Embedding an effective conduct-focused culture in Wholesale Market Firms: insights from the CBI

The Central Bank of Ireland (CBI) conducted a thematic assessment on embedding an effective conduct-focused culture in firms. The assessment evaluated firms’ conduct risk management frameworks and approaches taken by boards and senior management in fostering a conduct-led culture. The findings revealed that firms recognise the importance of a conduct-focused culture with some good practices recorded. However, certain areas need improvement. The key findings fall within the following themes:

Leadership and decision-making
Governance structures
Identification, assessment and monitoring of conduct risk and culture
Responsibilities and expected behaviours
Speak-up culture
Hybrid working

Key findings

Leadership and decision-making

Risk: misalignment between firms’ leadership and decision-making and cultural ambitions hinders the establishment of a conduct-focused culture within organisations. The CBI found that most boards may have defined their desired firm culture, but many have failed to contextualise it by formulating a plan to deliver and implement it.

Responsibility: the board and senior management must deliver an effective conduct-focused culture by “setting the tone from the top”. To ensure the firm’s values are carried into all operations, CEOs should lead by example and act as ‘cultural carriers’, embodying the firm’s values. Independent non-executive directors (INEDs) also play an essential role in fostering an effective conduct-focused culture by offering independent viewpoints and challenging perceived issues when necessary.

Decision-making: One of the board’s key roles is to align the firm’s strategy and direction. Boards should consider how effective decision-making aligns with the firm’s values and desired culture.

Governance structures

Risk: to establish an effective conduct-focused culture, firms must enforce robust governance structures for the oversight of market conduct risk appropriate for the scale and complexity of the firm. Boards and senior management should actively take responsibility for governing market conduct risk, including the establishment of effective frameworks to identify and manage such risk.

Identification, assessment and monitoring of conduct risk and culture

Risk: effective monitoring of conduct risk to which a firm is exposed can be limited by deficiencies in management information (MI) and reporting. Deficiencies in MI and reporting may hinder the ability of the board and senior management to reinforce the firm’s desired culture. Boards must adopt a proactive approach to ensure that the MI received is appropriate, timely and complete.

Responsibilities and expected behaviours

Risk: failing to communicate cultural values and expected behaviours throughout the firm may lead to staff being unaware of their roles in the board’s cultural ambitions. All assessed firms have put in place defined values and/or cultural statements. However, the granularity of the definitions and statements—and how they were communicated to staff—varied heavily, especially as to how they would be embedded throughout the firm. In communicating the expected behaviours, firms lacked formalised plans, failed to communicate the global firm’s workplace culture ambitions to the Irish entity, and the communications were generic and lacked purpose in many cases. Training sessions may be an effective mechanism for firms to communicate to employees their roles in establishing the desired workplace culture. Errors should be capitalised on to drive positive workplace culture changes and communicate to staff the appropriate response to prevent future errors.

Speak-up culture

Risk: in the absence of a conduct-focused culture driven by the ‘tone from the top’ and supported by robust frameworks and processes, employees may feel unable or unsafe to speak up on potential issues. Good practices and mechanisms have been observed to encourage speaking up, such as the appointment of dedicated whistleblowing champions and regular communications providing information on escalation channels. Some firms conduct anonymous staff surveys to evaluate awareness and safety in expressing concerns. This enables the board and senior management to measure the speak-up culture. However, improvements are needed in protected disclosure policies, management communications and cultivating a psychologically safe environment. Clear information on obligations and transparent channels for raising concerns should be provided.

Hybrid working

Risk: the lack of a formalised strategy for managing the potential conduct risks arising from hybrid working raises concerns about the ability of the board to gain assurance on the strength and adequacy of their firm’s market conduct risk management frameworks. To effectively manage market conduct risks, firms must continuously review governance and control frameworks. A good practice observed includes adapting market control risk frameworks to address the risks associated with hybrid working arrangements. This includes conducting risk identification exercises regularly and discussing output at senior management committee levels. Apprehensions arise from the absence of a formalised approach to managing conduct risk in a hybrid working environment. Observed areas of concern include:

Deficiencies in formalised policies and procedures;
poor comprehension and recognition of potential conduct risks arising from hybrid working specific to their own firms and business models; and
a lack of substantial evidence of communication from boards and senior management that clearly defines the expected conduct and behaviour of staff while in hybrid working arrangements.

Five key actions to take now

1. Develop a workplace culture strategy

Firms should contextualise their desired firm culture by setting out the planned steps to achieve it over a desired timeline.

2. Update governance frameworks to mitigate new market conduct risks

The governance framework should be updated regularly to ensure it can identify and manage current market conduct risks.

3. Reporting procedures

Data-gathering exercises should be established to gain insights into the firm’s workplace culture performance and highlight any vulnerabilities in the strategy. The information gathered should be used to create regular and granular reports that are submitted to the board. The board can then use these reports to enhance their workplace culture strategy. Furthermore, comprehensive MI is vital for the ongoing monitoring and management of conduct risk and underlines the importance of such data-gathering exercises.

4. Add a communication plan to the workplace culture policy

A communication plan from senior management to staff should be integrated into the workplace culture strategy. The plan should set out the various mechanisms through which employees can be informed and their role in obtaining the desired workplace culture. A two-way communication channel should also be established to allow employees to escalate concerns or breaches about the workplace culture to upper management.

5. Reporting breaches

Every employee should be made aware of the chain of command through which breaches can be reported. Anonymising reports may also increase the likelihood of breaches being reported.

We are here to help you

With industry-leading expertise in market conduct and culture, PwC understands the importance of a conduct-focused culture for your firm. To help you achieve this, we can share our extensive knowledge of market conduct frameworks and compliance. We can provide valuable insights to your firm through our market conduct risk diagnostics, views on good practice, and our conduct and culture operating model. Contact us today.