Share these talks and lectures with your colleagues
Invite colleaguesRevisiting conduct risk management in the COVID-19 era with updated DOJ criteria
Abstract
Conduct risk refers to behaviours of firms, including financial institutions, which may result in poor outcomes for the consumer. Conduct risk arises in financial institutions due to the nature of various client relationships, many of which include fiduciary duties, as well as due to the impact that financial institutions make on the world’s financial markets. Financial institutions have always managed conduct risk. In the years since the financial crisis, conduct risk has been the subject of increasing scrutiny, as regulators across jurisdictions expanded requirements to address various types of misconduct. The coronavirus disease 2019 (COVID-19) associated health and economic crisis has created new pressures, incentives and opportunities that can lead to heightened conduct risk exposure as institutions adapt to an ever-increasing volatile market and changes to their operations and control environment (eg professionals now must work from home). As individuals attempt to exploit the pandemic, both the institutions and customers are at greater risk. Regulators, aware of the changes brought about by COVID-19, continue to expect firms to take responsibility, and identify and manage their risks and regulatory obligations. COVID-19-heightened conduct risk exposes financial institutions to large fines and penalties, regulator imposed business restrictions and brand dilution. Senior management face potential regulatory disciplinary action and loss of professional reputation. On 1st June, 2020, the Criminal Division of the US Department of Justice (DOJ) published updates to its guidance on the Evaluation of Corporate Compliance Programmes. This guidance helps institutions to assess the effectiveness of their compliance programme through the consideration of various factors, including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance programme. This paper suggests practical steps to identify and mitigate increased conduct risk arising from COVID-19. Financial institutions subject to US jurisdiction can apply these same steps to meet the June 2020 updated US DOJ criteria of corporate compliance programmes and enable firms to assess the effectiveness of its compliance programme in identifying and managing risks arising from COVID-19. Companies that meet the DOJ criteria earn substantially reduced penalties and stand a good chance of avoiding criminal charges and a government-imposed monitor. The first step is to transfigure (mis)perceptions that Conduct Risk Management is bad for business and convert detractors into supporters by demonstrating a positive ‘return on investment’. It is essential to include stakeholders across first line of defense business units and second line of defense control functions. Firms should fully document efforts to address conduct risk and ensure a culture of compliance and integrity so that the organisation gets full credit for its work to prevent and detect misconduct, should a regulatory inquiry arise. With this firm foundation, financial institutions should update the conduct risk assessment as an ineffective risk assessment is the common root cause for corporate scandals. Once they identify new and emerging inherent risks, financial firms should test the efficacy of responsive policies, processes and controls to determine residual risks that create a reasonable likelihood of significant legal, reputational or financial impacts arising from misconduct strengthening or expanding forensic data science and analytics can be particularly helpful in limiting opportunities for would-be wrongdoers. With this effective framework in place, financial institutions can mitigate often overlooked or underestimated conduct risks either amid a crisis or under business-as-usual conditions.
The full article is available to subscribers to the journal.
Author's Biography
Jonny Frank is a Partner at the global advisory firm StoneTurn and serves as US Department of Justice-appointed Monitor to Deutsche Bank, Voluntary Monitor and Remediation Consultant to North European Bank, DOJ-appointed Independent Auditor to the Big Three US automotive manufacturers, and Forensic Audit Adviser to the Securities and Exchange Commission-appointed Independent Consultant of the Big Four public accounting firms. Jonny was previously the Executive Deputy Compliance Monitor of Volkswagen AG, New York State Department of Financial Services Compliance Monitor of Ocwen Financial Corporation, a Big Four partner, Executive Assistant United States Attorney for the Eastern District of New York and among the faculty at the Yale School of Management, Fordham University Law School and Brooklyn Law School.
Laura Greenman is a Managing Director at global advisory firm StoneTurn, where she assists large financial institutions with the implementation and testing of internal control frameworks and compliance programmes, advising companies on how to remediate and enhance compliance programmes to prevent and detect fraud. Earlier in her career, Laura was with the Goldman Sachs Group, where she focused on financial and regulatory reporting. She also provided financial services assurance to public clients at a Big Four firm.
Citation
Frank, Jonny and Greenman, Laura (2020, September 1). Revisiting conduct risk management in the COVID-19 era with updated DOJ criteria. In the Journal of Risk Management in Financial Institutions, Volume 13, Issue 4. https://doi.org/10.69554/SCUH7552.Publications LLP