Skip to main content

Conflicts of Interest in Investment and Wholesale Banking

Policies, Registers and Risk Appetites

This blog is aimed at investment and wholesale banks and sets out our insights into good practice for managing Conflicts of Interest effectively and efficiently. It is part of our Wholesale Conduct Risk blog series.

Conflicts of interest remain a key area of regulation requiring firms to manage and monitor the actual and potential Conflicts of Interest that occur within their business effectively.

This blog sets out our views as to what defines good Conflicts of Interest management practices, key considerations on conflicts policies and registers and on how to reflect the risk appetite of banks for this inherently high regulatory risk.
 

1. Why are Conflicts of Interest policies and procedures important?


Conflicts of interest occur all the time and are often inherently unavoidable when delivering corporate and investment banking services to clients. Well-articulated and structured policies help to guide employees into successfully managing this risk through adherence to clear instructions on how to apply judgement when managing this risk.

Regulators view a bank's policy and procedure framework as key evidence of robust governance. They expect to see clear organisational structures with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor Conflicts of Interest , escalate and report the risk. 

Furthermore, Regulators expect firms to ensure all employees are capable of performing, and are aware of, their conflicts management responsibilities. This requires effective and clear communication with all staff.

Effectively communicating with a Conflicts of Interest policy starts with clearly articulating the required actions to all staff:

mitigate, control, monitor, escalate, segregate, log and clear, impose restrictions on an activity, escalate etc.

prevent from arising (Chinese walls), decline to act, recuse from meeting, transaction or syndicate etc.

to client, to regulator, to take-over panel, to Company Secretariat etc. and, where possible, obtain consent to proceed.

2. Who is responsible?


The responsibility for the Conflicts of Interest risk policy is often delegated to the Compliance Officer or a dedicated Conflicts of Interest Officer. However, the policy should clearly articulate the responsibility of all stakeholders (Board, Executive Committee, Risk and Compliance functions, Front Office, Operations and all other staff) to identify and manage conflicts and support the firm’s systems and controls.

While some firms have a dedicated Conflicts of Interest committee that covers all conflict categories comprehensively, others manage it in a set of specialised risk committees (e.g., Personal Conflicts, Best Execution, Product Governance) that report upwards to one general senior risk committee on an exception’s basis. It is, however, important to ensure that key function holders, i.e., persons who have significant day-to-day influence over the direction of the firm and heads of internal control functions, are members of such committees and that each committee or forum has a clear mandate for specific conflict types.


3. Minimum content of a Conflicts of Interest policy


To ensure your Conflicts of Interest policy is effective and meets regulatory requirements, consider incorporating the following elements:

  • Clearly Defined Roles and Responsibilities: Explicitly define and assign the ownership of the roles and responsibilities to key stakeholders – including the Board of Directors, Executive team, business units, control functions, and staff – in managing potential and actual Conflicts of Interest at every stage of the risk management process.
  • Comprehensive Registers: Articulate in detail potential conflict areas within the firm and each business divisions, explaining how and why these conflicts may arise.
  • Articulated Risk Appetite and Key Risk Indicators: Clearly articulate the firm's risk appetite concerning Conflicts of Interest and require the translation into risk appetite statement for each major business activity. It should require the identification of key risk indicators used to monitor and measure Conflicts of Interest risk.
  • Detailed Procedures, Controls and Reporting Requirements: The policy should require specific procedures and controls and the management information that the first and second lines of defence must report, encompassing metrics and thresholds aligned with the firm's risk appetite.
     

4. Structuring Conflicts of Interest policies and procedures


Where firms’ activities are spanning several jurisdictions, intra-group functions and business activities, a clear hierarchical and consistent structure of the Conflicts of Interest policy framework needs to cover central, global, regional and local requirements and be specific to each distinct business activity. An example for such a hierarchical policy and procedure structure is displayed in Figure 1 below, in this case covering three distinct business lines - asset management, trading and sales and corporate finance.

Figure 1: Example of Conflicts of Interest policy framework structure

Level 1 Global or firm-wide Policy: One overarching policy that applies at a firm-wide level, is integrated into the Enterprise Risk Management Framework, the risk register, risk taxonomy and the RCSA process as well as the high-level risk appetite of the firm in relation to CoI. It requires Board approval.

Level 2 Business line Policies: Policies that describe the key activities that give rise to CoI in each business line and assigns and articulates the roles and responsibilities of key stakeholders that are responsible for the day to day management of the business, the specific CoI and the related controls. At a minimum, the Board should note the policies. In smaller firms, level 1 and level 2 policies can be integrated.

Level 3 Procedures: Procedures document how the business lines manage the CoI and related controls and include detailed information on how to perform a task or a control and what needs to be escalated to the primary escalation points.

Procedures should include examples of why and how the procedure applies, which role holder is required to act. Frequently Asked Questions sections are helpful to bring the procedures to life.It is important to identify the 1LoD and 2LoD stakeholders within the procedures and how their responsibilities differ but potentially depend on each other to make the procedure effective. The Head of a business line should approve procedures.

The procedures should set out the detailed and business specific applicable CoI, relevant risk appetite and any limits or thresholds that make escalations necessary.

Level 4 Manuals/Guides/Tools/Handbooks: Describing the workflows, tools and processes used to perform the procedures, guiding control function staff through the steps that they have been assigned to undertake to ensure the procedures and controls are effective.


5. Conflicts Registers


Conflict of Interest Registers define, articulate and record the various categories and types of actual and potential conflicts for each division and activity of an investment bank, establishing a common and consistent language and understanding of the business activities and the conflicts that are specific to the firm and its business. Some firms may need to review and expand their registers to include all potential risks if they have only listed "material" ones and to ensure live conflicts are logged and regularly reviewed.Due to the diversity of conflict types, the situations where they arise and the timing and the frequency of their occurrence, a set of different Conflicts of Interest Registers should be combined in one framework to ensure systematic, complete, timely and accurate recording, resulting in effective management. This allows a firm to join the dots between the various conflict generating activities and the key areas that generate actual or potential conflicts. Consistency, alignment, aggregation and standardisation of reporting of the conflicts to senior management, typically best through a consistent work-flow, is evidence of effective management of conflicts. An example schematic of such a workflow structure is set out below:

Depending on the type of conflicts and the volume or likelihood of their occurrence, some registers require each conflict to be recorded, while other registers need to apply a scenario approach to clearly articulate the inherent conflict in daily activities of the firm.

Typically, there are: 

  • transaction-based conflicts (specific deals where the firm has a conflict with one or more clients which are most commonly managed via deal logging), 
  • structural conflicts are unlikely to be identified on a transaction by transaction. They are frequently and often daily occurring situations that carry inherent Conflicts of Interest that cannot be mitigated individually with controls.
  • live conflicts (incidences that require proactive management of individual actual and potential conflicts) and
  • personal as well as internal conflicts.A consistent and comprehensive register and workflow of aggregating and analysing the conflicts can be key evidence of effective oversight of the risk. The high volume of information requires careful analysis of all conflicts as they are emerging to gain an understanding of where a firm should apply the scarce control resource to mitigate the risk. This is often conducted as part of an Inherent Risk and Control Self-Assessment.


6. Examples of Conflicts of Interest Risk Appetite articulation


a) At the Board Level

The Conflicts of Interest Risk Appetite should rank equally with the appetite for, for example, capital risk, liquidity risk or credit risk within the risk appetite framework of regulated firms. It should be articulated and approved by the Board.

An example of a Conflicts of Interest Risk Appetite at the Board level could be:

“This firm has a low risk appetite for unexamined and unaddressed Conflicts of Interest. It therefore proactively manages all issues arising from conflict of interest with organisational arrangements set out in our policy and recognises that in doing so we need to identify and manage the risk to clients effectively.

Where necessary, Conflicts of Interest should be avoided by for example declining to act on behalf of a client. Where it is not possible to avoid the conflict, this firm will disclose any unmitigated potential and actual Conflicts of Interest to the affected clients and seeks to minimise any impact on client outcomes.

Business heads shall report to relevant committees regularly on Conflicts arising and the Board reviews Conflicts of Interest at least annually.”

b) At the Business level

A Board risk appetite statement has to be supported by more granular, specific and measurable risk appetite articulations for each business line to enable the management responsible for day to day management to:

  • align, monitor and report the relevant aspects of the CoI
  • keep their businesses lines within, and adhere to, the risk appetite of the Board
  • know when and what to escalate issues in relation to CoI management

Since the types of conflicts vary with each business activity, the risk appetite has to reflect the type of inherent conflict emerging from the activity appropriately and specifically in the respective business line specific Level 3 procedures. Examples of business line articulations of their specific risk appetite and typical threshold calibrations are in Figure 2 below:

Example Risk Appetite Trading and Sales

  • No more than three wall crossings per year per staff. No more than 5% of staff should be supra-wall crossed.
  • No more than two breaches of the Gifts & Entertainments: policy by a member of staff in a year and no more than three in 2 years. Confirmed repeat breaches of policy will lead to disciplinary actions.

Example Risk Appetite Corporate Finance

  • The number of transactions that required disclosure should remain below 0.5% of all transactions.
  • The number of late cleared transactions should not exceed 3% of all transactions of the firm.
  • No more than two uncleared transactions by one member of staff in a year and no more than three in 2 years. Confirmed repeat breaches of policy will lead to disciplinary actions.
  • There is no appetite for complaints or litigation cases relating to unfair allocation and syndication.

While not all conflicts and breaches need to be reported to the highest level of Senior Management (Board or Executive committee), the policy framework should require the firm to have adequate review of all material conflict types in an appropriate committee or forum that receives the relevant standing information and any ad hoc escalation to make decisions as to the management of the conflicts that arise. This committee or forum should be guided by the risk appetite set for each material conflicts type.

A persistent breach of any of the thresholds set out in the Conflicts of Interest risk appetite statement approved by the Board will prompt the Board, with the advice from the Executive, to either: 

(i) accept the increased potential losses and elevate the risk appetite thresholds accordingly; or

ii) adjust the business to keep the firm’s risk profile within the previously agreed parameters. This decision must be made by the Board in the context of the annual approval of the firm’s overall risk appetite framework.


7. Do’s and Don’ts:


To avoid some common pitfalls when writing a Conflicts of Interest policies and articulating a risk appetite, here are some do’s and don’ts:

  • Do ensure that you include all regulatory action requirements in the policy: to avoid, disclose or explain, mitigate and record.
  • Do articulate the Conflicts of Interest risks emerging from the business activity not only to the firm, but to clients, to counterparties, to investors, to staff or to the integrity of the market that the firm operates in. This will make the policy more effective since it will pull together all aspects of the business activities and control areas that need to be made subject to a specific policy and procedure.
  • Do state the consequences of non-adherence to the policy to the firm and to staff for breaches of the policy in those business areas that are known to carry an inherently high risk of Conflicts of Interest materialising. 
  • Do not copy out the legislative or regulatory text or references to legislations – they belong into footnotes.
  • Do not only articulate the minimum required unless it is a global or firm-wide policy that is supported by more detailed business or functional policies. 
  • Do not review and write policies and procedures that cover the Conflicts of Interest types independently of each other, maintain consistency and alignment.
  • Do not delegate the policy writing to someone outside the Risk, Business or Functional areas that are subject to the policy.
  • Do not describe what the firm does or what needs to happen but assign specific actions and outcomes to specific departmental roles within the firm.

Deloitte's advisory and internal audit engagements reveal a wide range of practices, highlighting the challenge of creating proportionate and effective conflict of interest frameworks. 

To find out more about the management of Conflicts of Interest and how to evidence compliance with regulatory requirements, please contact the authors Daniela Strebel and Neil Cowie directly. 

______________________________________

References 

FCA Handbook SYSC 4.1 and SYSC 13.6 and EBA guidelines on internal governance EBA/GL/2017/11 are examples of the articulation of policies and procedure requirements.