Few would debate the importance of recognising and addressing conduct risk. The recent increased attention it has received within the financial services industry has been largely driven by ever-strengthening conduct of business supervision. This paper by Milliman’s Emma Hutchinson and Jennifer van der Ree covers recent regulatory developments in the United Kingdom in relation to conduct risk. The authors also discuss best practice for robust conduct risk management frameworks.
For a number of years now, legislators from around the globe have poured huge energy and resources into assisting with the development, and in some cases complete reworking, of their prudential regulatory regimes. Local regulatory authorities have been similarly active in the implementation of these changes. Finally, the dust is starting to settle on this latest wave of change, with the likes of Solvency II for insurers now in place in Europe, and the Own Risk and Solvency Assessment (ORSA), in its various guises, firmly recognised globally as a key cornerstone of best practice when it comes to sound solvency management.
Now attention is slowly but surely starting to turn to conduct, the second key function of regulatory authorities, and legislators have become active again. Recent years have seen conduct risk push its way ever higher up the agenda. What do we mean by conduct risk though? The International Association of Insurance Supervisors (IAIS) has succinctly described it as ‘the risk to customers, insurers, the insurance sector or the insurance market that arises from insurers and/or intermediaries conducting their business in a way that does not ensure fair treatment of customers.’ The chair of the Financial Stability Board (FSB) has stated that ‘the scale of misconduct in some financial institutions has risen to a level that has the potential to create systemic risks.’ Such observations have served to further place conduct risk management in the spotlight, not just in the insurance industry but across the whole spectrum of financial services firms.
So what has been happening in this space? At a global level, the IAIS and the FSB have both been active. The IAIS has, through its Insurance Core Principles (ICPs), set out a number of key conduct requirements, namely suitability of persons (ICP5), corporate governance (ICP7), risk management and internal controls (ICP8) and conduct of business (ICP19). The FSB, charged with developing and promulgating global financial policies designed to minimise the likelihood of another financial crisis, has published a number of reports on measures to tackle misconduct in financial services. In May last year, it published a report setting out the next steps in its work to consider the role that governance frameworks have to play in reducing misconduct. It listed the following five themes as key elements of conduct risk management:
1. Clearly defined corporate strategy and risk appetite with relevant controls.
2. Appropriate expertise, stature, responsibility, independence, prudence, transparency and oversight on the part of board members and control functions.
3. Corporate culture.
4. Effective control environment.
5. Appropriate people management and incentives.