Transcription
MarketConductkpmg.co.za
Regulators have historically sought to enhance acustomer’s understanding of the products they purchase,imposing prescriptive requirements for disclosure, as wellas setting professional standards for sales advisers.The goal is to rebalance the ‘information asymmetry’ –however issues have continued to arise. A new regulatorymantra has emerged: ‘conduct risk’.Conduct risk is changing the global regulatory landscape. The aim is to drive financial services firmsto revisit their approach to enterprise risk management; to move from a profit driven businessmodel to a strategy that places customer centricity at its heart to rebuild trust in the market.Conduct risk, and placing the customer’s best interest at the heart of everything you do, requires ashift in mind-set. Clients often ask where do we start, how do we embed conduct risk, what sort offramework should be established? This document seeks to respond to common issues our clientsare facing.KPMG believe that firms that move at pace to harness the myriad of external drivers for change andto balance divergent interests of the customer, the company and the external environment can turnrisk into opportunity.
1Conduct risk and the need for change1Competition from newmarket entrants andFin Tech are changingtraditional distributionmodelsCustomers desiretransparency and simpleproducts that perform asexpected. Trust in banksand insurers is lowLevel of customeradvocacy becomesmore visible. Increasedopportunities for clientinteractionSustained regulator andgovernment investigationincreases the risk offines and d reward2CompanyDigital nessand efficiencyCustomersClientsatisfactionand needs4Social tainablebusinessmodelPressure ontributionto yInternal drivers of poor conduct.STRATEGY AND BUSINESSMODEL Strategy is drivenby poor profitabilityand skewed towardsshareholder return Drive for profitabilitycreates productcomplexity and lack ofcustomer value Desire to be quickto market on fintechinnovation createsunexpected and uniquecustomer impactsRISK MANAGEMENT Culture does notfoster an environmentwhere employees areencouraged to identifyand escalate concerns Risk management, qualityassurance and reportingis focused on internal;operational or reputationalrisks and fails to identifyemerging or crystallisedconduct risks Target driven employeeincentives create conflictof interest in salesprocess Good conduct andcustomer outcomes ismeasured only throughcustomer satisfaction Limited top downcommunication onexpectations of staffbehaviour and desiredcustomer outcomes Risk is owned by secondline assurance functionsrather than embeddedinto strategy and businessprocessCULTUREPROCESSES AND PROCEDURES Processes and proceduresfail to manage pooremployee behaviours and donot prevent the risk of poorcustomer outcomes Controls manage businessrisk rather than customer risk Risk culture is notembedded through first lineprocesses and performancemanagement
ionkExchanlatiductConPalkWalterplummers FairlyductConesRulMarket ConductMarketionProtectderholnticyYour oInfo f Persrma ontion alentrekwertsdit Act Finn El iotProtectnce Crk Dancal Creel igeial IntAnti Money Laundering Tersia RossouwMaAffordability AssessmentRequirements Finn ElliotNationcFinanFinn Sc, JohaartinMJohntcABanksMarkeMarket ConductrsheepesumMarketCAt FAToilEnInConMarket ConductOutsourcing / BinderRegulationsBenjamin VoslooonsMarket ConductMaeancsurtnduct CoNatAmeinonal Credidmen tt Actditreer CMarketiotControl ReguMarket ConductFinn Elgertswekcanrk DInDuarcatDemBecTreating Custotail Distribution ReviewMichel e Dubois Reosloomin VBenjaAlisonMark DanckwertsOur view of conductMark Craddock
The Conduct Risk Assessment Identifying risk, driving accountabilityand creating opportunityThe Conduct Risk Assessment is designed as a ‘first step’ in managing conduct risk in anorganisation. It is a business owned, top down assessment of a firm’s business model and strategywhich aims to identify inherent Conduct Risks and the materiality of those risks. The aim is toleverage the breadth of knowledge in an organisation to identify risks so they can be managed andmonitored, drive understanding and embed ownership and accountability so conduct risk becomesan opportunity rather than a hurdle.1ApproachOur approach is based on a series of KPMG facilitated senior management workshops.They are applied at a business or sub business unit level and are designed to mirror the scaleand nature of the client business and minimise impact on day to day activities.2OutputThe output of the Conduct Risk Assessment is a clear indication of the conduct risks inthe business, their materiality and where these risks manifest in the customer lifecycle.We provide suggested next steps where necessary working with key stakeholders to identifypractical and pragmatic action plans.
Reporting should drive the Board andsenior management to have meaningfuldiscussions on the most material conductrisks Conduct risk MI should evolve over time,reflecting the changing risk profile of thebusiness The strategic planning processshould explicitly take into accountthe potential impact on customer andmarket The business model and strategyshould be aligned to the firm’sconduct risk appetite There should be a regularassessment of the inherent conductrisks arising from the business modeland strategy Where there are conduct risksinherent in the strategy and businessmodel, firms need to take actionin respect of these whether it becreating controls or refraining fromactivity5Strategy and business model4çç MI should identify emerging risks not justcrystalise issuesConduct risk frameworkCulture MI should provide a current and forwardlooking perspective on conduct riskand exposure to allow the business toproactively identify and manage conductrisks Firms should have a clearunderstanding of the inherentconduct risks arising from theirbusiness model and strategyç23 The strategy and business modeland its execution, should reflectcustomer and market outcomesand should be assessed regularly toidentify how conduct risks manifestConduct risk toolsComponents ofconductMI and reporting1çç A firm’s culture must drive,enable and empower itsemployees if it is to avoid poorcustomer and market outcomes Firms should have conductcentric values and principles atthe heart of their business The right tone has to be set atthe top and values should becascaded throughout the firm Individuals should beempowered to do the rightthing and there should be realconsequences for individualsthat exhibit the wrong behaviour Objectives, measuring,training, reward and recognitionarrangements should clearlyreflect focus on good conduct Control functions should beempowered to stop wrongbehaviours Firms should manage their conductrisks within an established riskmanagement framework and targetoperating model that is embedded inthe business Firms should formally define conductrisk and establish a conduct riskappetite statement that includesqualitative and quantitative tolerances Firms should implement a conductrisk framework, aligned with thewider risk management framework,that determines how conduct risk ismanaged by the business Conduct risk governance should beestablished, either within or aligned toexisting governance structures The business should own themanagement of conduct risk The second line should establishthe risk management framework forconduct risk and provide oversight Firms must identify their conduct riskuniverse and establish tolerancesbased on materiality Tools and approaches across thebusiness lifecycle to support thedelivery of the conduct risk frameworkand facilitate successful customer andmarket outcomes “A range of conduct risk tools maybe requested to assess and manageconduct risk across the business lifecycle:-- *Business Model and Strategy Metrics should provide a view on theperformance of the business against therisk appetite-- *Governance and controls MI should be provided in a usable formatand at an appropriate level of detail-- *Sales and transaction process Firms must measure their market conducteffectiveness and make future decisionsbased on what their managementinformation is telling them (root-causeanalysis)-- *Product design-- *Post-sales handling Conduct risk tools may already existwithin the business but should berefreshed to integrate with the conductrisk management framework
Conduct Risk Framework Strategy Market abuse Insider-trading People Anti-money laundering Information technology-- Reporting onconductMARKETINTEGRITY(mainlywholesale)-- Supportmanagement ofconduct risk-- Operations andcustomer outcomes On-going productappropriateness Skills, training andawareness Managementinformation Oversight and linesof defensePRODUCTDESIGNFULFILLMENT Recoveries, collectionsand claims Complaints Remuneration,incentives and KPIsCULTURE &GOVERNANCEINFRASTRUCTURE Customercommunications Managementparticipation Product complexitySELLING Pricing, fees and value Customer targeting Switching and exitingproducts Personal data protection Product appropriateness Provision of advice, disclosure,and transparency distribution:intermediation and call centresdigital channels Conflicts of interest Product marketing
Top 10 conduct risks identified123Robustness of technology, infrastructure,digital transformation and fintechLegacy products and lazy moneyIncentives and remuneration4567Pricing models and value for moneyComplex products, terms and conditions,misleading marketingIntermediation and outsourcingAdd on products8910Ageing populationsCall centresPoor management information and rootcause analysis
Market Conduct- What KPMG can doAnalyse è Teach è Report è ComplyBusiness Model and Strategy Analysis (BMSA)Market Conduct risks evolve through the way firms do business, their business processes and modelsand the firm’s strategies. KPMG’s bespoke BMSA methodology is designed to identify the key MarketConduct risks in an organisation, focusing on the business model and the strategy that drives it bylooking at “what could go wrong”. These analyses result in a Market Conduct risk universe whichforms the basis of the firm’s Market Conduct programme and informs areas of additional focus andorganisational change.The BMSA can be conducted for the Business as a whole or separately for different parts of thebusiness.Product design/strategy development Conduct Risk Assessment: identification of conduct risks by product or business Product Design and Governance Framework Review Value for Money and Pricing Review Legacy and Back book reviewCommunications and Marketing Marketing Material Review: review of advertising, product disclosures and terms and conditions forclarity and misleading informationAnalyse Marketing Controls Review: review of approval process and associated guidance and tools foreffectiveness and efficiencySales quality advice and customer outcomes Sales Quality Review: review of sales for appropriate customer outcomes Financial Advice Quality Review Sales Remuneration and Incentives Conduct Risk Assessment Sales Controls design and Operation AssessmentSales Quality assurance Business Quality Assurance Effectiveness review (1st line controls) Compliance Quality Assurance Effectiveness Review (2nd line control) Training and Supervision AssessmentPost sales and servicing Insurance: Claims Handling and Decision Making Review Banking: Arrears and Collections Management Assessment IM and Banking: Trader Surveillance Complaints Management and Root Cause Analysis AssessmentBottlenose TechnologyFirms receive data from multiple sources in unprecedented volumes, some of which are difficult totrack and manage. One of the biggest difficulties is knowing how to identify relevant insights fromthis information to address the opportunities, issues and challenges facing your organisation. UtilisingBottlenose Technology, KPMG can help you track news and social media chatter / activity to detect andisolate patterns and actionable trends using real-time streams of data.
Market Conduct- What KPMG can doAnalyse è Teach è Report è ComplyTeachMarket Conduct awareness sessions and trainingThe KPMG Market Conduct practice is aligned with our global member firm regulatory practices tostay abreast of international developments. As a service to many of our clients, we provide C-suitelevel training covering issues which non-executive directors, directors and other executives shouldbe focusing on in respect of Market Conduct. We also provide bespoke training for larger audiencesfocused on the needs of specific business units within organisations e.g. call centre staff, sales staffetc.Online Training (E-learning)Online training course designed to educate members of staff on Market Conduct and the fundamentalprinciples of TCF. Through the use of voice, video, animation and sound the user is guided throughan interactive presentation consisting of four modules leaving them with an understanding andappreciation for Market Conduct, its objective and common drivers of risk. It concludes with a fifteenquestion assessment which KPMG, via the use of dashboards is able to interpret and share with you.The number of employees who have concluded the modules and passed the assessment is also avaluable piece of management information.KonductManagement Information and reporting are essential components of Market Conduct programmes,attracting increased emphasis and scrutiny from the regulator. MI and reporting are clearly a priority,with all indications suggesting that the regulator will be focusing on: how the entity is pulling MI together and analysing it from an outcomes lense; whether the entity has a summarised, sensible and meaningful view of MI on Market Conduct; andReport whether this view results in a risk-based prioritisation of Market Conduct risk.Smart analysis and interpretation of data enables entities to make informed decisions and identifypotential conduct issues. Konduct is an analytics platform that helps organisations measure, manageand predict Market Conduct risk by presenting and visualising complex data in a summarised, sensibleand meaningful way.Conduct DQM AssessmentOne of the key influencers in the Market Conduct Journey is the availability and accessibility of qualitydata. KPMG understands the issues and challenges faced with data and have developed the ConductDQM Assessment, to identify issues with the integrity and completeness of key data elements withincurrently available data structures in organisations, to assist in identifying possible issues in dataretention procedures, isolate root causes and provide gaps in data quality management, data ownershipand processes.ComplyRegulatory Readiness AssessmentsThe Market Conduct regulator is increasing the intensity of its supervision and its intention is to conductrisk-based interviews with organisations. This means that the Regulator already has a good idea of whatit will focus on, depending on firms’ operating models. Having delivered many remedial plans followingregulatory visits, the KPMG Market Conduct practice is well placed to help firms prepare for regulatoryinspections, particularly in identifying shortcomings and formulating plans for the identification andcoordination of appropriate evidence to be available for the regulator.
KonductKonduct is KPMG’s Conduct Risk solution that helps organisationsmeasure and manage Conduct Risk.Over the past five years Conduct Risk has become a priority for most financial service firms.Conduct Risk management information is essential to a firms ability to deliver good outcomesto their customers. Risks should be identifiable, easily understood and efficiently actioned.Technology is fundamental to driving Conduct Risk management information into actionableintelligence.LeadingLaggingDeveloped based onKPMG expertiseTrending and base-liningriskCan be updated by business usersEnd to end solutionWorkflow and action trackingTime/cost savingReal time, intelligent insightsSmarter visualisationAutomation, aggregation and action management, within Konduct enables risks to beidentified, understood and actioned in a quick and cost-effective manner.Konduct helps focus resources on risk analysis and mitigation rather than data collection andreporting.The Konduct solution accelerates the development of a robust and comprehensive conductrisk frameworks.
The Konduct tool can be configured quickly and easily to addressspecific business issues and present complex data in a way thatenables firms to manage their business and risks more easily.Business users can easily update the application without the need for expertise: Create, amend and delete metrics Add new users and manage user access Amend dashboards, both in terms of layout and chartsThis allows the platform to evolve in tandem with your business and risk lysisand or manualInteractiveUI eal-timeautomateddatadatacollectionConnectionto existingstoressystemsConnectionto existingdatadatastoresand andsystemsGovernance& actiontrackingGovernance& ableworkworkflow flowAutomatedtriggersalertsAutomatedtriggersand andalertsIndividualsassignedto eachIndividualsassignedto creportsDynamicreportsHigh-endD3 visualisationHigh-endD3 visualisationPersonalisedPersonalisedand andconfigurableDrill-downconfigurableDrill-downto tounderlyingunderlyingdatadata
Conduct risk assessment methodologyçAssessçDefineEmbedPhase 1Phase 2Phase 3Phase 4Post Assessment ActivityPlanning andScopingBusiness Analysisand Conduct RiskHypothesisConduct RiskWorkshopsReport andRecommendationsEnhance andEmbedçççççInitial groundworkto plan and scopethe Conduct RiskAssessment includingtiming, stakeholders,the scale and scope ofthe review to tailor it tothe operating group.Independent analysis ofkey strategy, businessmodel informationand the externalrisk environment.Development of initialconduct risk exposuresand themes.Facilitation ofworkshops with seniorbusiness managementbased on key ConductRisk Themes,identification of inherentconduct risks specific tothe business.Creation of a detailedreport of all risksidentified and practicalrecommendationsfor next steps andenhancement of keyrisk exposures.Deliver recommendedenhancement actionsand develop approachto management andmonitoring of identifiedconduct risks.Week 1Week 2Week 3Week 4Week 5OngoingKey Activity Identify businesssponsor. Work with sponsorand key stakeholders,plan the scope andplan the assessmentreview based on thenature and scale ofthe operating group Identify any keyareas for specificfocus (new products,areas of regulatoryconcern, recentchange in strategy orcommercial focus) Plan and deliverassessment logistics:document request,stakeholder lists,suggested workshopdates, workshopattendees, diaryinvites Agree checkpointsand timelines withsponsor Develop conduct riskhypothesis throughbusiness model andstrategy analysis Generic: identifythe generic conductrisks inherent to thebusiness model Specific: criticallyanalyse internaldocumentation anddata for specificconduct riskexposures inherent inthe business External: analyse theexternal environmentfor emerging conductrisks in the market,economy, regulatoryenvironment andcustomer activity Document initialhypothesisand themes fordiscussion (phase 3)KPMG conductrisk tools Risk identificationworkshop Facilitate workshopsessions for seniorstakeholders to: Document allconduct risksidentified including: Description ofconduct risk andcontext-- Create Potential customerunderstanding ofimpact should itconduct risk; andcrystallise-- Identify the Materiality/prioritymaterial conductratingrisk exposures in Identification of risktheir business.owners Use output of Suggested nextphase 2 to structuresteps, e.g. takediscussions by themeaction on crystallisedand as input to driveconduct riskrich discussion andexposures, considerchallenge.adequacy of currentcontrol framework, Document outputs ofembed considerationworkshopof potential conduct Risk validationrisk into strategyworkshopplanning and Share output at acommercial decisionsfinal workshop tovalidate findings andidentify gaps. Initialdiscussion of nextsteps Follow up individualdiscussions with keyindividuals wherenecessary to explorekey areas Risk owners driveenhancement actionsin the business andreport back on progress Managementinformation anddashboard createdbased on ConductRisks identified inworkshops Develop key riskindicators Reporting shoulddrive the seniormanagement to havemeaningful discussionson the most materialconduct risks Conduct risk MI shouldevolve over time,reflecting the changingrisk profile of thebusiness
Conduct Risk FrameworkRetail Bank Establishment of Conduct Risk as a new Principal Risk with board ownership and sponsorship Drove more effective change through development of new framework (policy, risk register, governance arrangements)and carve out from other risk types e.g. Operational / Regulatory risk.OverviewçRole of the Board andsenior managementRisk appetite,tolerance and limitsRisk framework andpolicySegregation of dutiesRisk identificationand measurementMandate of the riskfunctionRisk monitoring and reportingCultureProcesses Conduct Risk Steering Committees (sub committees of Board / Risk Committee) established. Distinct first line Conduct Risk functions mobilised. Appointed Accountable Executives for Conduct Risk in every Business Unit and Function. Strong emphasis on identifying current and inherent Conduct Risks as a ‘first step’. Arguably, you need to know whereconduct issues lie before you can set up arrangements to manage and monitor them. Second step was to manage current conduct risks followed by designing an approach to risk reporting, monitoring andoversight against key conduct risks identified. Embedded consideration of conduct risk into discussions about strategy at board and BU level. Initiation of a BU roll-out worksteam to raise awareness of Conduct Risk across the Group, drive cultural change, clearlycommunicate expectations and drive compliance with the new Conduct Risk policy and risk and control framework.Summary benchmarking overviewFirm 1Firm 2Firm 3Firm 4Firm 5Separate conduct risk functionüüüûüA senior individual has been assignedaccountability in the 1st line of defenceüüüThe firm has established a dedicated conductrisk committee structureûûüResponsibility for second line oversight ofconduct risk sits in the compliance functionüüüüüConduct risk function reports into theoverarching Risk functionûüûüüThe firm has established specific ConductRisk KRI's and risk appetite statementsüüûüü
Key ContactsMark DanckwertsNicky KingwillMark CraddockBenjamin VoslooTersia RossouwDemarcation, Outsourcing / BinderRegulationsT: 27 82 710 9640benjamin.vosloo@kpmg.co.zaKnow Your Client,Anti Money laundering,Financial Intelligence Centre ActT: 27 82 719 0300tersia.rossouw@kpmg.co.zaWalter PalkAlison BeckFinn ElliotHead of Market ConductT: 27 82 710 3261mark.danckwerts@kpmg.co.zaExchange Control RegulationsT: 27 82 492 2709alison.beck@kpmg.co.zaAssociate Director,Reglatory Centre of ExcellenceT: 27 82 718 7291nicky.kingwill@kpmg.co.zaNational Credit Amendment Act, FATCA,National Credit Act, AffordabilityAssessment Requirements, FAIST: 27 790 399 367finn.elliot@kpmg.co.zaProtection of Personal InformationT: 27 83 303 9214mark.craddock@kpmg.co.zaInDuplumT: 27 83 397 2154walter.palk@kpmg.co.zaMichelle DuboisRetail Distribution ReviewT: 27 60 997 4512michelle.dubois@kpmg.co.zaVisit our Market Conduct Website: esPublications/Africa-Regulatory- Center-ofExcellence/Pages/Market-Conduct.aspxVisit the KPMG regulatory Centre of Excellence website: t.aspx 2016 KPMG Inc, a South African company and a member firm of the KPMG network of independent member firms affiliated with KPMGInternational Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in South Africa. KPMG and the KPMG logo areregistered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity. MC14424.
management framework and target operating model that is embedded in the business Firms should formally define conduct risk and establish a conduct risk appetite statement that includes qualitative and quantitative tolerances Firms should implement a conduct risk framework, aligned with the wider risk management framework,
