Market Conduct Risks

This function is responsible for developing and designing new services and products as well as updating existing products and services to remain competitive.

Potential risks include:

• The product / service does not actually deliver what it was designed to do; e.g. deliver the rates of returns / benefits / incentives that it promised to provide.
• Product developers have not properly defined the product risks and level of risk.
• Product developers have not properly considered nor defined the type of consumer for whom the product is not appropriate.
• The product / service does not fully respect regulatory limitations.

This function is responsible for the drafting of legal documents and processes related to the production, marketing and sale of products and services including contracts, loan agreements, disclosure statements, sales / marketing material, and so on.

Potential risks include:

• Legal services have not properly understood the characteristics of the product and therefore have not produced accurate contracts, disclosure and related documents.
• Where there is a regulatory requirement for use of a certain level of plain language to be used in documents, legal services fail to adequately comply with the requirement.
• Legal services have not put in place a cyclical program of auditing product documentation to ensure it is current with changes to the product and the law.
• Legal services do not have a cyclical program to ensure policy and operations manuals are complaint with regulatory requirements.

This function is responsible for supporting and managing the technology responsible for the creation, production, distribution and access to products and services including online sales. It is responsible for programming, hardware support, websites, introduction of new technologies and ensuring security, redundancy, backup and reliability of the systems that support the delivery of consumer products and services.

Potential risks include:

Risk of programming errors due to:

• inability to recruit expertise on legacy IT systems;
• simple human error, lack of verification & sign off;
• programmers do not fully understand the detailed characteristics of the design of the new product / services or changes being made to existing products / services;
• inadequate documentation of the program’s design / architecture;
• lack of effective testing of programs, changes and related calculations before being implemented due to time limitations, budget constraints, inadequate testing protocols, inexperience etc..

Risk of unauthorized access to or release of personal information due weak security measures or dated legacy technology with potential for higher levels of security risks and declining reliability.

This function is responsible for the strategy and supporting activities for the branding and selling of the products and services.

Potential risks include:

• The marketing / sales function does not fully understand the characteristics of the product, the associated risks and the regulatory rules regarding marketing /sales of products / services;
• Misleading information is intentionally being provided in marketing material for the sake of promoting the products and services;
• The marketing strategy is misleading due to a lack of clarity in pertinent product information; e.g. degree of risks, hidden fees, appropriateness, etc.
• Use of misleading gimmicks and terminology (e.g. stating something is free but the very fine print states limitations / condition), give always or discounts with very limited quantities actually being available (e.g. a loss leader).
• Consumers do not understand the product / services because the marketing and sales material is complex and not provided in plain language:
  • Is there a requirement for plain language to be used in marketing and sales material and if so what standards are being applied?
  • Are focus groups used to test the level of comprehension of the product / service and marketing / sales material?
  • Is the clarity of marketing material enhanced through the use of examples, pictures, diagrams and sample calculations and access to call center to answer questions?

This function serves the daily needs of clients, processing related transactions and promoting the sale of financial products and services. The function may be offered through call centers, brick and mortar branches or through technology.

Potential risks include:

Risk of Transactional Mistakes Due To

• Human error, lack of monitoring and verification;
• Lack of training;
• Poorly designed or incomplete training programs or out of date training content;
• Lack of easily accessible on-site training tools / material for personnel;
• High staff turnover rates.

Risk of Fraud

• Operational gaps in the monitoring, verification, data analysis and control over staff initiated transactions;
• Lack of or insufficient security and oversight measures;
• Lack of proper vetting and supervision of employees.

Risk of Inappropriate Sales

• Unqualified sales personnel;
• Temporary or short terms sales staff who push through inappropriate or false transactions / sales to reach performance goals;
• Misunderstanding of the product by sales staff;
• Insufficient training of sales staff;
• Selling of an inappropriate product to a consumer despite bank’s policies;
• Providing misinformation to the consumer in order to make a sale;
• Commissioned and incentive based compensation schemes that encourage aggressive and inappropriate sales practices;
• Weak oversight by supervisors in monitoring, audit, data collection and trend analysis of sales data and related consumer complaints.

Clearly, this function is ultimately accountable for the market conduct of the financial institution and applying due diligence in putting into place effective mechanisms within all the functional areas of the business in order to mitigate potential risks and harm to its clients. Risks are created at this level when itfails to carrying out its roles and responsibilities.

Potential risks include:

• Lack of effective Board structure(s) and governance policies and procedures to provide effective management and control over the Institution’s operations, culture, business focus / activities.
• Lack of controls, verification, audits, data collection, analysis and monitoring of front end operations;
• Lack of active leadership in establishing and promoting high standards of market conduct through establishment of and implementation of internal codes of conduct, client service values and ethical standards supported by training, monitoring, enforcement measures and testing;
• Lack of staff recruitment standards and proper vetting and supervision of new hires (fit and proper criteria);
• Lack of sufficient data collection for effective monitoring and reporting of trends (sales, transaction errors, account activities, etc.);
• Lack of comprehensive trend analysis and reporting of consumer inquiries and complaints;
• Lack of effective consumer complaints process and redress;
• Lack of effective and up to date front end policies, procedures and training;
• Lack of Board oversight over the quality of its senior management’s competencies, knowledge and focus /attention to front end operations and issues.