“Laws control the lesser man…. Right conduct controls the greater one.”
From a regulatory perspective – especially in the UK but increasingly also internationally – a conduct event is any event that breaches the three conduct regulatory objectives of consumer protection, market integrity and effective competition. Therefore, conduct goes beyond customer treatment, quality of information, product design or sales practices. Failure to properly perform anti‐money laundering (AML) checks, for instance, is a conduct issue that does not involve sales, but it breaches market integrity. Also, when business disruption negatively impacts customers, perhaps because of negligent maintenance of IT systems, it can be regarded as a conduct issue. Conduct issues – like reputation issues – can arise from incidents classified in any of the seven Basel operational risk categories. This is why regulators mention “conduct” rather than “conduct risk.” Conduct is not a risk category in its own right: it is a possible consequence of other risks materializing, like reputation damage.
It follows that the quality of a firm's management of conduct is directly linked to the quality of its risk management framework. Importantly, because conduct is not a standalone risk type, it does not have to be managed in a separate department, by a specific management team, with a different database and yet another silo. In every activity it undertakes, ...