This blog is aimed at investment and wholesale banks and sets out our insights into good practice for managing Conflicts of Interest effectively and efficiently. It is part of our Wholesale Conduct Risk blog series.
Conflicts of interest remain a key area of regulation requiring firms to manage and monitor the actual and potential Conflicts of Interest that occur within their business effectively.
This blog sets out our views as to what defines good Conflicts of Interest management practices, key considerations on conflicts policies and registers and on how to reflect the risk appetite of banks for this inherently high regulatory risk.
Conflicts of interest occur all the time and are often inherently unavoidable when delivering corporate and investment banking services to clients. Well-articulated and structured policies help to guide employees into successfully managing this risk through adherence to clear instructions on how to apply judgement when managing this risk.
Regulators view a bank's policy and procedure framework as key evidence of robust governance. They expect to see clear organisational structures with well defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor Conflicts of Interest , escalate and report the risk.
Furthermore, Regulators expect firms to ensure all employees are capable of performing, and are aware of, their conflicts management responsibilities. This requires effective and clear communication with all staff.1
Effectively communicating with a Conflicts of Interest policy starts with clearly articulating the required actions to all staff:
The responsibility for the Conflicts of Interest risk policy is often delegated to the Compliance Officer or a dedicated Conflicts of Interest Officer. However, the policy should clearly articulate the responsibility of all stakeholders (Board, Executive Committee, Risk and Compliance functions, Front Office, Operations and all other staff) to identify and manage conflicts and support the firm’s systems and controls.
While some firms have a dedicated Conflicts of Interest committee that covers all conflict categories comprehensively, others manage it in a set of specialised risk committees (e.g., Personal Conflicts, Best Execution, Product Governance) that report upwards to one general senior risk committee on an exception’s basis. It is, however, important to ensure that key function holders, i.e., persons who have significant day-to-day influence over the direction of the firm and heads of internal control functions, are members of such committees and that each committee or forum has a clear mandate for specific conflict types.
To ensure your Conflicts of Interest policy is effective and meets regulatory requirements, consider incorporating the following elements:
Where firms’ activities are spanning several jurisdictions, intra-group functions and business activities, a clear hierarchical and consistent structure of the Conflicts of Interest policy framework needs to cover central, global, regional and local requirements and be specific to each distinct business activity. An example for such a hierarchical policy and procedure structure is displayed in Figure 1 below, in this case covering three distinct business lines - asset management, trading and sales and corporate finance.
Figure 1: Example of Conflicts of Interest policy framework structure
Level 1 Global or firm-wide Policy: One overarching policy that applies at a firm-wide level, is integrated into the Enterprise Risk Management Framework, the risk register, risk taxonomy and the RCSA process as well as the high-level risk appetite of the firm in relation to CoI. It requires Board approval.
Level 2 Business line Policies: Policies that describe the key activities that give rise to CoI in each business line and assigns and articulates the roles and responsibilities of key stakeholders that are responsible for the day to day management of the business, the specific CoI and the related controls. At a minimum, the Board should note the policies. In smaller firms, level 1 and level 2 policies can be integrated.
Level 3 Procedures: Procedures document how the business lines manage the CoI and related controls and include detailed information on how to perform a task or a control and what needs to be escalated to the primary escalation points.
Procedures should include examples of why and how the procedure applies, which role holder is required to act. Frequently Asked Questions sections are helpful to bring the procedures to life.It is important to identify the 1LoD and 2LoD stakeholders within the procedures and how their responsibilities differ but potentially depend on each other to make the procedure effective. The Head of a business line should approve procedures.
The procedures should set out the detailed and business specific applicable CoI, relevant risk appetite and any limits or thresholds that make escalations necessary.
Level 4 Manuals/Guides/Tools/Handbooks: Describing the workflows, tools and processes used to perform the procedures, guiding control function staff through the steps that they have been assigned to undertake to ensure the procedures and controls are effective.
Conflict of Interest Registers define, articulate and record the various categories and types of actual and potential conflicts for each division and activity of an investment bank, establishing a common and consistent language and understanding of the business activities and the conflicts that are specific to the firm and its business. Some firms may need to review and expand their registers to include all potential risks if they have only listed "material" ones and to ensure live conflicts are logged and regularly reviewed.Due to the diversity of conflict types, the situations where they arise and the timing and the frequency of their occurrence, a set of different Conflicts of Interest Registers should be combined in one framework to ensure systematic, complete, timely and accurate recording, resulting in effective management. This allows a firm to join the dots between the various conflict generating activities and the key areas that generate actual or potential conflicts. Consistency, alignment, aggregation and standardisation of reporting of the conflicts to senior management, typically best through a consistent work-flow, is evidence of effective management of conflicts. An example schematic of such a workflow structure is set out below:
Depending on the type of conflicts and the volume or likelihood of their occurrence, some registers require each conflict to be recorded, while other registers need to apply a scenario approach to clearly articulate the inherent conflict in daily activities of the firm.
Typically, there are:
a) At the Board Level
The Conflicts of Interest Risk Appetite should rank equally with the appetite for, for example, capital risk, liquidity risk or credit risk within the risk appetite framework of regulated firms. It should be articulated and approved by the Board.
An example of a Conflicts of Interest Risk Appetite at the Board level could be:
“This firm has a low risk appetite for unexamined and unaddressed Conflicts of Interest. It therefore proactively manages all issues arising from conflict of interest with organisational arrangements set out in our policy and recognises that in doing so we need to identify and manage the risk to clients effectively.
Where necessary, Conflicts of Interest should be avoided by for example declining to act on behalf of a client. Where it is not possible to avoid the conflict, this firm will disclose any unmitigated potential and actual Conflicts of Interest to the affected clients and seeks to minimise any impact on client outcomes.
Business heads shall report to relevant committees regularly on Conflicts arising and the Board reviews Conflicts of Interest at least annually.”
b) At the Business level
A Board risk appetite statement has to be supported by more granular, specific and measurable risk appetite articulations for each business line to enable the management responsible for day to day management to:
Since the types of conflicts vary with each business activity, the risk appetite has to reflect the type of inherent conflict emerging from the activity appropriately and specifically in the respective business line specific Level 3 procedures. Examples of business line articulations of their specific risk appetite and typical threshold calibrations are in Figure 2 below:
|
|
---|---|
Example Risk Appetite Trading and Sales |
|
Example Risk Appetite Corporate Finance |
|
While not all conflicts and breaches need to be reported to the highest level of Senior Management (Board or Executive committee), the policy framework should require the firm to have adequate review of all material conflict types in an appropriate committee or forum that receives the relevant standing information and any ad hoc escalation to make decisions as to the management of the conflicts that arise. This committee or forum should be guided by the risk appetite set for each material conflicts type.
A persistent breach of any of the thresholds set out in the Conflicts of Interest risk appetite statement approved by the Board will prompt the Board, with the advice from the Executive, to either:
(i) accept the increased potential losses and elevate the risk appetite thresholds accordingly; or
ii) adjust the business to keep the firm’s risk profile within the previously agreed parameters. This decision must be made by the Board in the context of the annual approval of the firm’s overall risk appetite framework.
To avoid some common pitfalls when writing a Conflicts of Interest policies and articulating a risk appetite, here are some do’s and don’ts:
Deloitte's advisory and internal audit engagements reveal a wide range of practices, highlighting the challenge of creating proportionate and effective conflict of interest frameworks.
To find out more about the management of Conflicts of Interest and how to evidence compliance with regulatory requirements, please contact the authors Daniela Strebel and Neil Cowie directly.
______________________________________
References
1 FCA Handbook SYSC 4.1 and SYSC 13.6 and EBA guidelines on internal governance EBA/GL/2017/11 are examples of the articulation of policies and procedure requirements.