APAC Conduct Risk Barometer - EY · Indonesia — No specific regulation exists for conduct risk. However, several conduct risk elements are embedded within ... front office control,

APAC Conduct Risk BarometerCurrent and emerging Asia-Pacific focus areas2016

Contents Introduction 3

Spotlight: A framework to manage conduct risk 4

Spotlight: Conduct risk governance 6

Spotlight: Conflict of interest 8

Spotlight: People agenda 10

AppendixMarket-by-market view 13

Contacts 20

1APAC Conduct Risk Barometer

The focus on conduct risk is clearly uneven across Asia-Pacific (APAC) with wide variations between markets where regulators explicitly discuss conduct risk; those where elements of conduct risk are embedded in other regulations; and those where conduct risk has yet to emerge as a regulatory focus. However, a growing number of regulators in the region are seeking to understand the steps firms are taking to manage conduct risk. Many firms are also beginning to better define conduct risk and incorporate its considerations right across the employee life cycle: recruitment, performance assessment, training, incentives and remuneration. In many jurisdictions, there has been an emergence of formal conduct risk frameworks, with dedicated teams supporting a conduct risk program.

We believe widely divergent conduct risk practices within the region will continue — largely correlated to the level of regulatory focus in home markets. Differences at the country level are largely due to different regulatory expectations and approaches to conduct risk. Larger firms and those headquartered in the US or Europe, where regulators have set high conduct risk management benchmarks, tend to have more advanced practices. Nonetheless, in 2017 we will see an increased focus on conduct risk governance and measurement, frameworks, conflicts of interest and people practices.


Conduct Risk BarometerTo help our clients to identify, measure and mitigate conduct risk, EY conducted a study to identify:

► The levels of conduct risk maturity across APAC

► Current and emerging conduct risks facing our banking and capital markets clients

► How conduct risk frameworks are being embedded by our clients globally

Our study reveals divergent practices across the region, depending on the level of regulatory focus in the market. Differences at the country level are largely due to different regulatory expectations and approaches to conduct risk in the region. Larger firms and those headquartered in the US or Europe, where regulators have set high conduct risk management benchmarks, tend to have more advanced practices.

Methodology and coverage ► EY consulted across 11 markets to establish the level of

maturity of conduct risk and key current and emerging conduct risk focus areas across APAC.

► In-scope markets across APAC for this analysis are: Australia, Hong Kong, Indonesia, Korea, Mainland China, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam.

► Local EY offices provided insight on the level of regulatory focus in their market. Respondents completed a template covering key conduct topics: conduct framework, governance, product and sales process, remuneration, training and conflicts of interest.

► Within each topic, respondents commented on the level of regulatory focus and provided additional detail around several subareas.

► We then analyzed the barometer findings to gain insight into the key current and emerging conduct focus areas across APAC.

Introduction

Spotlight

A framework to manage conduct risk

4 APAC Conduct Risk Barometer

How we can helpWe have extensive experience supporting firms to develop frameworks to manage conduct risk. This includes:

► Assisting international firms in their hub countries to develop a conduct risk framework that considers requirements across all of their markets

► ► Advising firms on appropriate governance arrangements to effectively oversee and exercise control over potential areas of conduct risk

► ► Undertaking market surveys to understand how firms are managing conduct risk

Conduct Risk Barometer findingsAcross APAC, we have observed firms taking very different approaches to conduct risk:

► Treated as a distinctive risk class — In these markets, which include Hong Kong, Australia and Singapore, regulators are seeking to understand the steps firms are taking to manage conduct risk during their regular supervisory visits. As a result, firms have defined conduct risk and incorporated its considerations into the employee lifecycle: recruitment, performance assessment, incentives and remuneration. Some firms have dedicated teams supporting a conduct risk program.

► Considered within their existing risk management framework — In these markets, regulators have focused their attention on areas where improper behavior poses the greatest risk to customers and markets. Firms in these markets are less likely to have detailed conduct risk programs, but they are improving processes and controls in the areas of greatest conduct risk, such as sales processes that could result in mis-selling or where there is the potential to manipulate markets.

► Not a current market or regulatory consideration — Regulators in these markets are not focused on conduct risk, so firms have tended not to develop active conduct risk programs.

Managing conduct risk

36%36%

28%Emerged

EmergingNot a current focus

Future developmentsIn markets where firms have developed conduct risk frameworks, we expect to see further developments over the next 12–24 months to enhance and embed these frameworks.


What we are hearing ► Australia, Hong Kong, Singapore — Firms are implementing dedicated frameworks to manage conduct risk, incorporating

a defined governance structure, policy and management information (MI). Some firms have appointed “regional heads of conduct risk,” who are responsible for driving forward the conduct risk agenda and continuing to develop and enhance the framework.

► Indonesia — No specific regulation exists for conduct risk. However, several conduct risk elements are embedded within regulations related to risk management certification for management, remuneration governance, “fit and proper” tests and consumer protection.

► Mainland China — Firms have general policies to protect customer interests and manage poor employee conduct. However, these are often designed to protect the firm itself, rather than protecting customers or the market’s integrity. As a result, firms are currently managing conduct risk through compliance controls.

► Malaysia — The regulator does not specifically reference conduct risk, but it does embed many of the features of conduct risk in product risk and other compliance risks.

► New Zealand — The relatively recently formed Financial Markets Authority (FMA) is encouraging conduct-based cultures focused on customer outcomes. Its conduct guide sets out how the FMA intends to use conduct as a “lens” for viewing and interacting with providers.

► Philippines — Banko Sentral ng Pilipinas (BSP) does not provide guidelines for setting a specific conduct risk appetite. It expects firms to adopt an appropriate financial consumer protection framework.

Spotlight

Conduct risk governance

How we can helpWe have extensive experience supporting firms to develop frameworks to manage conduct risk governance. This includes:

► Facilitating cross-function workshops to assist firms in determining conduct risk metrics

► Reviewing firms’ current-state governance arrangement and recommending improvements

► Reviewing the effectiveness of the three lines of defense and recommending improvements

► Producing and interpreting data analytics to make conduct risk MI a more meaningful management tool


Conduct Risk Barometer findings ► Regulators are keen to see senior management and

the board taking ownership of conduct risk. Across the region, conduct risk is currently owned by many different functions, including compliance, front office control, operational risk or legal.

► In more than 50% of the markets reviewed, we saw evidence of leadership teams setting the “tone from the top,” playing a critical role in launching conduct risk policies or codes of conduct. There was also evidence that boards are considering customer outcomes within business strategy and improving culture through good leadership and clear values.

► MI is critical for effective oversight. In Australia, Hong Kong and New Zealand, regulators expect firms to have robust MI in place. However, for the majority of markets, MI is not a current area of focus.

Management information

36%

64%

Tone from the top

36%18%

46%

Emerged Not a current focus Emerging

Governance arrangements

36%36%

28%

Future developmentsIn markets with a regulatory focus on conduct risk, we anticipate firms investing to enhance MI to assist leadership in appropriate oversight. Some firms will develop leading indicator metrics that allow them to take action before the risk crystallizes. This will require investing in the underlying systems so data can be collected and analyzed in a consistent manner across desks and locations as well as developing more sophisticated approaches for analyzing correlations between different sets of risk indicators.


What we are hearing ► Australia — A focus on the “tone from the top” has been driven by high-profile conduct failures, such as alleged bank bill swap

rate manipulation, leading the Australian Securities and Investments Commission (ASIC) to issue a “3Cs” message on conduct risk: challenge, communication and complacency. In response, firms are refining the roles and responsibilities of the three lines of defense in relation to conduct risk and including a customer advocate in the relevant committees. Firms are developing extensive lists of risk indicators to measure conduct risk; however, prioritizing these indicators remains a work in progress.

► Hong Kong — The Hong Kong Monetary Authority (HKMA) has established a conduct head to examine board empowerment and fairness to retail customers. Both the HKMA and the Securities & Futures Commission (SFC) enforcement departments are increasingly focused on making senior management responsible for conduct failures. Firms in Hong Kong, as in Singapore, are also focusing on the “tone from the middle.” They are driving consistent messages from both senior and middle management and embedding conduct risk via governance committees and formal processes and/or incorporating it into existing compliance or operational risk frameworks.

► Mainland China — The China Securities Regulatory Commission (CSRC) is taking enforcement action on conflict of interest-related conduct issues, such as the misuse of confidential information. Some aspects of conduct risk, such as customer interest protection, mis-selling or complaints management, are being led by risk management or compliance departments. However, firms are not focused on developing MI.

► New Zealand — Despite an increasing regulatory focus on robust governance as an important factor in managing conduct risk, global and local firms are divided on best practice. Firms are in the early stages of developing conduct risk MI, with challenges coming from legacy systems that produce poor-quality information.

► Philippines — Management has an increasing focus on conduct risk that could damage a firm’s reputation. The regulator, Bangko Sentral ng Pilipinas (BSP), has set out its expectations of leadership responsibilities for managing conduct risk, including having a consumer protection risk management system that measures risks to both the consumer and the institution.

► Singapore — Having set the right “tone from the top,” firms are now focusing on strengthening the “tone from the middle” — ensuring consistent messages from both senior and middle management. While some firms are creating specific conduct risk governance committees and processes, others are incorporating conduct risk issues into their existing compliance or operational risk frameworks/committees. Firms are building on their basic MI systems, investing in predictive analytics to anticipate future areas of concern.

Spotlight

Conflict of interest


How we can help We have extensive experience supporting firms to manage conflict of interest risk. This includes:

► Developing conflict of interest registers covering business lines, product classes and market segments

► ► Undertaking controls assessments to measure the extent to which conflicts are currently addressed

► ► Helping firms put in place conflict of interest target operating models that ensure conflicts are identified and controlled on a business-as-usual basis

Conduct Risk Barometer findings ► Conflict of interest programs vary greatly across APAC and are only just

emerging in the majority of firms.

► The regulatory focus tends to be limited to disclosing the financial interests of senior management and directors and related-party transactions. Some jurisdictions also have conflict-related requirements in regulations concerning customer fairness and remuneration.

► Most firms only look at this issue when and to the extent that local regulations require it. However, some international firms are working on more comprehensive programs, including building conflict of interest registers, assessing internal controls and developing target operating models to manage and mitigate conflicts of interest risks across a range of businesses and geographies. These activities are often linked to global conflict of interest programs.

Conflict of interest

18%64%

18%Emerged

EmergingNot a current focus


What we are hearing ► ►Australia — Institutions are keeping conflicts registers. However, policies are at group, not business unit, levels, with limited

tailoring to individual business operations. Firms also rely heavily on self-assessments for conflict of interest reporting, rather than centralized monitoring and supervision.

► ►Hong Kong — The market requires firms to manage conflicts of interest. Some firms do review conflicts to understand their risk profile, but these reviews are not advanced.

► Indonesia — The focus for conflict of interest is related to corporate governance and the independence of senior management and boards.

► Mainland China — Firms have limited requirements to report conflicts of interest to the regulator. Conflict of interest controls and monitoring systems are not yet well-developed.

► Malaysia — The predominant regulatory focus is on senior management independence and related-party transactions.

► New Zealand — Conflicted conduct is one of the priorities of the FMA’s Strategic Focus for 2015–18, particularly with respect to incentives and related-party transactions. Firms need to enhance the monitoring and control of conflicts once identified.

► Philippines — Conflict of interest is managed within the context of financial consumer protection guidance, particularly in relation to customer interests/outcomes and product and commission disclosures.

► ►Singapore — Currently, there is no specific regulatory focus on conflicts of interest outside of customer fair dealing, corporate governance and market conduct regulations. We expect new requirements in relation to related-party transactions to be published soon. Some international banks are starting comprehensive conflict of interest projects in response to UK or European regulatory requirements.

► ►Thailand — Conflict of interest is addressed in regulations from both the Bank of Thailand (BOT) and the Securities and Exchange Commission.

Future developmentsConflict of interest is expected to be a growing area of focus for firms across the region, particularly those in Australia, Hong Kong, New Zealand and Singapore. Leadership is likely to come from global firms subject to the benchmarks for conflict of interest programs set by UK, European and US regulators.

Spotlight

People agenda


Conduct Risk Barometer findingsReducing a firm’s conduct risk requires influencing behavior throughout the employee lifecycle:

► Training — We found evidence in 72% of the markets reviewed of firms providing or beginning to offer conduct risk training. However, this training varied from scenario-driven, specific conduct risk training tailored to the specific business/market to merely including conduct risk issues as part of a broader code of conduct training. There is also a challenge for international banks to adapt globally designed training to local market and culture considerations.

► Remuneration — In 55% of markets, firms are beginning developing remuneration structures that align employee incentives with client outcomes, particularly in Australia, Hong Kong and Singapore. Some firms are using balanced scorecards to avoid purely linking sales staff remuneration to revenue. In addition, risk and compliance has gained a louder voice in front office promotions. Currently, most firms do not specifically reward good conduct, but it is recognized over time through career progression. Many international banks have established a process to score breaches/bad conduct to reduce annual compensation.

► Recruitment — In only 18% of markets did we see conduct risk being considered at the recruitment level, perhaps because firms tend to have sophisticated recruitment practices that already take into account “employee fit.”

Emerged Not a current focus Emerging

Remuneration

36%18%

45%

Training

27%45%

28%

Recruitment

9%

82%

9%

How we can help We have extensive experience supporting firms to manage conduct risk across the employee lifecycle. This includes:

► ►Delivering conduct risk training to executives and sales staff

► Designing a new incentive scheme focused on needs-based rather volume-based selling


What we are hearing ► Australia — Firms are aligning incentives and performance management with customer outcomes. This includes identifying

financial and nonfinancial incentives that bias sellers against aligning customer needs to suitable products and weighting conduct expectations appropriately in a new definition of “high performance.” Conduct considerations are also being incorporated into training, with a particular focus on matching client needs to suitable products.

► Hong Kong — The SFC and the HKMA are keen to see conduct risk being mitigated through remuneration policies. Firms are exploring how to do this, developing qualitative and quantitative metrics, including anonymous feedback and input from risk and compliance. Conduct risk training is now fairly common in international firms.

► Indonesia — Employees are receiving code of conduct training.

► Mainland China — Staff receive training on the firm’s code of conduct and acceptable sales practices, but this training does not specifically target conduct risk.

► Malaysia — Firms have been undertaking conduct risk training to inform their employees of this emerging risk class. The market has also responded to advice from the Central Bank, Bank Negara Malaysia (BNM), that remuneration should not induce an excessive bias towards high revenue-generating products that result in unsuitable product recommendations.

► New Zealand — Remuneration is a key area for the FMA and providers, leading to a shift to consider needs-based selling remuneration models.

► Philippines — BSP requires firms to design their remuneration structure in a manner that encourages responsible business conduct and fair treatment and avoids conflicts of interest. As a result, firms use multiple KPIs outside of sales volumes. Employees also receive training on relevant policies, including the code of conduct.

► Singapore — Firms have dedicated conduct risk training and are grappling with the challenge of ensuring remuneration practices provide the right conduct incentives. In late 2015, the Monetary Authority of Singapore (MAS) issued new remuneration guidelines around establishing a balanced score card, including nonfinancial KPIs, such as understanding client needs, product suitability and standards of professional and ethical conduct.

► South Korea — Firms are regularly training their employees on topics such as customer protection. However, remuneration remains highly correlated to sales volume and not necessarily to sales quality.

Future developmentsChanging remuneration practices is a slow process, but we expect efforts in this area to continue as firms seek the most effective way to incentivize good conduct. Staff training will continue to be an important, ongoing initiative, with firms’ infrastructure sufficient to develop new training courses in response to changing market conditions.

AppendixA market-by-market view of the conduct risk landscape and key regulatory focus areas

13


Market-by-market view

Australia ASIC’s pursuit of market integrity and better consumer outcomes has resulted in high-profile regulatory interventions, including legal proceedings and enforceable undertakings for alleged market misconduct, mass customer remediation for inappropriate financial advice and an industry-wide review of life insurance claims handling. Australian Prudential Regulation Authority (APRA) expects boards to form a view of risk culture and identify any changes required. Both APRA and ASIC are focused on the behaviors driven by remuneration structures.

Key areas of regulatory focus include:

► Remuneration structures

► Fair treatment of clients

► Product design and product suitability

► Conflict of interest

► Ownership of conduct risk

► Senior management and board accountability

► Responsible lending

Industry responses

► Firms are currently determining their conduct risk appetite, with some institutions updating their risk appetite to include conduct.

► Some firms are developing conduct risk management frameworks across the end-to-end value chain. Some major banks have developed conduct risk functions to support this activity.

► Firms are focused on leadership, promoting clear messages in relation to conduct risk.

► Firms are developing risk culture frameworks with qualitative and quantitative measures.

► Some conduct reporting has been developed for executive and risk committees.

► Firms recognize that MI plays a pivotal role in identifying risks, but the process for developing MI is still emerging. Progress is needed on weighting product risk indicators and measuring conduct risk. The current concentration on lagging indicators is preventing predictive reporting of emerging risk indicators, masking underperforming operations.

► Firms are starting to focus on all aspects of the employee lifecycle, particularly training, recruitment, promotion and performance management.

► Firms have a renewed focus on product design and product suitability.


Hong Kong Firms in Hong Kong have been increasingly focused on conduct risk, especially those with head offices based in the US or Europe. Both the SFC and HKMA expect firms to consider the conduct risks that affect their business and take steps to mitigate these risks. The regulator is keen to explore how a firm’s business strategy impacts the conduct risks it faces and how existing conduct controls and conduct monitoring are being influenced by strategy.


► Remuneration structures and the rewarding of good conduct






Industry responses

► With no specific requirement to set a conduct risk appetite, most firms have chosen not to do so. Most firms have a conduct risk definition in place and have been focused on developing conduct risk policies, staff communication plans and training.

► More than half the international firms have a regional head of conduct risk. Typically, this role sits within the second line of defense, but there is an increasing drive to develop greater front office ownership and accountability.

► Firms have MI structures but typically these are made up of lagging rather than leading indicators. Challenges to MI improvements include: data quality, consistency and access.

► Firms are seeking to amend their recruitment practices to hire individuals who fit within their corporate culture and have the desired approach to conduct issues, requiring compliance and HR to collaborate.

► Firms are debating whether “good conduct” should be specifically remunerated or if it should be treated as a minimum requirement.

► Firms are exploring how data can influence remuneration strategies, leading to anonymous employee feedback being sought to provide examples of good and bad conduct, promotion candidates being subject to review by compliance and risk and using breach information to influence remuneration.

Indonesia Indonesia has no specific conduct risk regulations, but several elements of conduct risk are embedded as part of other regulatory requirements linked to compliance and operational risk management. For example, conduct risk-related requirements can be found in regulations governing anti-money laundering (AML), risk management certification for the management and officers of commercial banks, improved corporate governance implementation, remuneration practices and market conduct in relation to the protection of consumers.


► AML and prevention of terrorism funding

► Product transparency and consumer protection

► Senior management “fit and proper” test and conflicts of interest

► Corporate governance and remuneration practices of financial services

Industry responses

► Firms do not currently have specific conduct risk frameworks or programs. They tend to manage conduct risk using general internal controls and compliance programs.

► Employees receive training on codes of conduct, compliance requirements and acceptable sales practices, but not necessarily from a conduct risk perspective.

► Although firms are identifying and mitigating the risks associated with new products, this does not include specific conduct risk considerations.


Malaysia Conduct risk, while not an explicit area of focus for the BNM, is embedded in a number of regulatory guidelines on introducing new financial products, mis-selling and sales remuneration practices.

Following new product guidelines in March 2014, product risk is being closely tracked, with each new product launch now requiring regulatory approval. This includes the regulator identifying specific target customer segmentation, transparency around product rates and features and tracking sales processes and financial promotions. BNM has also provided remuneration guidance to mitigate the risk of mis-selling or sales staff recommending high revenue-generating products that are not suitable for the customer.


► New product development and transparency

► Remuneration of sales staff to reduce the risk of customer mis-selling

► Codes of conduct for customer fair dealing

► Regulatory monitoring of instrument issuance

Industry responses

► Firms have reviewed their new product development and remuneration practices to ensure compliance with new regulatory requirements.

► Several key Malaysian banks are also undertaking specific conduct risk training programs.

► Boards are focused on setting the right tone and expectations from the top.

► Monitoring conduct risk tends to be integrated as part of broader risk and compliance reporting, and specific governance and frameworks around conduct risk have not generally been pursued.

Market-by-market viewMainland China

Several Chinese regulators have introduced consumer protection requirements and it continues to be an area of focus for future regulatory developments. The regulator requires financial institutions to clarify the risk of the financial product when selling to customers, to prevent mis-selling. Firms are also required to identify and report material conflicts to the regulator, especially around related party transactions.






Industry responses

► Conduct risk matters are currently incorporated into compliance or operational risk management, which is led or facilitated by the risk management or compliance department.

► Large firms have processes to record misconduct of individuals and managerial accountability with clear, formulaic deduction of compensation when misconduct has been identified.

► Firms are using a new product approval process considering data collected from previous, similar products to help to determine product risk. This process will also inform control design and risk mitigation.

► Currently, most conflicts are identified through complaints from clients and firms do not undertake monitoring. System are normally in place to avoid conflict of interest for business assessment or approval, or product and service procurement.


New Zealand The FMA’s strategic priorities are under review but currently include: governance and culture, conflicted conduct, capital market integrity, sales and advice, and FMA’s effectiveness and efficiency. To influence and monitor behavior, the FMA is using its “5Cs” — capability, conflict, culture, control and communication — to form a “good conduct profile.”




► Product governance, suitability and design



► Good governance and accountability

► Responsible lending

► Provision of same protections against unfair conduct to small business as those that currently apply to consumers

Industry responses

► Different functions own conduct risk in different firms, despite the FMA’s preference for conduct risk to be owned by the business: the head of retail or markets. Organizational size plays a part, with smaller firms often lacking a particular function or person responsible for conduct risk.

► The Financial Markets Conduct Act introduces new requirements for product governance of managed investment products and debt securities. Generally, firms must set out their product design and governance processes as part of their license application. Increasingly, the FMA expects suitability and fair value exchange to form part of the product design process.

► The FMA believes there is a significant need for better conduct risk MI, including better systems and processes to measure conduct or culture.

► The FMA is focusing on sales staff remuneration, requiring safe guards against volume-based incentives to minimize the risk of mis-selling.

► Firms are still struggling to describe and manage conflicts of interest, and require better MI to monitor these conflicts once they are identified.

Philippines Firms must comply with a significant number of regulatory requirements that aim to protect the market and consumers. Although there is no regulatory expectation to set a conduct risk appetite, BSP expects firms will adopt a financial consumer protection framework appropriate to their corporate structure, operations and risk profile.


► A culture of fair and responsible dealings

► Consumer protection


► Client suitability

Industry responses

► Firms are focusing on compliance and operational risk, with management’s attention turned towards maintaining strong customer relationships and reputational risk management.

► Many firms have established a code of conduct outlining proper organizational practices. These documents are helping to communicate the “tone from the top.“

► Firms are providing staff with comprehensive training on the code of conduct, organizational practices, and compliance and operational policies and procedures. Front office employees are also trained on the organization’s sales practice.

► As per BSP’s requirements, firms are designing remuneration to encourage responsible business conduct and fair treatment and avoid conflicts of interest. Firms are also putting adequate controls in place so sales staff are not remunerated based solely on sales performance but also on other factors, including customer satisfaction (as measured by the number of customer complaints served/settled) and compliance with regulatory requirements.


Singapore Although the MAS has not issued specific guidance on conduct risk, it is clearly an important regulatory topic. Elements of conduct risk are addressed through a number of regulations and guidelines, such as those on the safeguarding of investor interests, balanced scorecard-based remuneration for financial advisors, corporate governance and customer fair dealing. Although MAS does not appear to intend to ramp up its conduct risk expectations by changing existing or issuing new notices or guidelines, firms consistently report that conduct risk is a focus of regulatory inspections and MAS questioning.


► AML and sanctions transaction monitoring and other financial crimes

► Customer onboarding and compliance with Know Yor Customer (KYC) requirements

► Market conduct issues, particularly in the wake of the London Interbank Offered Rate (LIBOR) and Singapore Interbank Offered Rate (SIBOR) scandals, particularly the monitoring of trade communications

► Customer detriment/fair dealing, including ensuring safeguards for the elderly and other vulnerable customers. This includes a significant focus on evaluating customer outcomes and ramping up customer engagement through questionnaires and surveys

► Ethics training

Industry responses

► Firms identify the interface between competition and market abuse (anti-trust or market manipulation) as a potential area of increasing activity by competition regulators that may start focusing on market conduct in addition to the MAS.

► Firms have a high degree of variation in how they formalize and structure their conduct risk policies and initiatives. Some are only just beginning to address conduct risk as part of broader compliance or operational risk programs. Others have developed dedicated responses, including adopting conduct risk frameworks and metrics, providing specific training programs or investing in projects that identify and mitigate conflicts of interest.

► For international firms, the higher regulatory requirements set by their home regulators and the rollout of global conduct risk programs are driving a generally higher degree of conduct risk maturity within their Asian businesses. However, the challenge is to make these global programs locally relevant.

► Firms understand the importance of the “tone from the top” and are now focusing on the “tone from the middle” to ensure consistency in the communications and examples being set by senior and middle management.

Market-by-market view


Vietnam ► No conduct risk trends are observed in Vietnam.

Thailand Although the Bank of Thailand (BOT) does not specifically regulate the area of conduct risk, it has released several notifications with measures that address some aspects of conduct risk. These include new requirements relating to how commercial banks provide new product information to their customers and how to address client complaints. The Office of the Consumer Protection Board also regulates the area of financial services consumer protection. The BOT has also introduced new notifications in relation to KYC and client due diligence (CDD).


► Product transparency and consumer protection

► Client onboarding — KYC and CDD

► Senior management conflicts of interest

Industry responses

► Firms have yet to introduce specific frameworks, policies or training to address conduct risk.

South Korea The Financial Supervisory Service (FSS) is focused on consumer rights, specifically regarding the price of lending from retail banks, which has impacted marketing and sales processes.


► Consumer rights


Industry responses

► Firms are focused on compliance risk and operational risk, but are not currently focused on conduct risk specifically.

► Many firms consider the risk of staff behavior within operational risk.

► Firms have controls in place to detect conflicts and monitor them on an ongoing basis.

South Korea

Sun Young Bong (Anita)T: +82 2378 74283 E: [email protected]

Thailand

Phuphun CharoensukT: +66 2264 9090 E: [email protected]

Vietnam

Duong NguyenT: +84 4383 15100 E: [email protected]

ContactsFor further information please contact:

Australia

Rob WalshT: +61 2924 84861 E: [email protected]

Roberto FitzgeraldT: +61 2924 85398 E: [email protected]

China (Mainland)

Leo WangT: +86 10581 53216E: [email protected]

Hong Kong

Emma AtkinsT: +852 2846 9740 E: [email protected]

Sameer Rege

T: +852 2849 9458E: [email protected]

Indonesia

Evan WiradharmaT: +62 21528 95352 E: [email protected]

Malaysia

Ramesh RajaratnamT: +60 3749 58767 E: [email protected]

Han Hwee Chong


New Zealand

Rhys Hermansson T: +64 2720 30658E: [email protected]

Philippines

Christian G LauronT: +63 2891 0307 E: [email protected]

Singapore

Maggi HughesT: +65 6309 8268 E: [email protected]

APAC

Gary MellodyAPAC FS Risk Leader

T: +65 6309 6519 E: [email protected]

Judy VasAPAC Regulatory Leader



EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

© 2016 EYGM Limited. All Rights Reserved.

EYG no. 03497-164Gbl

BMC Agency GA 0000_07956

ED 0617

In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content.

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice.

ey.com

Documents

APAC Conduct Risk Barometer - EY · Indonesia — No specific regulation exists for conduct risk. However, several conduct risk elements are embedded within ... front office control,