and�procedures.
“Duplicate or overlapping
requirements are
being consolidated,
contradictions�clarified�
and procedures and
processes�identified�as�
unnecessary, low value or
redundant�are�being�axed.”
20

Meanwhile regulators are undertaking
detailed�reviews�of�firm�culture.�In�the�
US,�FINRA�has�been�conducting�targeted�
exams,�known�as�“sweeps”,�on�how�firms�
establish, communicate and implement
cultural values, and whether these are
guiding appropriate business conduct25.�
The�Federal�Reserve�Bank�of�New�York�
has set up a dedicated webpage on
financial�services�culture�and�behavior26.�
In�Europe,�De�Nederlandsche�Bank�has�
created a center that undertakes behavior
and�culture�reviews�of�firms,�designed�
to�help�early�identification�of�unhealthy�
corporate culture27. The�UK’s�FCA�has�
put governance and culture as one of
its�priorities�for�2016/201728;�while�for�
Canada’s�Office�of�the�Superintendent�of�
Financial�Institutions�(OSFI),�enhancing�the�
ability to assess how risk culture and other
drivers of behavior support or undermine
effective�risk�management�is�a�2017–2020�
priority 29. In�Asia�Pacific,�the�Hong�Kong�
Monetary�Authority�(HKMA)�has�recently�
provided guidance on promoting sound
culture in banks30 and the Australian
Prudential�Regulation�Authority�(APRA)�will�
be�conducting�pilot�reviews�of�firm�culture�
in the year ahead31.
Defining and embedding
a clear unified culture
Improving�firm�culture�is�at�the�top�of�

everyone’s agenda today and is seen
as central to the restoration and
maintenance of good conduct within
the�financial�services�industry.�Firms�are�
rolling out change programs focused
on culture that include comprehensive
communications plans, developing
socially-desirable purpose statements
that emphasize support for customers
or broader society, and proactively and
systematically assessing the role culture
plays with respect to risk, conduct and
compliance.�Culture�and�conduct�are�also�
being embedded into risk management
frameworks, placed as regular discussion
topics on board agendas and incorporated
into strategies, business models and
governance�arrangements.�Desk�heads�
and intermediate supervisors are being
trained on the important role that they
play in communicating and developing
capabilities for timely prevention and
detection of unacceptable standards of
conduct.�Industry-wide�efforts�are�also�
underway,�in�the�UK�for�instance�the�
Banking�Standards�Board�has�been�set�up�
to annually benchmark, assess and report
on�good�culture�across�the�banking�sector.�
�“Improving�firm�culture�
is at the top of everyone’s
agenda today and
is seen as central to
the restoration and
maintenance of good
conduct within the

financial�services�industry.”
21
There�are�signs�that�all�these�efforts�to�improve�
standards�of�conduct�within�industry�are�paying�off.�
The�2016�Edelman�Trust�Barometer�reports�that�global�
trust�in�financial�services�has�increased�eight�points�ov
er�
the�past�five-
years,�the�biggest�increase�of�any�industry�
in the surveys32. Nonetheless,�meeting�regulatory�
requirements�and�expectations�around�managing�
conduct�remains�challenging�for�firms,�particularly�due�
to�the�proliferation�of�complex�and�onerous�financial�
services�regulation�that�has�emerged�since�the�financial
�
crisis�(and�that�continues�to�shift�and�evolve).�Managin
g�
the cost of regulatory compliance is one of the biggest
challenges�for�financial�services�organizations33.
Compliance�costs�for�a�financial�institution�can�be�over
�
$1bn every year and governance, risk management
and�compliance�now�represent�an�estimated�10–15%�
of�the�total�financial�services�workforce34.
Overall,�these�
significant�investments�in�regulatory�change�programs�
and�compliance�pose�a�challenge�to�profitability.�And�
few organizations can provide evidence that their
investments in improving culture and fewer misconduct
incidents�are�helping�with�the�bottom�line.
And�this�is�when�technology�can�make�a�difference.�

There is a growing interest in how innovative
technologies�can�help�organizations�fulfill�regulatory�and
�
compliance�requirements�more�efficiently�and�effectively.
�
Can the latest breed of innovative technologies provide
new,�improved�and�more�cost�effective�ways�not�just�t
o�
catch misconduct in a timely fashion, but actually help
address the drivers of poor conduct?
Continuing challenges
22
Managing conduct risk | A new approach through innovation
—
A new approach
through innovation
It is well established that innovation is disrupting the
way�that�financial�services�are�being�provided�to�
consumers.�The�focus�is�now�being�turned�toward�
internal operations, with innovation being used to power
better�regulatory�and�compliance�outcomes.�The�time�
is right to consider how new technologies can help
manage�conduct�risk.
There is an expanding list of exciting
technological advances and innovations
that are driving disruptive innovation.
On page 24, we explore some of the

developments and technologies that offer
the hope of significant efficiency and
value gains by automating, simplifying
and streamlining processes; integrating,
aggregating and visualizing vast volumes
of structured and unstructured data;
effortless customization and scalability;
enlisting self-learning machines to carry
out intuitive tasks and real–time, possibly
predictive and pre-emptive, systems
replacing post-factum, reactive analysis.
The use of new technologies to fulfill
regulatory and compliance requirements
more efficiently and effectively is
commonly referred to as “RegTech”
(regulatory technology). Enlisting
technology to help ease the burden of
regulatory compliance is not new.
However the current buzz around
RegTech is how the innovations and
technologies that are transforming the
way we provide financial services (some
of which are noted on page 24) could
also be harnessed to transform the way
we go about meeting regulatory and
compliance obligations.
It is certainly the right time for firms
to explore and trial RegTech solutions.
Technological innovation is providing
entirely new ways of doing established
activities. Regulators and organizations
are sponsoring various initiatives to
nurture innovation within the financial
services industry. FinTech “hubs” and

“regulatory sandboxes” are being set up
to cultivate the growth of start-ups and
provide a flexible regulatory environment
in which applications of novel
technologies can be road-tested. Industry
is also investing deeply, setting up new
teams to drive innovation, and partnering
with technology players to develop
solutions. Moreover, compliance costs are
reaching unsustainable levels and not
always producing desired results.
Technology that can improve efficiency
and value must be considered.
On the pages that follow we consider
a sample of ways in which innovative new
technologies could be used by firms to
address the drivers of poor conduct and
thereby help them to manage their
conduct risk, meet regulatory
expectations and produce better
customer outcomes.
23
Figure 3.
Innovative solutions for
managing conduct risk
Technology that
supports the ongoing

assessment of customer
needs and suitability
Technology that automates
and streamlines processes
and procedures
Technology that continually
tests cultural values
and identifies red flags
Technology to streamline
and strengthen
accountability systems
Technology that modernizes
and automates monitoring
and surveillance
Technology that
can proactively identify
and manage conflicts
Technology that
helps build a
“balanced scorecard”
for HR decisions
Technology that helps
to integrate

systems and teams
Innovative solutions
for managing conduct risk
24
• Robotic process automation (RPA)
is allowing software robots to perform
routine business processes, such as
moving files between folders, filling in
forms and data validation.
• New big data technologies and
techniques are enabling the varied
and colossally-sized datasets that
organizations hold to be efficiently
aggregated, stored and managed.
• Cognitive technologies and
artificial intelligence (AI) are enabling
machines to perform more and more
tasks that have hitherto required
human intelligence, such as decision-
making, visual perception, speech
recognition, analysis of unstructured
data and natural language processing
(NLP), as well as learning on the basis of
pure exposure to large data sets (rather
than through instruction).
• Advanced analytic techniques,
such as behavioral and video analytics,
that enlist sophisticated algorithms

and cognitive technology allow
meaningful insights to be gleaned
from huge pools of data in a fraction
of the time it would take a human to
perform the task.
• Augmented reality (AR) and virtual
reality (VR) are intersecting with
Internet of Things (IOT) technology to
bring virtual and real worlds together,
integrating and extending the digital
and physical landscapes to create a
“mixed reality”, with applications such
as 3D training models and remote
operation of machinery.
• Application programming interface
(API) is facilitating the integration
of systems, technologies and
functionalities.
• Biometric technology is providing new
ways to verify identity, such as through
fingerprint sensors, iris scanning and
typing tempo.
• Cloud applications are facilitating the
hosting of data, systems and services
on the internet, providing significant
savings and greater flexibility, scalability
and configurability.
• Quantum computing is promising to
deliver millions of times the processing
capacity of a traditional computer.

• Distributed ledger technology (DLT),
which provides a distributed,
shared and encrypted database that
maintains near tamper proof data,
has the potential to significantly
improve data security and integrity,
enhance transparency and auditability,
reduce the chance of single point of
failure and remove the need for third
party intermediation.
Examples�of�recent�
developments and technologies
driving�disruptive�innovation:
25
Technology that supports
the ongoing assessment of
customer needs and suitability
• Visual�network�analytics�to�find�data�
relationships relevant to customer
needs�(e.g.,�data�integration,�dynamic�
relationship�mapping).
• Interactive visual analytics to reveal
insights�from�large�data�sets�(e.g.,�from�
public,�cloud,�social�network,�enterprise).
• Customer value, customer segmentation,
and�customer�satisfaction�analytics.

• Natural�language�processing�to�gain�
insights from a wider pool of customer
data and facilitate automation of
customer communications and
suitability�assessments.
Technology that helps build
a “balanced scorecard” for
HR decisions
• Cognitive�computing�to�analyze�context,�
content and relationships within big
data sets and to reveal critical trends
and�findings�about�an�individual�or�
across�cohorts�(e.g.,�from�professional�
registers, performance reviews, customer
feedback,�complaints).�
• Software�that�automates�connections�
between performance management and
organizational�objectives.
Technology that can proactively
identify and manage conflicts
• Master access control to set parameters
and provide alerts when controls
are�violated.
• Automated enforcement of ethical walls,
segregation�of�duties,�and�watch�lists.
• Big�data�analytics�and�algorithms�to�map�
personal or business connections and
internal�and�external�networks.

• Cognitive technologies and predictive
analytics�to�accelerate�conflict�scenario�
simulation�and�analysis.
Technology that streamlines
and strengthens systems of
accountability
• Distributed ledger technology to
strengthen�the�audit�trail�by�simplification�
of record keeping, enhancing
transparency, robust time stamping and
protection�against�manual�change.
• Automated enforcement of
escalation�procedures.
26
Technology that modernizes
and automates monitoring
and surveillance
• Machine learning algorithms to
search and aggregate across multiple
mediums�(e.g.,�voice,�email,�video,�
social�media,�instant�messaging)�
and�flag�potential�violations.
• Natural�language�processing�to�automate�
communications�monitoring�(e.g.,�phone,�

text,�instant�messaging).
• Biometric�technology�to�enhance�
identity�verification�procedures.
• Relationship, behavioral and content
analytics to facilitate pre-emptive and
proactive�measures.
• Big�data�analytics�and�machine�learning�
to predict future behaviors based on
large-scale analysis of the particulars
and�patterns�in�prior�incidents.
Technology that helps
integrate systems and teams
• Application programming interfaces
and integration systems to facilitate
interoperability and system
communication.
• Distributed ledger technology for
enhanced transparency and access
to�a�“single�source�of�truth”.
• Regulatory radar software to identify
regulatory change and cognitive
technologies to assess application
and�impact.
• Mixed�reality�applications�to�improve�
communication and collaboration
between remote teams and break
down�functional�silos.

Technology that facilitates
continual testing of cultural
values and identification
of red flags
• Big�data�analytics�to�scan�patterns�
of behavior across technologies
and systems to surface potential
vulnerabilities and model behavioral
risk�(e.g.,�from�sources�such�as�
complaints, risks, incidents, near misses,
staff�feedback�and�employee�surveys,�
social media, individual performance,
remuneration and incentives, human
resource�and�compliance�data).�
• Modelling of organizational performance
and�risk�culture.�
• Real-time�pulsing�of�staff�to�test�the�mood�
of the organization, providing frequent
and contemporaneous feedback on
culture throughout an organization and
at�all�levels�(including�external�partners�
and�value�chain�participants).
Technology that automates
and streamlines processes
and procedures
• Robotic process automation to
automate�routine�processes.
• Distributed ledger technology to
strengthen against manual workarounds,
reduce errors deriving from duplication

and�eliminate�manual�efforts�required�to�
perform�data�reconciliation.
27
—
Conclusion
In this paper we have sought to identify the common
themes�and�drivers�of�misconduct�in�the�financial�
services�industry,�with�a�view�to�helping�firms�identify
�
and�manage�their�conduct�risk.�We�have�also�explored
�
industry and regulatory responses for restoring trust
and have suggested some potential RegTech solutions
to�help�firms�think�about�ways�to�optimize�outcomes�
in�a�more�cost�effective�way.
Expecting to eradicate misconduct
incidents in financial services
organizations is unrealistic, and hence the
regulatory agenda continues to evolve its
focus. Financial services organizations of
all types are being expected to put in
place a proactive framework to
continuously identify and tackle poor
conduct, and the role of technology
cannot be ignored.
While technology can itself provide
a means to carry out misconduct (think
algorithmic strategies with biased code,

or cyber breaches and privacy leaks)
innovative technologies can also be part
of the solution. There are still significant
hurdles to work through, much of the
RegTech market is in its infancy and many
of its ideas are only at proof of concept
stage (for example, many distributed
ledger technology and artificial
intelligence solutions). Nonetheless
RegTech represents an important
opportunity to explore innovative
processes supported by technologies
that can drive the right outcomes.
The promise of an organization that
functions effectively with a strong culture
and good conduct is worth the effort. Few
will dispute that managing poor conduct
is essential to be on strategy, and for
maintaining the trust of customers,
regulators and the broader market.
Similarly, few would dispute that business
success today is intimately connected
with an ability to harness innovative
technology quickly and enthusiastically.
Designing the right conduct program
supported by the right technology
solution starts by bringing together
business, technology and regulation
experts. Tapping into this collective pool
of knowledge will best draw out the
relevant conduct issues that undermine
executing on strategy, and enable a
bespoke and sustainable solution to be
developed. By identifying the core drivers

of misconduct, the ways that regulators
and industry have sought to address
these drivers, and the new technologies
that can optimize responses we hope to
have provided ideas for a strong
foundation from which to build a
conduct program that will inspire trust.
Managing conduct risk | Conclusion
28
Managing conduct risk | End notes
1�Egan,�Matvos�and�Seru�The Market for Financial
Advisor Misconduct
(1�March�2016)�http://papers.ssrn.com/sol3/papers.cfm?abstr
act_id=2739170
2�Thomas�C�Baxter,�Executive�Vice�President�and�Gen
eral�Counsel�of�the�Federal�
Reserve�Bank�of�New�York�The rewards of an ethical
culture,�London�
(20�January�2015)�http://www.bis.org/review/r150121a.pdf
3�Fair�and�Effective�Markets�Review�Final
Report�(June�2015)�
http://www.bankofengland.co.uk/markets/Documents/femrjun15
.pdf
4�FSB�Chair’s letter to G20 Leaders Building a resilient and
open global financial
system to support sustainable cross-border investment
http://www.fsb.org/wp-content/uploads/FSB-
Chair%E2%80%99s-letter-to-G20-
Leaders-in-advance-of-their-meeting-in-Hangzhou-on-4-5-
September..pdf

5�Directive�2014/65/EU�of�the�European�Parliament�and
�of�the�Council�of�
15�May�2014�on�markets�in�financial�instruments�and�
amending�Directive�
2002/92/EC�and�Directive�2011/61/EU�http://eur-
lex.europa.eu/legal-content/EN/
TXT/?uri=CELEX:32014L0065
6�Directive�(EU)�2016/97�of�the�European�Parliament�a
nd�of�the�Council�
of�20�January�2016�on�insurance�distribution�(recast)
http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX%3A32016L0097
7�Australian�Government�Design and Distribution
Obligations and Product
Intervention Power, Proposals Paper (December�2016)�
http://www.treasury.gov.au/~/media/Treasury/Consultations%20
and%20Reviews/
Consultations/2016/Design%20and%20distribution%20obligatio
ns/Key%20
Documents/PDF/Design-and-distribution-obligations.ashx
8 FCA Applying behavioral economics at the Financial Conduct
Authority
(April�2013)�https://www.fca.org.uk/publication/occasional-
papers/occasional-
paper-1.pdf
9�Peter�Kell,�ASIC�Deputy�Chairman�ASIC and
behavioral economics:
Regulating for real
people�Brisbane,�Australia�(18�October�2016)�
http://download.asic.gov.au/media/4051518/peter-kell-speech-
qube-symposium-
published-21-october-2016.pdf
10 FCA Strengthening accountability in banking and insurance:
regulatory references final rules: PS
16/22�(September�2016)�
https://www.fca.org.uk/publications/consultation-

papers/strengthening-
accountability-banking-insurance-reg-refs
11�Richard�G.�Ketchum,�FINRA�Chairman�and�Chief�E
xecutive�Officer�Remarks From
the 2016 FINRA Annual
Conference�Washington,�DC�(23�May�2016)�http://www.f
inra.
org/newsroom/speeches/052316-remarks-2016-finra-annual-
conference
12�FINRA�2017 Annual Regulatory and Examination
Priorities Letter�(February�2017)�
http://www.finra.org/sites/default/files/2017-regulatory-and-
examination-priorities-
letter.pdf
13
Corporations�Amendment�(Professional�Standards�of�Finan
cial�Advisers)�Bill�
2016�http://www.aph.gov.au/Parliamentary_Business/Bills_Leg
islation/Bills_Search_
Results/Result?bId=r5768
14�MAS�Consultation Paper on Review of Competency
Requirements for
Representatives Conducting Regulated Activities under the
Securities and Futures
Act and Financial Advisers
Act�(December�2016)�http://www.mas.gov.sg/News-and-
Publications/Consultation-Paper/2016/Review-of-Competency-
Requirements-for-
Reps-under-SFA-and-FAA.aspx
15�Directive�2013/36/EU�of�the�European�parliament�an
d�of�the�council�
of�26�June�2013�http://eur-
lex.europa.eu/LexUriServ/LexUriServ.
do?uri=OJ:L:2013:176:0338:0436:En:PDF
16�FSB�Measures to reduce misconduct risk: Second Progress
Report

(1�September�2016)�http://www.fsb.org/wp-
content/uploads/Measures-to-reduce-
misconduct-risk-Second-Progress-Report.pdf
17 FCA Senior Managers and Certification Regime
https://www.fca.org.uk/firms/senior-managers-certification-
regime
18�US�Department�of�Justice,�Office�of�the�Deputy�At
torney�General�
Individual Accountability for Corporate
Wrongdoing�(9�September�2015)�
https://www.justice.gov/dag/individual-accountability
19�SFC�Circular to Licensed Corporations Regarding
Measures for Augmenting
the Accountability of Senior
Management�(16�December�2016)�
http://www.sfc.hk/edistributionWeb/gateway/EN/circular/interm
ediaries/licensing/
doc?refNo=16EC68
20�FSB�Chair’s letter to G20 Leaders Building a resilient and
open global financial
system to support sustainable cross-border investment
http://www.fsb.org/wp-content/uploads/FSB-
Chair%E2%80%99s-letter-to-G20-
Leaders-in-advance-of-their-meeting-in-Hangzhou-on-4-5-
September..pdf
21�Article�23(1)�Directive�2014/65/EU�of�the�European
�Parliament�and�of�the�
Council�of�15�May�2014�on�markets�in�financial�instru
ments�and�amending�Directive�
2002/92/EC�and�Directive�2011/61/EU�http://eur-
lex.europa.eu/legal-content/EN/
TXT/?uri=CELEX:32014L0065
22�§�619�(12�U.S.C.�§�1851)�Dodd–
Frank�Wall�Street�Reform�and�
Consumer Protection Act,

https://www.gpo.gov/fdsys/pkg/PLAW-
111publ203/html/PLAW-111publ203.htm
23�JFSA�Summary Points from Progress and Assessment of
the Strategic Directions
and Priorities 2015–2016�(September�2016)�
http://www.fsa.go.jp/en/news/2016/20161028-2/01.pdf
24�Regulation�(EU)�No�596/2014�of�the�European�Parli
ament�and�of�the�Council�of�
16�April�2014�on�market�abuse�(market�abuse�regulatio
n)�and�repealing�Directive�
2003/6/EC�of�the�European�Parliament�and�of�the�Coun
cil�and�Commission�
Directives�2003/124/EC,�2003/125/EC�and�2004/72/EC�Te
xt�with�EEA�relevance,�
http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=celex%3A32014R0596
25�FINRA�Establishing, Communicating and Implementing
Cultural Values
(February�2016)�http://www.finra.org/industry/es tablishing-
communicating-and-
implementing-cultural-values
26�Federal�Reserve�Bank�of�New�York�Governance &
Culture Reform
https://www.newyorkfed.org/governance-and-culture-reform
27�De�Nederlandsche�Bank�Behaviour and Culture in the
Dutch financial sector
https://www.dnb.nl/en/binaries/DNB%20brochure%20gedrag%2
0en%20
cultuur%202015%20ENG_tcm47-326577.pdf?2017022001
28 FCA Business Plan 2016/17
https://www.fca.org.uk/publication/corporate/
business-plan-2016-17.pdf
29 2017–2020 OSFI Priorities http://www.osfi-
bsif.gc.ca/Eng/osfi-bsif/rep-rap/pp/
Pages/pp1720.aspx
30�HKMA�Circular B1/15C B9/146C: Bank Culture

Reform�(2�March�2017)�
http://www.hkma.gov.hk/media/eng/doc/key-
information/guidelines-and-
circular/2017/20170302e2.pdf
31 APRA Information Paper: Risk
Culture�(October�2016�)�http://www.apra.gov.au/
CrossIndustry/Documents/161018-Information-Paper-Risk-
Culture.pdf
32 Edelman 2016 Edelman Trust Barometer: Trust in Financial
Services
http://www.edelman.com/insights/intellectual-property/2016-
edelman-trust-
barometer/state-of-trust/trust-in-financial-services-trust-
rebound/
33�Deloitte�University�Press�Global risk management
survey, 10th edition:
Heightened uncertainty signals new challenges
ahead�(March�2017)�
https://dupress.deloitte.com/dup-us-en/topics/risk-
management/global-risk-
management-survey.html
34�BBVA�Research�Digital Economy
Outlook�(February�2016)�https://www.
bbvaresearch.com/wp-content/uploads/2016/02/DEO_Feb16-
EN_Cap1.pdf
* 2016 Edelman Trust Barometer
http://www.edelman.com/insights/intellectual-
property/2016-edelman-trust-barometer/global-results/
^ CCP Research Foundation Conduct Costs Project, Report
2015�(July�2016)�
http://conductcosts.ccpresearchfoundation.com/conduct-costs-
results
†�Minouche�Shafik,�Bank�of�England�From ‘ethical drift’
to ‘ethical lift’:
Reversing the tide of misconduct in global financial
market�(20�October�2016)�

Financial Conduct AuthorityConsumer Vulnerability Februa

Financial Conduct AuthorityConsumer Vulnerability Februa

Recommended

Recommended

More Related Content

Similar to Financial Conduct AuthorityConsumer Vulnerability Februa

Similar to Financial Conduct AuthorityConsumer Vulnerability Februa (20)

More from ChereCheek752

More from ChereCheek752 (20)

Recently uploaded

Recently uploaded (20)

Financial Conduct AuthorityConsumer Vulnerability Februa