UK Financial Services Practice
Conduct Risk A Pragmatic Approach to Implementation
2014
PARKER FITZGERALD is an award winning professional services firm specialising in the
delivery of risk and regulatory transformation within the financial services sector
We partner with the world’s leading financial institutions to manage the strategic impacts of new
financial regulation across the enterprise and deliver market leading capabilities for the risk function
“Shaping the future of finance…
combining critical thinking with
world class delivery”
11 FEBRUARYFSB Peer View Report on Risk
Governance identifies Conduct as a
new risk category
1 APRILFCA takes over from FSA as regulator
of Conduct in Financial Services
17 JULYIOSCO Publishes Principles
for Financial Benchmarks
4 DECEMBEREuropean Union Fines Banks
$2.3 Billion for Fixing Rates
10 DECEMBERBanking Levy Review proposing changes
to a new charging mechanisms
20
13
21 FEBRUARYEuropean Parliament publishes latest text of proposed
4th Anti-Money Laundering Directive (AMLD IV)
1 APRILFCA takes over regulation of consumer credit firms
from Office of Fair Trading
28 APRILMMR changes come into effect
19 JUNEFCA Enhanced Supervisory approach announced in
light of banking standards observations
13 JULYIOSCO Principles for Financial Benchmarks
attestation deadline
30 JUNE BNP Fined $8.9bn for violating sanction rules 2
01
41 JANUARY
EU Cybersecurity Directive likely to come into force
Senior Managers Regime deadline
for compliance
Q1MMR Data reporting comes
into effect
Q2Likely implementation date for Regulation on KIDs
under PRIPS
21 JULYDeadline to conform investments, relationships and
activities with the prohibitions and restrictions of the
Volcker Rule
7 MAYUK General Election
20
15
9 FEBRUARYForeclosure Processing Abuses – Wells Fargo,
JPM and others fined a total of $25bn
27 JUNELIBOR scandal – Barclays fined £290m
1 OCTOBERMartin Wheatley says FCA will have a renewed
focus on conduct in wholesale markets
31 DECEMBERRDR requirements deadline2
01
2
Q1
Basel III Framework fully
phased in
Likely deadline for
compliance with
Banking Reform Act
2018 –
2019
20
16
–2
01
7 JANUARY 2016
Deadline for G-SIBs to implement BCBS
239 principles in full
Q4 2016
Implementation deadline for MiFID ii
and MAD ii
3
Contents
01 Executive Summary
02 The Conduct Risk Journey
03 Industry Progress
04 Conduct Risk: Our Service Offering
05 Our Track Record
06 Your Delivery Team
07 About Parker Fitzgerald
| Conduct Risk | Section One
4
Executive Summary
Market Observations
With conduct risk now broadly accepted as a principal risk for all firms, the
definition of conduct risk remains both unclear and problematic in terms of
ownership and implementation responsibility.
Conduct risk frameworks have evolved with the industry setting its own
standards in the absence of specific guidance from regulators. Despite this,
the challenge remains how conduct practices and metrics are embedded
within firms business models and risk frameworks.
The maturity of operational risk and position with the wider risk management
framework necessitates a detailed understanding and articulation of relevant
conduct risk drivers and a taxonomy that provides an integrated view of
outcomes. This is proving to be extremely challenging for firms due to a
divergence in views amongst CROs and CCOs with respect to the optimal
model for conduct risk governance.
Despite this, over the course of 2013 significant progress has been made by
industry in relation to the design and roll-out of group principal risk policies,
the initiation of new governance arrangements and the appointment of
leadership with associated accountabilities.
More recently firms have been focussed on how best to incorporate conduct
risk appetite into strategic decision-making and developing management
information to facilitate the monitoring of conduct risk profile against the
appetite.
However, it is clear that more work is required if firms are to arrive at a place
that allows them to have a full and comprehensive understanding of
underlying conduct risk drivers that area both relevant and informative at
both the business unit and board levels.
Getting Practical with MI
Given progress already made coupled with the emerging concerns of the
FCA as outlined in their 2014/15 risk outlook the key questions remain:
• how do firms implement a conduct risk strategy and underlying
framework that addresses an evolving regulatory expectation?
• what are appropriate forward looking metrics and how are these
captured within firms?
• how are these metrics successfully aggregated, reported and
remediated in line with the firms strategy and overall risk appetite?
Addressing these key questions will depend on many factors including the
size and complexity of the firm, strength of governance and positioning of
conduct risk. However, common to all institutions is the need to establish a
meaningful set of metrics and measurement processes that are
underpinned by a responsive MI reporting solution.
This is not only critical to the evidencing and embedding of new and
adapted controls, but also to ensuring the alignment of conduct risk
strategy, governance, risk appetite and underlying business processes.
To date, many firms have struggled to identify metrics that are both
meaningful and helpful in determining required management action. This is
primarily down to a limited understanding of how conduct risk co-exists
with operational risk and the adjacency of other controls frameworks.
Management information is the key enabler to the
successful implementation of your conduct risk framework
| Conduct Risk | Section One © Parker Fitzgerald Limited 2014
5
The velocity and cost of
regulatory change is resulting in
resourcing constraints and
budgetary pressures.
Client segmentation challenging
due to new distribution
channels and contradictions
in regulation e.g. MiFID ii.
Success is built on
reliable data and insightful
management information
Planned structural reform
(e.g. Barnier, Vickers, Volker)
may have a negative conduct
risk outcomes.
Pace of technological change
is front running the conduct
risk agenda as the digital
age matures.
The Conduct Risk Journey: Key Influencing Factors
There are various considerations that need to be taken into account when designing your conduct risk framework.
Conduct risk programmes and associated governance arrangements should be aware of the wider regulatory agenda, key market developments
in technology and the broader economic environment in designing their implementation strategies.
| Conduct Risk | Section Two
Conduct risk programmes should consider these influencing
factors when planning their implementation approach
Convergence of supervisory
expectations in relation to
consumer protection
and conduct risk.
Further focus on governance
and culture led by the Financial
Stability Board (FSB).
© Parker Fitzgerald Limited 2014
6
Industry Progress: Our Observations
| Conduct Risk | Section Three
Metrics, Monitoring and Evidencing
While 2013 saw banks focus on their strategic thinking around conduct risk, in 2014 the industry is turning its attention to putting that thinking into
practice. To a significant extent, this will be achieved through the embedding and evidencing of robust business processes. As yet, no bank has a fully
operational MI system in place. The implementation of best-in-breed metrics and monitoring is key in achieving this but this, but is far from straight forward.
Strategy
High-level conduct risk
strategy definition is either
complete or at an
advanced stage for
most banks.
Many have a clear focus
on the framework, al
though there is still a great
deal of work to be done to
fully implement an effective
delivery plan.
Governance
While many governance
frameworks have been
successfully formed, banks
are yet to articulate
specific roles and
responsibilities of
management – especially
with the advent of
attestations required under
the senior
persons regime.
Risk Appetite
As with overall strategy,
risk appetite is well defined
at a high level, in many
instances prompted by
formal FCA requests for
conduct risk diagnostics,
but banks still have to fully
cascade that appetite
throughout their
organisational frameworks.
Processes
There is a significant
amount of business
process transformation
expected from 2014
onwards following the
successful articulation of
strategy, governance and
risk appetite. Chief among
the required changes will
be evidencing and
embedding to reflect the
progress already made.
Culture
We are yet to see newly
articulated strategies
transform cultures within
institutions – largely owing
to a lack of conduct risk
incentives including, but
not limited to, incident
reporting, whistle-blowing
programmes, incentive
changes and conduct
related KPI’s.
People
2014 has also been
characterised by the re-
allocation and hiring of
resources across the three
lines of defence to be
accountable for the new
conduct risk strategies.
Most banks have a great
deal of work to do in order
to strengthen roles and
responsibilities.
Maturity Maturity Maturity Maturity Maturity Maturity
Maturity
A lack of pragmatism in the design and roll-out of the firm’s
conduct risk framework posses the greatest threat to its success
Whilst good progress has been made on strategy and governance, there are varying levels of maturity across the industry
in all other areas. The primary areas of concern are business processes as well as metrics, monitoring and evidencing.
Fra
me
wo
rk c
om
po
nen
ts
© Parker Fitzgerald Limited 2014
7
Conduct Risk: Our Service Offering
Our conduct risk offering focuses on the implementation of your strategic conduct risk framework, the evidencing of your key
controls to accountable stakeholders and the remediation of key areas of concern.
| Conduct Risk | Section Four
Conduct risk service offering
The translation of conduct risk strategy
into a catalogue of core business
requirements and processes that
require adaptation in order to meet
internal risk appetite tolerances.
Process Design and Embedding
The design of an integrated conduct
and operational risk taxonomy to
enable a consistent understanding,
aggregation and reporting of key
controls by risk type, business unit, and
activity.
MI Reporting and Evidencing
The resolution of key conduct risk
incidents from either a crystallised risk
event or as directed by the supervisory
authority regarding an area of concern
e.g. Conflicts of Interest.
Remediation
Programme Delivery and Specialist Resourcing
• Accelerating the delivery of your conduct risk programme through the adoption of our proven delivery methodology and implementation approach that accurately informs the
required change effort and resourcing requirements throughout each stage of the framework roll-out
• Provision of interim conduct risk, internal audit and compliance specialists to assist in key areas of remediation under a managed service offering
The preparation of senior management
and associated stakeholders for FCA
deep dives (C1 and C2 firms) and
proactive engagement meetings.
Deep Dive Readiness
Validation and quantification of
process effectiveness covering pre
and post sales, execution and
documentation.
Identification of root cause for
concern and development of
remediation approach and read-
across to other areas of conduct risk
vulnerability.
Review and management of
remediation efforts to address
crystallised risks and / or areas of
concern through to closure.
Production of executive briefing
packs, training materials and mock
interviews aligned to the scope of
the deep dive or review.
We combine deep subject matter expertise and delivery know-how with a dynamic
and cost effective engagement model to address your key areas of concern
© Parker Fitzgerald Limited 2014
8
C
The model is applied to your ‘business activities’ e.g. Sales, Trading, Research,
Structuring, Financing and Private Side and is collected from the various business teams
e.g. Retail, Corporate Finance, Equities, Fixed Income.
D
Architecture Roadmap (Design Authority)C
A Conduct risk heat maps by issue type
BConduct risk framework MI and KRIs
C Issue analysis by business or source
Impact Analysis
Mobilisation
Definition
Build
Business Readiness & Implementation
Testing
CRD IV EMIR BRB BCBS 239D Implementation Roadmap (change agenda)
Strategy and
Governance
Risk
AppetiteBusiness
ProcessCulture
and People
Process Design and Documentation
Evidencing
Testing and Validation
Impact Assessment
Conduct Risk: Solving the MI Problem
Parker Fitzgerald and Empowered Systems have recently launched a market leading solution that enables the analysis and
reporting of conduct risk metrics. Our platforms enables you to identify and aggregate conduct risk groups, categories and
sub-categories at any level and provides critical and real-time identification of conduct risk exposure to help prioritise
remediation effort.
| Conduct Risk | Section Four
Our conduct risk MI solutions directly enhances the approach firms are able to take towards
the identification and aggregation and reporting of conduct risk exposures.
Our solution enables you to analyse the likelihood and impact of inherent risk, perform score ranking and identify the degree of residual risk
after mitigating actions have been taken by management.
© Parker Fitzgerald Limited 2014
9
Our Track Record: Conduct Risk and Programme Delivery
Divestment Assurance
Appointed to advise on several stages of the
divestment process including regulatory
considerations and impacts on the risk and
finance reporting operating model; in addition to
delivered the strategic risk architecture and rating
models allowing “Verde”(TSB) to achieve IRB
waiver status in June 2013 resulting in significant
capital savings across unsecured and secured
products.
Delivery: 2013
Delivery: 2014
Conduct Risk Framework
Engaged to support the Investment Bank in a
number of Wholesale conduct risk advisory and
delivery assignments. Supported senior
compliance stakeholders through all stages of a
FCA Deep Dive review, comprehensive revisions
to conflicts of interest matrices. Instigated the
development of Conduct Risk Management
Information reporting utilising software tools in
partnership with Empowered Systems.
Financial Crime Assurance
Appointed to support the creation and integration
of the Financial Crime Centre of Excellence. This
included the consolidation of multiple assurance
teams from Business Services, Corporate and
Retail into a single unit to support all aspects of
financial crime due diligence, including AML
sanctions, ABC and implementing best practice
assurance methodology to support the firm’s new
approach towards conduct risk.
Delivery: 2014Delivery: 2013
Wholesale Supervision Secondment
Seconded expert practitioners to the Wholesale
and Investment Banking team to advise and help
develop industry best practice in relation to the
integration of Conduct Risk Frameworks with Risk
Appetite and Enterprise Risk Management
strategies. This included attendance on a number
of client meetings with senior management on a
number of thematic issues.
Delivery: 2012-2014
Post Merger Integration
Appointed to oversee the integration of the risk
management function following the acquisition of
HBOS. This included the design and
implementation of a new strategic architecture,
Basel II ratings system, regulatory application
management and implementation of a new
operating model to support the enlarged risk
function across the Retail and Wealth divisions.
Delivery: 2012-2013
Strategic Risk Platform (FDSF)
Responsible for the design and delivery of the
PRA’s strategic risk platform to support the
independent verification of banks’ own stress
tests and associated capital requirements.
Mandate included the establishment of multi-
authority programme governance, delivery of
requirements, design of underlying data
architecture and integration of vendor solutions
into the strategic BoE architecture.
Remediation (IRHP)
Appointed to provide oversight and challenge to
the existing advisory team on relevant regulatory
aspects of derivatives mis-selling remediation.
Advised on end-to-end aspects of the
remediation, from governance arrangements for
the remediation management team and the
effectiveness of risk and control functions, to
advising on conduct issues of the initial
mis-selling by front line staff.
Delivery: 2013-2014
Delivery: 2009-2011
Post Merger Integration
Following the acquisition of ABN Amro, Parker
Fitzgerald was appointed to oversee the
integration of global finance functions. This
included the design and implementation of a
revised operating model to support finance
operations in over 52 countries, rationalisation of
OD structures and embedding of new business
processes and controls.
| Conduct Risk | Section Five © Parker Fitzgerald Limited 2014
10
• Lotfi is a senior risk management practitioner who brings over 20 years
of industry experience to Parker Fitzgerald where he is responsible for
the firm’s Advisory and Enterprise Risk Management practice
• A former Chief Risk Officer of a major international Insurance Group,
Lotfi has advised the boards of several European financial institutions
on key strategies in relation to risk, capital and performance
management, governance and regulatory policy
• Lotfi has worked with both the FSA, PRA and Industry on the
implementation of Solvency II and has been instrumental in the
development of ERM and ORSA strategies for several general insurers
and leading Lloyds of London syndicates
• Lotfi holds a BSc in Industrial and Operations Engineering from the
University of Michigan and a graduate degree in Operational Research
(Master of Engineering) from Cornell University
Your Delivery Team: Conduct Risk Advisory Specialists
Lotfi
Baccouche Partner
• Ayaz is a senior audit and compliance practitioner with over 20 years’
experience advising and building audit teams within leading financial
institutions and consultancies including RBS, BNY Mellon, Prudential
Insurance, Deloitte and KPMG
• He has an in-depth understanding of conduct risk acquired on a
secondment to the Financial Conduct Authority (market conduct, market
abuse, financial crime and rogue trading controls) supplemented with
experience acquired from first hand experience at a number of
international financial services organisations
• Specialist in both buy-side and sell-side operations across Investment
Banking, Asset Management, Asset Servicing, Treasury, Capital
Markets and IT audit, as well as a detailed product knowledge covering
Equities, Fixed Income, Derivatives, Hedge Funds, Trackers
and Quants
• Ayaz is a Chartered Accountant (ACA) having trained with KPMG
in Leeds
Ayaz
Siddiqui Partner
• Daren is an operational and enterprise risk consultant with over 20
years’ experience delivering major risk, compliance and internal control
initiatives at leading financial institutions
• Darren is an expert in enterprise risk measurement methodologies,
control processes and reporting requirements underpinning complex
and diverse organisations with considerable and tangible experience in
the identification and mitigation of both existing and emerging risks
• Specialist in all aspects of the implementation lifecycle, with particular
expertise in end-to-end process improvement and re-engineering
• Darren has demonstrated at board level the commercial benefits
achieved through Operational Risk management policy and strategy
• Darren holds diplomas in Investment Operations and Investment
Compliance and is a SFA Registered Representative (Securities)
Daren
ChevertonSenior Advisor
• Pauline is a recognised industry expert in both Operational and Conduct
Risk management with over 30 years’ experience providing domestic
and cross-border regulatory, risk and corporate governance guidance to
Investment Banks in the UK, US, Australia and Japan
• Former General counsel and Global Head of Legal and Regulatory
Affairs for one of the world’s largest investment banks, Pauline has held
the CF10 and CF11 positions and liaises directly with regulatory bodies
on matters including major regulatory reviews and event driven
investigations
• In addition to acting in a senior advisory capacity, Pauline has a proven
track record of delivering both strategic and tactical solutions across a
broad spectrum of prudential and conduct related regulatory issues
• Pauline is a solicitor of the Court of England and Wales, and holds a
Batchelor of Economics and Accounting and Finance
Pauline
LawtonSenior Advisor
| Conduct Risk | Section Six
“PARKER FITZGERALD offers unique
insight and compelling solutions for
very difficult issues facing the industry
today. We work with them because
they understand risk and how this
translates into our business.” Group Chief Risk Officer
Global Banking & Insurance Group
© Parker Fitzgerald Limited 2014
12
Parker Fitzgerald: Company Overview
| Conduct Risk | Section Seven
SKILL
COMPOSITION
INDUSTRY
EXPERIENCE
GLOBAL
PRESENCE
Countries
16
Risk & RegulationConsultants & Associates
Global
Locations
4
15yrs300+
We serve clients in over 16 countries from our global office
network located in the world’s largest financial centres of
London, New York, Singapore and Amsterdam
Our consultants have an average of 15 years’
experience gained at the industry's largest financial
institutions and Regulatory Authorities
Our consultants combine sector and subject matter
knowledge with delivery know-how to create solutions for
our clients that are both compelling and relevant
Average Industry Experience
100%
Subject Matter Knowledge
Delivery Excellence
© Parker Fitzgerald Limited 2014
13
Parker Fitzgerald is a trusted
consulting partner to the UK
Regulatory Authorities,
comprising the Financial
Conduct Authority (FCA), the
Prudential Regulatory Authority
(PRA) and the Bank of England
About Parker Fitzgerald: our relationship with the UK regulatory authorities
| Conduct Risk | Section Seven
Skilled
Persons Panel
(Section 166)
Technical
Secondments
In April 2013, Parker Fitzgerald were formally appointed by the UK Regulatory
Authorities to their Skilled Persons Panel. A Skilled Person Review is one of the
regulatory tools that can be employed under the Financial Services and Markets Act
(FSMA) as amended by the Financial Services Act 2012.
Parker Fitzgerald are approved to conduct reviews for; Deposit Taking Institutions
(i.e. Banks), Insurance firms, Recognised Clearing Houses, Investment firms and
Intermediaries.
In January 2014, Parker Fitzgerald commenced its formal secondment programme
with the FCA. Consultants who are selected for the programme have the opportunity
to spend three to 12 months within a variety of departments and functions.
Throughout their secondment selected consultants have the opportunity to rotate
between departments and functions, learning about and contributing towards key
supervisory processes and firm reviews.
Key areas of focus
Risk Measurement
Accounting Standards
Regulatory Reporting
Capital Modelling
Liquidity Management
Resolution and Recovery
Asset Valuations
Actuarial Modelling
Impairment
© Parker Fitzgerald Limited 2014
14
About Parker Fitzgerald: practice structure
Our core consulting practice comprises of four highly focused centres of excellence
We deliver maximum value by combining deep technical knowledge and delivery excellence with a dynamic engagement model to ensure our clients receive
the right level of support at each stage of the implementation lifecycle.
| Conduct Risk | Section Seven
Value proposition
REGULATORY
STRATEGY
RISK ADVISORY
SERVICES
DIGITAL RISK
SOLUTIONS
STRATEGIC PROGRAMME
DELIVERY
Prudential Regulation
Conduct & Compliance
Market Reporting & IFRS
Structural Reform
Predictive Analytics
Risk Measurement
& Modelling
Portfolio Valuation
Model Governance
Data & Architecture
Risk Systems
Resilience & Information
Security
Digital Transformation
Regulatory Programme
Delivery
Post Merger Integration
Portfolio Optimisation
Managed Services &
Outsourcing
Technical knowledge Delivery excellence
© Parker Fitzgerald Limited 2014
15
About Parker Fitzgerald: Engagement Lifecycle
| Conduct Risk | Section Seven
6 – 9 months Multi-Year3 months
Delivering maximum value for clients requires a dynamic engagement
and pricing model that is sensitive to both the complexity and risk
profile of the engagement balanced against the benefits of continuity
DEFINITIONADVISORY IMPLEMENTATION
Engagement examples
• Policy Interpretation
• Strategy Definition
• Assurance
• Impact Analysis
Engagement examples
• Programme Mobilisation
• Capability Design
• Architecture Definition
• Process re-engineering
Engagement examples
• Programme Delivery
• Technology Integration
• Test Management
• Business Transformation
Review-based engagement, combining
diagnostics with the assessment of a
particular issue requiring deep technical
knowledge and experience
Design-based engagement with a particular
focus on artefact creation to facilitate the end
solution required by the client (including
technical and non-technical)
Delivery-based engagement with a
particular focus on solution
implementation and integration
MANAGED CONSULTING
(High Value, Specialist Services)
MANAGED RESOURCING
(Large-scale Delivery & Execution)
Engagement model
Fixed Price Time & Materials SecondmentAssumed Risk Shared Risk Client Risk
© Parker Fitzgerald Limited 2014
16
About Parker Fitzgerald: Global Locations and Contact Details
| Conduct Risk | Section Seven | v2.2
NEW YORKThe Seagram Building
375 Park Avenue
New York,
NY 10152, US
+1 212 634 7478
LONDONHeron Tower
110 Bishopsgate
LONDON
EC2N 4AY, UK
+44 207 100 7575
AMSTERDAMWTC Amsterdam
H / Tower
Zuidplein 36
1077 VX, Netherlands
+31 20 799 7969
SINGAPORELevel 30
Six Battery Road
049909
Singapore
+65 6725 6376
© Parker Fitzgerald Limited 2014
www.parkerfitzgerald.com
IMPORTANT NOTICE
This document has been prepared by Parker Fitzgerald Limited (as defined below) for the sole purpose of providing a
proposal to the parties to whom it is addressed in order that they may evaluate the capabilities of Parker Fitzgerald to
supply the proposed services.
The information contained in this document has been compiled by Parker Fitzgerald and includes material which may
have been obtained from information provided by various sources and discussions with management but has not been
verified or audited. This document also contains confidential material proprietary to Parker Fitzgerald.
Except in the general context of evaluating our capabilities, no reliance may be placed for any purposes whatsoever on
the contents of this document or on its completeness. No representation or warranty, express or implied, is given and no
responsibility or liability is or will be accepted by or on behalf of Parker Fitzgerald or by any of its partners, members,
employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in
this document or any other oral information made available and any such liability is expressly disclaimed.
This document and its contents are confidential and may not be
reproduced, redistributed or passed on, directly or indirectly, to any other
person in whole or in part without our prior written consent.
This document is not an offer and is not intended to be contractually
binding. Should this proposal be acceptable to you, and following the
conclusion of our internal acceptance procedures, we would be pleased to
discuss terms and conditions with you prior to our appointment.
Parker Fitzgerald is a limited company registered in England and Wales.
Registration number: 06362018. © 2014
Registered office: Heron Tower, 110 Bishopsgate, LONDON EC2N 4AY