Three sections of the report (PDF 1.63 MB) are worth highlighting.
First, a summary of the responses from 53 firms (from across all sectors) on what they are doing on governance and misconduct. There is nothing new or surprising here but useful to have the usual suspects confirmed:
- The usual references to the importance of culture (values, tone from the top, codes of conduct, incentive structures, whistle blower arrangements, root cause analysis, and ethical behaviour towards customers and other stakeholders).
- Firms continue to struggle to develop good metrics to monitor progress in improving culture and reducing misconduct, with a general reliance on operational losses (actual and expected) due to misconduct; serious incidents or significant conduct investigations underway; regulator fines and customer complaints; and employee performance and training indicators.
- Most firms subsume misconduct risk under compliance and occasionally operational risk (which although not commented on in the report may mean that misconduct risk is not given sufficient prominence within the firm and may lead to an insufficient emphasis on the role of the first line of defence in managing misconduct risk).
- Firms asked for improved guidance from regulators on setting expectations around a misconduct risk framework and overlaps between the first and second lines of defence; greater consistency in definitions and taxonomies for misconduct risk; enhanced processes for reporting of misconduct and whistleblower policies; and a regulatory process for tracking “rolling bad apples”.
Second, a review of the academic literature on culture. Again nothing new here, but the various strands of the literature do provide a good organising framework that firms might find useful for assessing their own policies and procedures, including values and beliefs, social norms, leadership, decision-making, speaking-up and incentive structures.
Third, the working group proposed three areas which it wants to pursue further, all of which resonate in the UK in particular:
- how to spot “rolling bad apples” moving between firms;
- the potential value of allocating individual responsibilities for conduct risk to specific senior managers in a firm; and
- how to identify and address situations where a firm’s actual norms differ significantly from the firm’s stated values.