conduct risk - parker-fitzgerald.com...not limited to, incident reporting, whistle-blowing...

UK Financial Services Practice

Conduct Risk A Pragmatic Approach to Implementation

2014

PARKER FITZGERALD is an award winning professional services firm specialising in the

delivery of risk and regulatory transformation within the financial services sector

We partner with the world’s leading financial institutions to manage the strategic impacts of new

financial regulation across the enterprise and deliver market leading capabilities for the risk function

“Shaping the future of finance…

combining critical thinking with

world class delivery”

11 FEBRUARYFSB Peer View Report on Risk

Governance identifies Conduct as a

new risk category

1 APRILFCA takes over from FSA as regulator

of Conduct in Financial Services

17 JULYIOSCO Publishes Principles

for Financial Benchmarks

4 DECEMBEREuropean Union Fines Banks

$2.3 Billion for Fixing Rates

10 DECEMBERBanking Levy Review proposing changes

to a new charging mechanisms

20

13

21 FEBRUARYEuropean Parliament publishes latest text of proposed

4th Anti-Money Laundering Directive (AMLD IV)

1 APRILFCA takes over regulation of consumer credit firms

from Office of Fair Trading

28 APRILMMR changes come into effect

19 JUNEFCA Enhanced Supervisory approach announced in

light of banking standards observations

13 JULYIOSCO Principles for Financial Benchmarks

attestation deadline

30 JUNE BNP Fined $8.9bn for violating sanction rules 2

01

41 JANUARY

EU Cybersecurity Directive likely to come into force

Senior Managers Regime deadline

for compliance

Q1MMR Data reporting comes

into effect

Q2Likely implementation date for Regulation on KIDs

under PRIPS

21 JULYDeadline to conform investments, relationships and

activities with the prohibitions and restrictions of the

Volcker Rule

7 MAYUK General Election

20

15

9 FEBRUARYForeclosure Processing Abuses – Wells Fargo,

JPM and others fined a total of $25bn

27 JUNELIBOR scandal – Barclays fined £290m

1 OCTOBERMartin Wheatley says FCA will have a renewed

focus on conduct in wholesale markets

31 DECEMBERRDR requirements deadline2

01

2

Q1

Basel III Framework fully

phased in

Likely deadline for

compliance with

Banking Reform Act

2018 –

2019

20

16

–2

01

7 JANUARY 2016

Deadline for G-SIBs to implement BCBS

239 principles in full

Q4 2016

Implementation deadline for MiFID ii

and MAD ii

3

Contents

01 Executive Summary

02 The Conduct Risk Journey

03 Industry Progress

04 Conduct Risk: Our Service Offering

05 Our Track Record

06 Your Delivery Team

07 About Parker Fitzgerald

| Conduct Risk | Section One

4

Executive Summary

Market Observations

With conduct risk now broadly accepted as a principal risk for all firms, the

definition of conduct risk remains both unclear and problematic in terms of

ownership and implementation responsibility.

Conduct risk frameworks have evolved with the industry setting its own

standards in the absence of specific guidance from regulators. Despite this,

the challenge remains how conduct practices and metrics are embedded

within firms business models and risk frameworks.

The maturity of operational risk and position with the wider risk management

framework necessitates a detailed understanding and articulation of relevant

conduct risk drivers and a taxonomy that provides an integrated view of

outcomes. This is proving to be extremely challenging for firms due to a

divergence in views amongst CROs and CCOs with respect to the optimal

model for conduct risk governance.

Despite this, over the course of 2013 significant progress has been made by

industry in relation to the design and roll-out of group principal risk policies,

the initiation of new governance arrangements and the appointment of

leadership with associated accountabilities.

More recently firms have been focussed on how best to incorporate conduct

risk appetite into strategic decision-making and developing management

information to facilitate the monitoring of conduct risk profile against the

appetite.

However, it is clear that more work is required if firms are to arrive at a place

that allows them to have a full and comprehensive understanding of

underlying conduct risk drivers that area both relevant and informative at

both the business unit and board levels.

Getting Practical with MI

Given progress already made coupled with the emerging concerns of the

FCA as outlined in their 2014/15 risk outlook the key questions remain:

• how do firms implement a conduct risk strategy and underlying

framework that addresses an evolving regulatory expectation?

• what are appropriate forward looking metrics and how are these

captured within firms?

• how are these metrics successfully aggregated, reported and

remediated in line with the firms strategy and overall risk appetite?

Addressing these key questions will depend on many factors including the

size and complexity of the firm, strength of governance and positioning of

conduct risk. However, common to all institutions is the need to establish a

meaningful set of metrics and measurement processes that are

underpinned by a responsive MI reporting solution.

This is not only critical to the evidencing and embedding of new and

adapted controls, but also to ensuring the alignment of conduct risk

strategy, governance, risk appetite and underlying business processes.

To date, many firms have struggled to identify metrics that are both

meaningful and helpful in determining required management action. This is

primarily down to a limited understanding of how conduct risk co-exists

with operational risk and the adjacency of other controls frameworks.

Management information is the key enabler to the

successful implementation of your conduct risk framework

| Conduct Risk | Section One © Parker Fitzgerald Limited 2014

5

The velocity and cost of

regulatory change is resulting in

resourcing constraints and

budgetary pressures.

Client segmentation challenging

due to new distribution

channels and contradictions

in regulation e.g. MiFID ii.

Success is built on

reliable data and insightful

management information

Planned structural reform

(e.g. Barnier, Vickers, Volker)

may have a negative conduct

risk outcomes.

Pace of technological change

is front running the conduct

risk agenda as the digital

age matures.

The Conduct Risk Journey: Key Influencing Factors

There are various considerations that need to be taken into account when designing your conduct risk framework.

Conduct risk programmes and associated governance arrangements should be aware of the wider regulatory agenda, key market developments

in technology and the broader economic environment in designing their implementation strategies.

| Conduct Risk | Section Two

Conduct risk programmes should consider these influencing

factors when planning their implementation approach

Convergence of supervisory

expectations in relation to

consumer protection

and conduct risk.

Further focus on governance

and culture led by the Financial

Stability Board (FSB).

© Parker Fitzgerald Limited 2014

6

Industry Progress: Our Observations

| Conduct Risk | Section Three

Metrics, Monitoring and Evidencing

While 2013 saw banks focus on their strategic thinking around conduct risk, in 2014 the industry is turning its attention to putting that thinking into

practice. To a significant extent, this will be achieved through the embedding and evidencing of robust business processes. As yet, no bank has a fully

operational MI system in place. The implementation of best-in-breed metrics and monitoring is key in achieving this but this, but is far from straight forward.

Strategy

High-level conduct risk

strategy definition is either

complete or at an

advanced stage for

most banks.

Many have a clear focus

on the framework, al

though there is still a great

deal of work to be done to

fully implement an effective

delivery plan.

Governance

While many governance

frameworks have been

successfully formed, banks

are yet to articulate

specific roles and

responsibilities of

management – especially

with the advent of

attestations required under

the senior

persons regime.

Risk Appetite

As with overall strategy,

risk appetite is well defined

at a high level, in many

instances prompted by

formal FCA requests for

conduct risk diagnostics,

but banks still have to fully

cascade that appetite

throughout their

organisational frameworks.

Processes

There is a significant

amount of business

process transformation

expected from 2014

onwards following the

successful articulation of

strategy, governance and

risk appetite. Chief among

the required changes will

be evidencing and

embedding to reflect the

progress already made.

Culture

We are yet to see newly

articulated strategies

transform cultures within

institutions – largely owing

to a lack of conduct risk

incentives including, but

not limited to, incident

reporting, whistle-blowing

programmes, incentive

changes and conduct

related KPI’s.

People

2014 has also been

characterised by the re-

allocation and hiring of

resources across the three

lines of defence to be

accountable for the new

conduct risk strategies.

Most banks have a great

deal of work to do in order

to strengthen roles and

responsibilities.

Maturity Maturity Maturity Maturity Maturity Maturity

Maturity

A lack of pragmatism in the design and roll-out of the firm’s

conduct risk framework posses the greatest threat to its success

Whilst good progress has been made on strategy and governance, there are varying levels of maturity across the industry

in all other areas. The primary areas of concern are business processes as well as metrics, monitoring and evidencing.

Fra

me

wo

rk c

om

po

nen

ts


7

Conduct Risk: Our Service Offering

Our conduct risk offering focuses on the implementation of your strategic conduct risk framework, the evidencing of your key

controls to accountable stakeholders and the remediation of key areas of concern.

| Conduct Risk | Section Four

Conduct risk service offering

The translation of conduct risk strategy

into a catalogue of core business

requirements and processes that

require adaptation in order to meet

internal risk appetite tolerances.

Process Design and Embedding

The design of an integrated conduct

and operational risk taxonomy to

enable a consistent understanding,

aggregation and reporting of key

controls by risk type, business unit, and

activity.

MI Reporting and Evidencing

The resolution of key conduct risk

incidents from either a crystallised risk

event or as directed by the supervisory

authority regarding an area of concern

e.g. Conflicts of Interest.

Remediation

Programme Delivery and Specialist Resourcing

• Accelerating the delivery of your conduct risk programme through the adoption of our proven delivery methodology and implementation approach that accurately informs the

required change effort and resourcing requirements throughout each stage of the framework roll-out

• Provision of interim conduct risk, internal audit and compliance specialists to assist in key areas of remediation under a managed service offering

The preparation of senior management

and associated stakeholders for FCA

deep dives (C1 and C2 firms) and

proactive engagement meetings.

Deep Dive Readiness

Validation and quantification of

process effectiveness covering pre

and post sales, execution and

documentation.

Identification of root cause for

concern and development of

remediation approach and read-

across to other areas of conduct risk

vulnerability.

Review and management of

remediation efforts to address

crystallised risks and / or areas of

concern through to closure.

Production of executive briefing

packs, training materials and mock

interviews aligned to the scope of

the deep dive or review.

We combine deep subject matter expertise and delivery know-how with a dynamic

and cost effective engagement model to address your key areas of concern


8

C

The model is applied to your ‘business activities’ e.g. Sales, Trading, Research,

Structuring, Financing and Private Side and is collected from the various business teams

e.g. Retail, Corporate Finance, Equities, Fixed Income.

D

Architecture Roadmap (Design Authority)C

A Conduct risk heat maps by issue type

BConduct risk framework MI and KRIs

C Issue analysis by business or source

Impact Analysis

Mobilisation

Definition

Build

Business Readiness & Implementation

Testing

CRD IV EMIR BRB BCBS 239D Implementation Roadmap (change agenda)

Strategy and

Governance

Risk

AppetiteBusiness

ProcessCulture

and People

Process Design and Documentation

Evidencing

Testing and Validation

Impact Assessment

Conduct Risk: Solving the MI Problem

Parker Fitzgerald and Empowered Systems have recently launched a market leading solution that enables the analysis and

reporting of conduct risk metrics. Our platforms enables you to identify and aggregate conduct risk groups, categories and

sub-categories at any level and provides critical and real-time identification of conduct risk exposure to help prioritise

remediation effort.

| Conduct Risk | Section Four

Our conduct risk MI solutions directly enhances the approach firms are able to take towards

the identification and aggregation and reporting of conduct risk exposures.

Our solution enables you to analyse the likelihood and impact of inherent risk, perform score ranking and identify the degree of residual risk

after mitigating actions have been taken by management.


9

Our Track Record: Conduct Risk and Programme Delivery

Divestment Assurance

Appointed to advise on several stages of the

divestment process including regulatory

considerations and impacts on the risk and

finance reporting operating model; in addition to

delivered the strategic risk architecture and rating

models allowing “Verde”(TSB) to achieve IRB

waiver status in June 2013 resulting in significant

capital savings across unsecured and secured

products.

Delivery: 2013

Delivery: 2014

Conduct Risk Framework

Engaged to support the Investment Bank in a

number of Wholesale conduct risk advisory and

delivery assignments. Supported senior

compliance stakeholders through all stages of a

FCA Deep Dive review, comprehensive revisions

to conflicts of interest matrices. Instigated the

development of Conduct Risk Management

Information reporting utilising software tools in

partnership with Empowered Systems.

Financial Crime Assurance

Appointed to support the creation and integration

of the Financial Crime Centre of Excellence. This

included the consolidation of multiple assurance

teams from Business Services, Corporate and

Retail into a single unit to support all aspects of

financial crime due diligence, including AML

sanctions, ABC and implementing best practice

assurance methodology to support the firm’s new

approach towards conduct risk.

Delivery: 2014Delivery: 2013

Wholesale Supervision Secondment

Seconded expert practitioners to the Wholesale

and Investment Banking team to advise and help

develop industry best practice in relation to the

integration of Conduct Risk Frameworks with Risk

Appetite and Enterprise Risk Management

strategies. This included attendance on a number

of client meetings with senior management on a

number of thematic issues.

Delivery: 2012-2014

Post Merger Integration

Appointed to oversee the integration of the risk

management function following the acquisition of

HBOS. This included the design and

implementation of a new strategic architecture,

Basel II ratings system, regulatory application

management and implementation of a new

operating model to support the enlarged risk

function across the Retail and Wealth divisions.

Delivery: 2012-2013

Strategic Risk Platform (FDSF)

Responsible for the design and delivery of the

PRA’s strategic risk platform to support the

independent verification of banks’ own stress

tests and associated capital requirements.

Mandate included the establishment of multi-

authority programme governance, delivery of

requirements, design of underlying data

architecture and integration of vendor solutions

into the strategic BoE architecture.

Remediation (IRHP)

Appointed to provide oversight and challenge to

the existing advisory team on relevant regulatory

aspects of derivatives mis-selling remediation.

Advised on end-to-end aspects of the

remediation, from governance arrangements for

the remediation management team and the

effectiveness of risk and control functions, to

advising on conduct issues of the initial

mis-selling by front line staff.

Delivery: 2013-2014

Delivery: 2009-2011


Following the acquisition of ABN Amro, Parker

Fitzgerald was appointed to oversee the

integration of global finance functions. This

included the design and implementation of a

revised operating model to support finance

operations in over 52 countries, rationalisation of

OD structures and embedding of new business

processes and controls.

| Conduct Risk | Section Five © Parker Fitzgerald Limited 2014

10

• Lotfi is a senior risk management practitioner who brings over 20 years

of industry experience to Parker Fitzgerald where he is responsible for

the firm’s Advisory and Enterprise Risk Management practice

• A former Chief Risk Officer of a major international Insurance Group,

Lotfi has advised the boards of several European financial institutions

on key strategies in relation to risk, capital and performance

management, governance and regulatory policy

• Lotfi has worked with both the FSA, PRA and Industry on the

implementation of Solvency II and has been instrumental in the

development of ERM and ORSA strategies for several general insurers

and leading Lloyds of London syndicates

• Lotfi holds a BSc in Industrial and Operations Engineering from the

University of Michigan and a graduate degree in Operational Research

(Master of Engineering) from Cornell University

Your Delivery Team: Conduct Risk Advisory Specialists

Lotfi

Baccouche Partner

• Ayaz is a senior audit and compliance practitioner with over 20 years’

experience advising and building audit teams within leading financial

institutions and consultancies including RBS, BNY Mellon, Prudential

Insurance, Deloitte and KPMG

• He has an in-depth understanding of conduct risk acquired on a

secondment to the Financial Conduct Authority (market conduct, market

abuse, financial crime and rogue trading controls) supplemented with

experience acquired from first hand experience at a number of

international financial services organisations

• Specialist in both buy-side and sell-side operations across Investment

Banking, Asset Management, Asset Servicing, Treasury, Capital

Markets and IT audit, as well as a detailed product knowledge covering

Equities, Fixed Income, Derivatives, Hedge Funds, Trackers

and Quants

• Ayaz is a Chartered Accountant (ACA) having trained with KPMG

in Leeds

Ayaz

Siddiqui Partner

• Daren is an operational and enterprise risk consultant with over 20

years’ experience delivering major risk, compliance and internal control

initiatives at leading financial institutions

• Darren is an expert in enterprise risk measurement methodologies,

control processes and reporting requirements underpinning complex

and diverse organisations with considerable and tangible experience in

the identification and mitigation of both existing and emerging risks

• Specialist in all aspects of the implementation lifecycle, with particular

expertise in end-to-end process improvement and re-engineering

• Darren has demonstrated at board level the commercial benefits

achieved through Operational Risk management policy and strategy

• Darren holds diplomas in Investment Operations and Investment

Compliance and is a SFA Registered Representative (Securities)

Daren

ChevertonSenior Advisor

• Pauline is a recognised industry expert in both Operational and Conduct

Risk management with over 30 years’ experience providing domestic

and cross-border regulatory, risk and corporate governance guidance to

Investment Banks in the UK, US, Australia and Japan

• Former General counsel and Global Head of Legal and Regulatory

Affairs for one of the world’s largest investment banks, Pauline has held

the CF10 and CF11 positions and liaises directly with regulatory bodies

on matters including major regulatory reviews and event driven

investigations

• In addition to acting in a senior advisory capacity, Pauline has a proven

track record of delivering both strategic and tactical solutions across a

broad spectrum of prudential and conduct related regulatory issues

• Pauline is a solicitor of the Court of England and Wales, and holds a

Batchelor of Economics and Accounting and Finance

Pauline

LawtonSenior Advisor

| Conduct Risk | Section Six

“PARKER FITZGERALD offers unique

insight and compelling solutions for

very difficult issues facing the industry

today. We work with them because

they understand risk and how this

translates into our business.” Group Chief Risk Officer

Global Banking & Insurance Group


12

Parker Fitzgerald: Company Overview

| Conduct Risk | Section Seven

SKILL

COMPOSITION

INDUSTRY

EXPERIENCE

GLOBAL

PRESENCE

Countries

16

Risk & RegulationConsultants & Associates

Global

Locations

4

15yrs300+

We serve clients in over 16 countries from our global office

network located in the world’s largest financial centres of

London, New York, Singapore and Amsterdam

Our consultants have an average of 15 years’

experience gained at the industry's largest financial

institutions and Regulatory Authorities

Our consultants combine sector and subject matter

knowledge with delivery know-how to create solutions for

our clients that are both compelling and relevant

Average Industry Experience

100%

Subject Matter Knowledge

Delivery Excellence


13

Parker Fitzgerald is a trusted

consulting partner to the UK

Regulatory Authorities,

comprising the Financial

Conduct Authority (FCA), the

Prudential Regulatory Authority

(PRA) and the Bank of England

About Parker Fitzgerald: our relationship with the UK regulatory authorities


Skilled

Persons Panel

(Section 166)

Technical

Secondments

In April 2013, Parker Fitzgerald were formally appointed by the UK Regulatory

Authorities to their Skilled Persons Panel. A Skilled Person Review is one of the

regulatory tools that can be employed under the Financial Services and Markets Act

(FSMA) as amended by the Financial Services Act 2012.

Parker Fitzgerald are approved to conduct reviews for; Deposit Taking Institutions

(i.e. Banks), Insurance firms, Recognised Clearing Houses, Investment firms and

Intermediaries.

In January 2014, Parker Fitzgerald commenced its formal secondment programme

with the FCA. Consultants who are selected for the programme have the opportunity

to spend three to 12 months within a variety of departments and functions.

Throughout their secondment selected consultants have the opportunity to rotate

between departments and functions, learning about and contributing towards key

supervisory processes and firm reviews.

Key areas of focus

Risk Measurement

Accounting Standards

Regulatory Reporting

Capital Modelling

Liquidity Management

Resolution and Recovery

Asset Valuations

Actuarial Modelling

Impairment


14

About Parker Fitzgerald: practice structure

Our core consulting practice comprises of four highly focused centres of excellence

We deliver maximum value by combining deep technical knowledge and delivery excellence with a dynamic engagement model to ensure our clients receive

the right level of support at each stage of the implementation lifecycle.


Value proposition

REGULATORY

STRATEGY

RISK ADVISORY

SERVICES

DIGITAL RISK

SOLUTIONS

STRATEGIC PROGRAMME

DELIVERY

Prudential Regulation

Conduct & Compliance

Market Reporting & IFRS

Structural Reform

Predictive Analytics

Risk Measurement

& Modelling

Portfolio Valuation

Model Governance

Data & Architecture

Risk Systems

Resilience & Information

Security

Digital Transformation

Regulatory Programme

Delivery


Portfolio Optimisation

Managed Services &

Outsourcing

Technical knowledge Delivery excellence


15

About Parker Fitzgerald: Engagement Lifecycle


6 – 9 months Multi-Year3 months

Delivering maximum value for clients requires a dynamic engagement

and pricing model that is sensitive to both the complexity and risk

profile of the engagement balanced against the benefits of continuity

DEFINITIONADVISORY IMPLEMENTATION

Engagement examples

• Policy Interpretation

• Strategy Definition

• Assurance

• Impact Analysis

Engagement examples

• Programme Mobilisation

• Capability Design

• Architecture Definition

• Process re-engineering

Engagement examples

• Programme Delivery

• Technology Integration

• Test Management

• Business Transformation

Review-based engagement, combining

diagnostics with the assessment of a

particular issue requiring deep technical

knowledge and experience

Design-based engagement with a particular

focus on artefact creation to facilitate the end

solution required by the client (including

technical and non-technical)

Delivery-based engagement with a

particular focus on solution

implementation and integration

MANAGED CONSULTING

(High Value, Specialist Services)

MANAGED RESOURCING

(Large-scale Delivery & Execution)

Engagement model

Fixed Price Time & Materials SecondmentAssumed Risk Shared Risk Client Risk


16

About Parker Fitzgerald: Global Locations and Contact Details

| Conduct Risk | Section Seven | v2.2

NEW YORKThe Seagram Building

375 Park Avenue

New York,

NY 10152, US

+1 212 634 7478

LONDONHeron Tower

110 Bishopsgate

LONDON

EC2N 4AY, UK

+44 207 100 7575

AMSTERDAMWTC Amsterdam

H / Tower

Zuidplein 36

1077 VX, Netherlands

+31 20 799 7969

SINGAPORELevel 30

Six Battery Road

049909

Singapore

+65 6725 6376


www.parkerfitzgerald.com

IMPORTANT NOTICE

This document has been prepared by Parker Fitzgerald Limited (as defined below) for the sole purpose of providing a

proposal to the parties to whom it is addressed in order that they may evaluate the capabilities of Parker Fitzgerald to

supply the proposed services.

The information contained in this document has been compiled by Parker Fitzgerald and includes material which may

have been obtained from information provided by various sources and discussions with management but has not been

verified or audited. This document also contains confidential material proprietary to Parker Fitzgerald.

Except in the general context of evaluating our capabilities, no reliance may be placed for any purposes whatsoever on

the contents of this document or on its completeness. No representation or warranty, express or implied, is given and no

responsibility or liability is or will be accepted by or on behalf of Parker Fitzgerald or by any of its partners, members,

employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in

this document or any other oral information made available and any such liability is expressly disclaimed.

This document and its contents are confidential and may not be

reproduced, redistributed or passed on, directly or indirectly, to any other

person in whole or in part without our prior written consent.

This document is not an offer and is not intended to be contractually

binding. Should this proposal be acceptable to you, and following the

conclusion of our internal acceptance procedures, we would be pleased to

discuss terms and conditions with you prior to our appointment.

Parker Fitzgerald is a limited company registered in England and Wales.

Registration number: 06362018. © 2014

Registered office: Heron Tower, 110 Bishopsgate, LONDON EC2N 4AY

conduct risk - parker-fitzgerald.com...not limited to, incident reporting, whistle-blowing...

Documents