Don't forget your anecdotes: The rise of anecdata
Tom Hardin, owner of Tipper X Advisors, discusses the intersection of conduct and risk compliance. He explains how conduct is becoming more integrated with regulatory discussions and how it's essential to consider both data and qualitative aspects when assessing conduct risk.
Read it below!
Tom, thank you so much for joining me today at RiskMinds Americas. I know you're talking about conduct and compliance a lot in your job. But how is this community combining with the risk community? What's the future of this?
Yeah, I've interesting perspective – one of my first presentations was in 2017 at RiskMinds. And at that time, I think there was more siloed isolation between this discussion about risk compliance and conduct. It was not clear who owns what with the conduct space because that's more qualitative. Whereas compliance and risk, we have our metrics, our KPIs or KRIs. And conduct now is much more of a discussion with the regulators and the banks.
And there's more data around that. But I think what we're seeing today is there's still a big data focus when you also have to get anecdotes – anecdotes from the frontline, what's going on, what's happening, and combining it together with data they call it anecdata. So looking at both, like you can't just rely on the data, like you might like with compliance. You also have to look at the anecdotes if you're trying to figure out what the conduct is. So that's important, no matter what your role is, to look at both.
So as you say, with regulatory interest in employee conduct, how is this transition to this data led approach happening? What's the future of that?
With compliance, it's more legal focus. Like, can we do something? And conduct is more about should we make this decision? And again, it's harder to quantify.
There's two types of ethics I talk about when I do a training session, there's normative ethics, which is what we're taught in ethics class in university – is this the right or wrong thing to do? But there's also descriptive ethics – how would our stakeholders look at this? How would society look at these decisions we're making? And we're seeing more of a push there to more of that descriptive ethics when we're talking about conduct. And again, it's qualitative.
Some of my clients have trouble pitching their board on investing in this and looking at this because if it's qualitative. If we can't measure it, we're not going to go after it. I think we're on a good path with this, but there's still a lot of work to do in terms of getting our arms around what is the conduct risk in our organisations. But if you think about it more in terms of should we do something versus can we do something? I think that helps a lot with thinking about what is conduct risk.
What is the missing link here with leadership buy-in then?
When I present with boards, they're always metric focused and committees look at the data. When going back, not to repeat myself, look at the anecdotes and the data. I think boards just have to get comfortable with that to help them make decisions or invest in certain vendors because regulators are focused on it and regulators are going to keep focusing on this.
Boards have to get comfortable with not everything being in the data set for you to look at. You have to have a little bit of both.
With trends moving towards things like personal liability, especially in the sustainable finance area and green finance area, how can risk professionals and senior leadership people prepare for that? What's the solution?
I think risk culture has evolved in the last seven years since I've been presenting. Now it's more about how do you manage risk? Not the what, but how you're doing it.
So looking at organisations – are they too siloed? Sometimes I'll present to a bank and risk is doing its own thing and compliance is doing its own thing and they're not talking. So how siloed are you? Are you talking to your other departments and having a cohesive view of the business – of the risk culture?
We talk a lot about organisational culture, which is like, using a family analogy, the parents. There's the conduct risk, which might be the little brother who gets in trouble. And then there's the risk culture, which is the older sibling who's trying to hold it both together.
So, I think it's important to not be in siloed organisations. Talking to your counterparts in the departments to get a handle on what is the risk culture? How do we make decisions? How do we analyse our decision making? Because decisions lead to the conduct risk. And if you just think good decisions deliver good outcomes, that's not right. Because good decisions can deliver bad outcomes. So look at your outcomes and look at your decision making. And you'll start to sort of predict what the conduct risk might be.
RiskMinds International is coming up, where you'll be presenting and where we also have a separate track for conduct and compliance risk. What themes do you expect to come up in this?
It's interesting, in Europe, I get a lot more questions about this than the US. Maybe it's just because the regulators there, like the Financial Conduct Authority in the UK, was at the forefront of the conduct discussion when I started speaking seven, eight years ago, and the US regulators were sort of behind.
I think there's going to be a lot more focus on these types of questions – what are regulators looking for? What do they expect? I define culture today in my presentation as the behaviours employees believe will put them ahead. So we often hear it's the tone at the top. To me, it's not the tone. The tone is just a signal. It doesn't mean anything. But actually, do you understand the behaviours that drive incentives or the behaviours that employees believe will put them ahead? The more people can do that within the banks and the financial institutions, I think you're on the right path. So I think we'll have a really robust discussion, maybe debate, about how to look at that today. And of course, it's all to do with co-working and collaborating across all these places.
Join Tom at the RiskMinds Conduct & Compliance Summit, part of RiskMinds International, on 20 November 2024.
