Conduct: The Next Frontier in Surveillance

What Came First: the Chicken Or the Egg?
It’s a rhetorical question of course, with no single answer.
Conduct and culture are much the same way.

Does Conduct Drive Culture, Or Does Culture Drive Conduct?
The answer is both are true. Culture and conduct are inextricably linked. But the fact is, you can’t effect either without having a strong program in place to know what’s going on in your organization in the first place. This is where conduct surveillance comes in.

Conduct Surveillance Driven by Regulations?

In financial services, conduct surveillance has historically been driven by regulations. "If we go back to before the financial crisis in 2009, traders were manipulating FX rates, they were manipulating Libor and so the initial focus of regulators was on specific types of market abuse," said Jason Merritt, Director of Business Development for NICE Actimize (picture). "This led to MAR, FX Code of Conduct and eventually MiFID II, which introduced additional controls."

But now that many of these regulations are embedded into organizations, the next natural step is to focus on conduct more holistically. "The regulators have focused on very select areas over the years, but ultimately if you can focus on the root causes of problems and manage the conduct within your organization, you should see the number of market abuse alerts and breaches decrease."

Regulations like the FCA’s Senior Managers and Certification Regime (SM&CR) are also now putting the focus more squarely on conduct and raising the bar on accountability, leaving no room for pleading ignorance, even for corporate board members who may claim to be unaware. "Under SM&CR, every employee apart from a few exceptions, has to be aware of their own conduct and how it can affect the firm," added Merritt. "So it's up to the managers to monitor their staff, but at the same time their staff needs to be aware of their conduct as well."

Not Just fines But Also Reputational Risk

Aside from personal liability for managers, misconduct can have severe repercussions for firms. In recent years, conduct-related fines have totaled in the tens of billions of dollars. "Outside of regulations and fines, there’s also reputational risk," said Merritt. "A single insider dealing headline can bring irreparable harm to a firm, and other conduct issues, like internal harassment, can draw unwanted attention from regulators."

But Merritt says, the real conduct sea change, is being driven by a quest for something much more aspirational - the desire on the part of financial services firms to align themselves with current cultural values. Already a phenomenon, ESG (a practice where a firm’s environmental, social, and governance factors all contribute to consumer investment decisions), is expected to take off with the current pandemic situation shifting societal values. As a result, "conduct surveillance is transitioning from something that's purely regulatory driven to something that’s more culturally driven within the organization," said Merritt.

"Conduct has really been raised up the agenda, particularly on the buy-side, where people are saying, ’I only want to invest in funds which focus on or are offered by companies that behave ethically,’" added Merritt. "As firms aspire to more ethical behavior, conduct surveillance can bring much needed transparency."

Having transparency into conduct at an individual regulated employee level also helps firms link behavior to compensation. Some wholesale banks are already incorporating conduct into their performance appraisals.

The Link Between Conduct and Pay

In 2019, the Financial Conduct Authority (FCA) hosted Conduct Roundtables with 18 wholesale banks, each of which was represented by a group of staff at the vice president level or equivalent — termed the "Engine Room." The roundtables culminated in the FCA’s latest report on the 5 Conduct Questions Programme, ’Messages From the Engine Room’, which reflects the FCA’s findings and perspectives.

One area covered in the report is the link between conduct and pay. In the report, roundtable participants said that the conduct element of performance reviews was weighted at around 50%, and that 5% of their collective staff had received a renumeration increase of at least 10% for good conduct, while 1.4% had their renumeration reduced by at least 10% for poor conduct. The FCA applauded the firms’ progress to date but also said there was much room for improvement.

Still, Merritt believes it’s a step in the right direction. "By monitoring conduct and linking pay to conduct, firms can reward people who do a good job, but also do it ethically, and at the same time be a lot more transparent with shareholders."

How to Define Conduct and How to Monitor?

Doubling down on conduct issues, linking renumeration to conduct are both great ideas. But firms can’t get there without having a big picture view of conduct in the first place. And this is where most organizations stumble: how to define conduct, and how to monitor, measure, track and report on it.

Conduct issues can be broad and sweeping. Furthermore, a person’s conduct isn’t defined necessarily by any single thing they do, but by behaviors across multiple criteria and dimensions, some more definable than others. Then there are the unknown conduct issues that firms never know about until they rear their ugly heads.

In its report ’Messages From the Engine Room,’ the FCA further asserted that while "conduct and culture will remain a key focus of our engagement activity," that the depth of understanding and the ability to identify conduct risk in day-to-day working life remained unacceptably weak, further advising that, "an active approach to identifying conduct risk is an essential first step for firms, given that a risk that has not been identified cannot be managed or reduced."

Closing the Conduct Risk Gap: What Needs to Change

The reality is, senior executives may have broad accountability for employee misconduct, but because data and analytics are managed in silos, sadly managers lack the necessary insight into the true sources of conduct risk they need to effect real, systemic cultural change.

"Firms can implement different types of controls to manage conflicts of interests, trading surveillance, personal account dealings surveillance, and so on, as standalone processes, but to get to the level of an organization that fully embodies conduct and culture, you have to try to bring all of this data together," said Merritt.

Siloed vs. Consolidated View

"Generally firms aren't really monitoring for conduct, at least not a consolidated view of conduct. They might be looking at whether a trader has got loads of alerts, or whether a financial advisor has too many suitability breaches. But at the end of the day, they’re looking at conduct through a one-dimensional, siloed lens, at a specific moment in time," he explained.

For example, a credit department might identify that a trader, who we’ll call John, has breached his credit limit. A separate risk department might see that John has breached his risk limit, and another department responsible for monitoring complaints might identify John as a risky employee too. But none of these departments know what the other departments know. And worse, because all of the various risk data isn’t consolidated or readily available up the chain of command, no one, not John’s direct manager, or the next level executive, or the one above that, knows exactly just how much of a risk John presents to the organization.

The problem is, for most FSOs, risk data and alerts are stored in different formats across multiple systems, making it very difficult for managers to get a ’big picture view’ of what’s happening across the organization.

The FCA affirms that viewing conduct risk in this "diffused way" is a poor practice.

To understand true risk you need to look at an individual across multiple dimensions, and look at how risk is evolving over time.

"To get to the heart of employee conduct, you have to look at more than markets surveillance," Merritt explained. "If you’ve got a head trader you’ll want to look for instances of market abuse, but you’ll also want to look at whether that trader is getting lots of complaints from clients, or meeting their best execution obligations. Is their P&L vastly different from the past? Have they sent risky communications? To create a complete 360-degree view of this trader’s risk, you need to bring all of the feeds from your different surveillance systems together."

Another important aspect of assessing conduct risk is having the ability to find anomalies and look at behavior comparatively and over time.

For example, if a trader’s P&L on a certain day is $50,000 (compared to other traders who average $20,000), but historically he has averaged $45,000, that shouldn’t raise an eyebrow. On the other hand, if his P&L suddenly jumps from $50,000 to $250,000, that could be cause for concern. Anomaly detection, a form of AI which uses Machine Learning to compare potentially risky behaviors (identified in new data) to historical behavior over time, can automatically spot these types of risk indicators and bring them to the forefront.

This historical view also contributes to a more accurate picture of an individual’s relative risk. For example, a trader who breached his credit limit one time might not be viewed as risky as one who breached it four times in the past. Risk is relative.

Conduct Risk Challenges in the New Normal

This ability to identify conduct risk across multiple dimensions and across the time continuum has never been more essential.

"If you're a trader working in the office, you've got compliance literally sitting next to you, monitoring what you're doing, seeing whether you're using your own personal devices, and so on," Merritt pointed out. "But when you’re working from home, how can a manager actually be sure you’re not bypassing the rules? Work from home opens the door for more potential conduct abuse because there's nobody looking over the trader’s shoulder."

This presents a unique problem - because calls on unknown devices wouldn’t be recorded as required by law. More importantly, it could be a sign of more serious conduct issues if a trader is deliberately trying to avert detection.

This too, can be addressed through anomaly detection and conduct surveillance.

"Say a trader used to get 20 orders a day and took 20 phone calls a day when they were in the office, but now they’re getting 20 orders a day and only 5 of those related calls are being recorded. Similarly, if you had a trader who was earning $100,000 a day in profit in the office, and is now racking up $500,000 a day in profit working from home -- these could all be early warning signs of conduct risk that a firm would want to be alerted to and look into."

Bringing Transparency to Conduct Risk

Regulations like SM&CR leave no room for excuses. Board members and senior managers can be legally culpable for their own conduct and the conduct of their employees.

But without proper insight, it’s hard to have proper oversight.

As part of its Conduct Roundtables, the FCA posed this critical question: How can a board or senior level manager gain oversight of the conduct of business within their organization, and equally importantly consider the conduct implications of the strategic decisions that they make?

While accountability looms large, C-level and other executives in the management chain have few tools to visualize and understand where conduct risk really lies within their organization.

One offshoot of a consolidated conduct surveillance approach (e.g. Holistic Surveillance) is the introduction of data visualization dashboards. With these dashboards, executives can instantly know where the greatest risks lie, whether or not current controls are working, and where more resources need to be allocated.

The dashboards present summary level data in an intuitive, graphical, easy-to-read format, enabling executives to view business risk on a global, divisional, regional, and even employee level. Executives can see how different types of conduct risk are trending (based on numbers of alerts), and where risk is coming from (e.g. Markets Surveillance, Communications Surveillance, Reg BI Surveillance, Sales Practices and Suitability, etc.), and even drill down to the employee level data to identify the biggest offenders.

This approach gives managers an advanced monitoring tool for conduct appropriate to where they sit in the management structure. "A manager of equities trading is obviously going to have dashboards that present a different view into conduct than a manager of fixed income trading, and their boss will have yet another consolidated view across divisions," explained Merritt. "The key is to automatically structure the data so that no matter where you sit the organization, you can understand sources of risk in your organization, whether those risks are going up or down, and what to do about them."

Conduct: The Next Frontier in Surveillance

Having the right conduct surveillance tools isn’t just about catching people doing bad things - it about methodically focusing on conduct, which goes to the very heart of a firm’s brand, reputation, and perhaps even its survival.

The FCA’s report puts this in perspective. It states: "Over the past few years it has become increasingly clear that conduct and behavior fundamentally underpin a firm’s brand and overall business. For some, it has become a key differentiating factor that partly explains why customers want to start or carry on doing business with one firm or another. We regularly hear about the appeal of ’a safe pair of hands,’ ’knowing we will be treated fairly,’ and ’knowing transaction structures will be above board.’ This reflects the elevation of conduct as a unique sales proposition or a point of differentiation. Firms increasingly recognize that conduct is fundamental and integral to ensuring their longer-term strategic health."

Merritt sums it up this way: "Ultimately, conduct is the holy grail of surveillance. Firms need to look at Conduct Surveillance not just as a regulatory requirement, but as investment that can drive value for the whole organization, through greater transparency, accountability and cultural transformation.