Wed, Sep 30, 2020

Conduct Risk and FCA Expectations - “Messages from the Engine Room”

Five years since the launch of the 5 Conduct Questions Programme (5CP), the Financial Conduct Authority’s (FCA) latest publication, “Messages from the Engine Room,” shows that the financial services industry’s conduct and change efforts are having a positive effect on businesses, customers and the market. Yet while these advancements are encouraging, the FCA has identified several existing and emerging conduct risk areas that require the industry’s attention. Importantly, the FCA also confirms that conduct and culture will continue to remain a supervisory priority focus area over the coming years. 

Recap: What is the 5CP and its Evolution?

Launched in 2015 by the FCA as part of its strategy for supervising wholesale banks, the 5CP’s purpose is to drive positive change in conduct and culture across the sector. Whilst the programme initially focused on wholesale banking, the FCA’s views and expectations are relevant to all financial services organizations regardless of sector. 

The five conduct questions are:

Conduct Risk and FCA Expectations

The FCA has published 5CP reports annually since 2016 based on their engagement with the industry on this topic. These publications are designed to provide an important litmus test of how culture and behaviors within the industry are evolving. This information is obtained through feedback and insights from the industry on their change experiences and practices, as well as the FCA’s own observations and expectations of the industry.

The FCA’s latest 5CP report was published in September 2020: “Messages from the Engine Room: 5 Conduct Questions”. To compile this report, the FCA held separate roundtables with 18 wholesale banks, each attended by 10 employees at the vice president level (typically 10+ years’ experience). 

Key Takeaways From “Messages From the Engine Room”

External Influences 

How has the FCA’s view and expectations changed since the start of the 5CQ programme four years ago? In short, they have not changed materially, however the external environment of 2020 has brought conduct risk management and behaviors into sharp focus. 

In particular, the FCA acknowledge that 2020 will take a toll on business operations as well as on staff. The impacts of COVID-19 have heightened some risks and brought about new risks that firms will need to consider for conduct and culture. These risks are driven by changes in customer behavior, dramatic shifts in operational arrangements, increased reliance on technology, loss of face to face interaction between employees and loss of direct face-to-face oversight. To add to this, the personal impacts on individuals have been significant: increased stress levels resulting from isolation and the challenges of remote working, as well as concerns from managers on how to effectively manage people and processes.

Tone from Within

One interesting area is how the FCA has evolved the discussion to where everyone is accountable and responsible for conduct—there has been a shift in the mantra of “tone from the top” to today where the mantra is “tone from within”. We welcome this change in message as the culture, and consequently the approach to conduct risk prevalent within an organization, is made of individual behaviors, approaches and ethics; it’s not merely a statement and the actions of those from the “top” of an organization.

Areas of Weakness

In terms of progress made on conduct risk across the industry, the FCA saw several positive examples. However, it concluded that there also remain areas of weakness. These key areas are summarized below:

  • Identification of Conduct Risk Remains Weak 
    Depth of understanding in terms of identifying conduct risks in day-to-day work activities was low. There was an awareness of the “headline” conduct risk areas such as conflicts and treatment of customers; however, the nuanced areas such as enabling customer bad behavior were less identifiable by the roundtable cohort as areas which impact conduct risk management.

    The FCA’s expectation is that emerging conduct risks should be considered; as such, organizations need to provide guidance and training to staff on how to proactively consider risks beyond conduct and those identified as part of the risk management framework. The FCA also holds the view that conduct risks cannot be considered through only a simple annual review. As conduct risks are driven by behaviors, a more active approach is required to identifying, managing and responding to these risks in the same dynamic way as other risks. Many organizations for example use processes which have the capacity to evolve with internal and external factors. 
  • Remuneration and Performance Assessments 
    Whilst the FCA acknowledged the work to date to link personal conduct behaviors to performance and remuneration processes and assessments, the roundtable participants felt that substantive discussions regarding conduct issues and behaviors were not undertaken and that rewards (remuneration, bonus or promotions) were still predominately based on achievement of financial targets.
  • Culture, Safety and Leadership 
    Participants felt that subcultures within an organization could contribute to the failure of driving a positive culture and positive conduct within the whole organization.

    Whilst it was clear that organizations had invested in “Speak Up” mechanisms, there was less clarity with regards to how these mechanisms were used in a day-to-day context for matters which may not need to be flagged to the governing body. For example, small conduct misdemeanors which have a micro impact, or which when amalgamated lead to a significant conduct concern.

    Participants also felt that layered middle management could obstruct positive conduct behaviors by failing to cascade information both upwards and further down into the various levels of an organization. 
  • Purpose, Principles and Values 
    Whilst some participants felt that their organizational purpose was clear, many participants could not accurately articulate that purpose and there was confusion between the terms purpose, principles and values. Roundtable participants also felt unsure as to how principles and values linked to their own goals and objectives as well as the objectives of the organization.

    Approaches to defining a purpose vary. Some organizations start the process of defining what success looks like in terms of various measures: financial, staff, behaviors and customers. By ensuring success is measured multilaterally, an organization can focus on sustained, long-term success rather than short-term.

    Positively, many participants appear to be enthused and engaged when they understand what is meant by purpose, principles and values. Where these align with their own personal vision, and where they see them being lived and breathed in an organization, there appears to be a real sense of ambition and pride, which itself is likely to push the conduct agenda the right way.

Areas for Consideration

Below are 10 area for firms to consider when planning their conduct agenda, which draw on both the findings from the FCA’s report as well as our own experiences working with clients across the industry:

Organizational Purpose and Principles

  • Is your organization’s purpose central to the business model, strategy and culture?
  • Have your leaders and managers clearly communicated a company purpose?
  • Has the company purpose and principles been articulated by leaders and managers in a way that links to staff members’ specific roles and responsibilities, objectives and goals as well as the wider organization’s?

Organizational Values and Behaviors

  • Is the corporate mindset framed in a positive ethos where all staff are responsible for identifying and managing conduct risks? 
  • Are corporate values and goals aligned to conduct behaviors?
  • Is there a consistent approach and style adopted by managers on their own and staff’s application of company values and behaviors?
  • Do individuals at all levels live the organization’s culture, where their actions and words align with the organization’s values?

Roles and Responsibilities

  • Do staff understand how their roles and responsibilities can potentially create conduct risk or harm for the customers, the firm or markets?

Identifying Conduct Risks

  • Does your organization’s overall ERM framework enable you to adequately identify, understand and mitigate all types of conduct risks, using both top down and bottom up approach? 
  • Have staff received sufficient training to be able to identify conduct risk in their day-to-day roles beyond general awareness?

Leadership and Management

  • Is direct support provided from leaders and managers to staff when raising a conduct question or speaking up about issues?
  • Does your organizational structure support leaders and managers to effectively cascade tailored communications to staff, such as the company purpose aligned to roles and responsibilities, values and objectives?
  • Is middle management delivering consistent messages from leadership to staff? 

Staff Engagement and Empowerment

  • Has your organization fostered a culture where staff can raise emerging conduct risks and feel confident their voice will be heard? 
  • Do all staff members feel individually responsible for conduct in their role?
  • How and when does your organization regularly engage with staff on conduct risks and culture? Is that sufficient?


  • Do individual objectives and performance appraisals adequately recognize personal conduct and behaviors in achieving objectives?
  • Are line managers sufficiently supported to enable their teams to perform at their best in a way that supports the organization’s conduct approach and culture?

Remuneration and Reward

  • Is remuneration truly linked to conduct behaviors in your organization, and applied consistently? 
  • Are financial targets given undue significance? 
  • Are there conduct behaviors which can be quantified to enable positive recognition of good behaviors?

Speak Up

  • Is your organization’s Speak Up process structured such that staff feel able to flag concerns? 
  • Does the process account for conduct issues which may not be immediately considered as the most serious? 
  • Are staff truly confident in the anonymous nature of the process or do they fear retribution and therefore lack psychological safety? 
  • Is there sufficient time, resource (a team or individual) and expertise assigned to managing Speak Up within your organization?

Organizational Structure

  • Does your organization’s operating model adequately support achieving your company purpose, strategy and desired culture?

Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

Regulatory Advisory and Assurance Services

Within our Regulatory Advisory and Assurance Services, we assist financial services firms in a range of engagements across our suite of subject matter expertise.