In its simplest form, conduct risk is when an organisation’s stakeholder’s behaviour leads to unwanted behaviour or crimes, either detected or not, and detrimentally damages an organisation’s or sector’s reputation, negatively impacting market stability and potentially damaging innocent individuals. Stakeholders include employees, customers, suppliers, shareholders and other connected persons.

Conduct risk by its very nature can negatively impact an organisation’s brand such as the recent case of Oxfam regarding the safeguarding scandal or the gender pay exposure from within the BBC.

Conduct risk can negatively impact a whole industry such Housing, for example the Grenfell Tower Fire that has led to the Dame Judith Hackett inquiry and the recently published Interim Review of Building Regulations and Fire Safety, which stated:

“it has become clear that the whole system of regulation, covering what is written down and the way in which it is enacted in practice, is not fit for purpose ...”

Conduct risk impacts multiple sectors as being witnessed by the police Operation Hydrant investigation into non-recent child sexual abuse that had received 2,094 referrals for investigation as at the end of December 2017.

Serious conduct risk once publicly exposed, tends to have some common threads. For instance, executive shock of this unexpected ‘left field’ exposure followed by the need to improve or even introduce the concept of transparency, controls and procedures.  

It is apparent that as the pace of change accelerates and complexity increases, the numbers of conduct risk instances increase. Some argue this is not surprising, however, what remains surprising is the seemingly lack of new thinking and approaches that address the temptations and the resultant damaging impacts.

Conduct risk is intrinsically related to an organisation’s documented rules and ethics, which should influence the way behaviour is conducted. These documents represent Complex Knowledge, which has been synthesised from regulatory, statutory, legal, tax, tariffs, policies or procedural matters that need to be applied in practice.

Complex Knowledge in the form of these documents, is now beginning to be perceived as not being fit for purpose because they are:

• Difficult to use and
• Easy to misuse.

This leads to the crux of the issue, which is that there is a material gap between perception and reality.

Organisations often have stringent controls for managing this type of document, including signatories for approving changes, with checks and balances embedded within their operations, risk and audit capabilities.

However, the very nature of these documents is that they contain choices, pathways and outcomes. These algorithmic structures have typically weakened over the passage of time, as risk and regulatory complexity has increased. The problem has been compounded as these documents have not been subjected to usability tests, nor are the user decision journeys transparent and measurable.

These incomplete, ambiguous and inefficient documents have led to increasing compliance and risk costs, whilst negatively impacting productivity.

Dangerously, they have masked deep systemic risks. Every choice embedded within these documents contain options. This means a user selecting the wrong option, travels along the wrong pathway, leading to the wrong outcome. The embodiment of so many choices in so many documents has led us to define the term nano risks as there are so many. It is these nano risks that seep through current controls, leading to an increasing volume of false positives and false negatives. It is the scale of these nano risks, which eventually manifest themselves into unexpected exposures, brand contamination and balance sheet exposures. The gap between perception and reality is now a chasm, which has led to spiralling compliance costs and unnecessarily high bureaucratic overheads.  

These documents are produced, often not managed properly or distributed effectively, but appear everywhere.

As a reminder, the last line of defence is the external audit where applicable, who do spot checks to ensure that related documents are fit for purpose. This firmly puts the spot light on the big four auditing firms particularly in the Financial Services and those that are Publicly Traded Companies.

The personal pressures and implications now are increasing dramatically on Company Directors, Management Teams, Advisors, Authorised and Approved Persons, Trustees and Governors, to ensure transparency, improvement, accuracy and compliance with procedural and policy documents, are now significant and very high profile – as it should be.

It is time to start thinking differently.