Innovative Consultancy Expertise for the Financial Services Industry in a Rapidly Changing Marketplace

What is Conduct Risk?

Conduct risk is the threat of financial loss to an organisation or poor outcomes for clients, caused by the poor behaviours and direction of its managers and employees.

Do The Right Thing


An organisation is only as good as its people. This is certainly true for firms in service industries, which rely on a positive client perception to build and maintain their business. Financial services are no different. They are built on the strength of their people, and how a firm is perceived can have ramification for its clients, its licence to operate, and even for attracting new talent. The conduct of staff is key to ensuring that a firm not only meets its obligations to its stakeholders but exceeds them. The damage done to the financial services industry both during the crisis and as a result of issues, such as the mis-selling scandals, will take decades to resolve. Given what has happened, there has been a new and continued focus by firms in the area of conduct risk management.

Conduct risk persists as a focus for the regulators. The FCA, for example, continues to see a firm’s culture, governance and behaviours as key to ensuring client confidence and an orderly market. ‘We expect firms to be able to demonstrate that their purpose, leadership, governance arrangements and approach to rewarding and managing staff do not lead to avoidable or unnecessary harm to their customers.’ FCA Business Plan 2018/19.

Traditionally, firms have tackled conduct by setting rules and policing them heavily. This is typically done

by monitoring employee behaviour such as their trading activity. Setting rules and having to police them has a number of downsides: it is expensive to put the monitoring in place; if employees know the rules, they may well circumnavigate them; and, most importantly, the environment fostered is not one that promotes trust between the employee and the firm. Setting rules and monitoring them is not only cost intensive, but also potentially ineffective in preventing misconduct issues. Rules cannot account for every scenario that an employee will encounter, so how to you ensure that someone will do the right thing, when a rule does not prescribe it?

It’s important to take a step back and examine the aim of the conduct agenda. Organisations are looking to ensure that their employees not only look after their clients, but also comply with a number of aspects: the law, regulation, the firm’s values and beliefs, its risk appetite and its strategy. Given advancements in technology, it is now time to take a look at a different approach.

Maybe technology is the answer. Technology is having a huge impact on how we work and communicate, but it also has huge potential in redefining how we manage conduct risk. The new world is characterised by people in disparate locations connected by technology and by large amounts of available data. Machine learning can...

 “Efforts to understand a firm’s culture and the norms and beliefs (coming from both within and outside the organisation) that drive staff behaviour are extremely important to improving conduct...”

FCA be of huge help in spotting patterns and therefore aid in the detection of misbehaviour, given the vast improvements in the data landscape. Even better, predictive analytics can be used to prevent issues happening in the first place. Gathering disparate sources of information such as when someone arrives for work or their activity on social media can be paired with more ‘traditional’ sources of information. We have all seen conduct issues triggered by circumstance and heading these off before they happen is of great potential benefit. That sounds costly, right? Well it can be, but organisations using technology in this way create a huge source of data, which can also be used for commercial purposes, such as revenue generation and improved client service opportunities. Thinking creatively can make this approach not only cost effective, but also able to provide pay back.


However, can technology alone solve conduct issues? We think not. We believe that a strong, consistent organisational culture is also vital. The complexity of organisations makes this increasingly difficult to achieve, but increasingly necessary in order that individuals make the right decisions in relation to their conduct. Many organisations have mission statements and a list of values. But only when an individual feels that everyone in the organisation lives and breathes these consistently will they too adopt the right behaviour. The

phrase ‘do as I say but not as I do’ does not foster the right culture for avoiding conduct issues. Firms need to think about different approaches and there is no silver bullet. However, thinking about complimenting the usual rules with a culture which positively rewards good conduct can help in preventing misconduct issues.

Misconduct is often as a result of personal circumstances which are outside the firm’s control, but having a strong culture which means the individual trusts the organisation to be able to raise these issues and knows they will be supported in resolving them, can also go a long way to preventing issues from occurring. The corporate and social environment of a firm can have great positive or negative impacts on behaviour.

In conclusion, firms that are able to use culture to drive conduct and support this with technology are not only more likely to succeed, but will also be enabling an increased data store that can be leveraged in other ways. Good conduct can either make or break an organisation. ‘Doing the right thing’ was never more relevant in our industry that it is now.

Claire Lincoln-White : Managing Partner
Fraser Hawkes : Director
Matthew Pownall : Business Analyst

Providing Innovative Expertise in Conduct Risk

 The financial services industry has been subject to a number of high profile, highly damaging conduct risk events, exposing varying levels of misconduct within a range of organisations. Every organisation is potentially exposed to a level of conduct risk, irrespective of size and industry. Through effective management of conduct risk, firms can reduce their exposure, and the related cost to their business.

The financial services industry has seen a significant change in attitudes towards conduct risk management and must remain compliant with regulations and meet customer expectations. To do this, firms must proactively shift investment towards preventative measures rather than detective ones, whilst maintaining a cost-effective business.

Conduct Risk Management Framework

Preventative Risk Management

Detective Risk Management

Preventative Controls

  • Machine learning and data mining identify individuals at risk of acting inappropriately or out of character, before the risk event occurs
  • Predictive monitoring, supervision and surveillance identify red flags which could lead to conduct risk
  • Information barriers prevent the inappropriate sharing of confidential and sensitive material
  • Personal account restrictions limit the potential opportunities for misconduct

Detective Controls

  • Post trade monitoring and surveillance identifies anomalies faster, reducing the impact
  • Complaints management procedures must be effective in identifying/ addressing the root cause
  • Whistle blowing policy gives staff the freedom to speak out and flag misconduct to management
  • Automated communications monitoring including phone, text, email and messaging
  • Personal account monitoring identifies instances of extracurricular misconduct

Conduct Governance

  • Top-down governance frameworks provide clarity of responsibility and accountability channels
  • Risk Committee and Head of Conduct Risk establish reporting lines and ensure staff are aware of conduct expectations
  • Risk appetite should factor in all levels of risk assessment and conduct risk strategy
  • Forward looking management information fees into Board and management to influence strategy decisions

Conduct Management Information

  • Trend analysis of individuals or teams (e.g. pattern indicators from a trading desk, complaint incidents or profits over a period of time)
  • Event occurrence and incident rate analysis to establish patterns
  • Remedial action taken and instances of a successful remediation identify persistent issues
  • Firm, business, desk and individual MI to feed into management decisions

Firm Culture

  • Training encourages the desired firm-wide approach to the agreed upon risk culture
  • Business strategy and direction must be in line with the desired culture and behaviours
  • Remuneration and incentives link to desired behaviours, encourage staff to buy in to ethical and cultural standards set out by management
  • Organisational set-up to reward a positive culture and behaviours

Residual Risk Assessment

  • Trend analysis of individuals or teams (e.g. pattern indicators from a trading desk, complaint incidents or profits over a period of time)
  • Event occurrence and incident rate analysis to establish patterns
  • Remedial action taken and instances of a successful remediation identify persistent issues
  • Continual risk assessment to feed into management decision making

Managing Cultures

Conduct and culture are intrinsically linked. For this reason, conduct risk loss events are, more often than not, attributed to shortcomings in a firm’s underlying culture. These loss events can be extensive and damaging both financially and to the firm’s reputation.

At New Link Consulting we believe addressing the underlying culture at a firm-wide level will significantly reduce risk related to employee misconduct and improve client focus. We have identified six conduct hotspots that commonly lead to misconduct events.

Conduct Hotspots

Culture of Accountability

The firm’s culture should positively re-enforce good behaviors to encourage employees to take decisions in line with the firm’s values and beliefs, before misconduct arises.

Alignment of Goals and Culture

Short term, often financial, successes much be balanced with longer term ethical and cultural achievements. Promotion, personal development and remuneration must be aligned in order to create sustainable, positive, behaviours.

Conflict of Interest Management

Conflicting objectives may lead staff to act opportunistically, seeking personal incentive and failing to achieve their legal and ethical obligations.

Business Model & Growth Planning

Attitudes towards growth can negatively impact conduct risk and cloud decision making at all levels of the organisation. The ‘grow at all costs’ mentality can lead to friction and lead to misconduct.

Manual & Repetitive Processes

Processes perceived as repetitive and without purpose can lead to shortcuts and short- sightedness in their execution. Staff must understand the reasons for, and the outcomes of, the tasks they perform and how those activities relate to the organisational strategy and values

Weak Technology Systems

Firms must invest in technology in order to prevent potential misconduct issues, whilst also detecting wrongdoing, and act appropriately and consistently when potential or actual issues are identified.

Why Choose New Link Consulting?

New Link Consulting is perfectly placed to be the partner of choice for conduct risk management services.

New Link Consulting delivers conduct risk services through its Non-Financial Risk Practice. This practice is driven by experienced, practitioner-led business consultants with the focus on risks arising from employee conduct, third-parties, technology, data, business processes, and controls. New Link Consulting advises its clients on the identification, assessment, modelling/measurement, monitoring and management of such risks.

By combining our expertise in the subject matter with exceptional change management skills, New Link Consulting can assist clients to deliver measurable results. We provide a collaborative partnership, where clients are central to our offering.


Conduct Risk

Help organisations assess and evolve the value and benefits of a strong risk culture and conduct management framework, to ensure alignment with the firm’s business strategy and risk appetite

Next Generation & Technology

Assist organisations take advantage of innovative new technologies (e.g. machine learning and robotics) to better identify and manage their non-financial risks


Non-Financial Risk Transformation

Interim management and change practitioners to transform how clients leverage people, technology, data, process and controls to address operational risk and drive enhanced business performance


Risk Management Framework

Strengthen and align non-financial risk frameworks with evolving business and regulatory business areas


Control Design & Improvement

Assess and design controls to maximise adequacy and effectiveness of business processes whilst balancing cost efficiency


Control Governance

Provide a robust governance framework and develop management information to continuously monitor non-financial risks and control effectiveness


Control Remediation

Identify remediation requirements and provide experienced consultants to prioritise and complete necessary remediation activities


Risk / Control Testing & Assurance

Develop and execute effective risk and control assurance and testing frameworks to determine a client’s risk levels and identify areas for risk reduction

Cyber Risk

Help firms stay vigilant and resilient to all forms of cyber risk, to reduce instances of financial loss, disruption or damage to the reputation while accessing opportunities presented by new technologies.


Established in 2011, our practitioner-led service offering combines deep industry knowledge, gained through years of direct experience, with innovative change management skills.

Claire Lincoln-White


Managing Partner

Fraser Hawkes