Conduct Risk - assessing intangible and cultural risks in the financial sector



The media has reported a wide range of news items related to conduct risk in 2016 and ASIC has promised thorough investigations into many of the issues brought to light. In a nutshell, conduct risk is the risk of inappropriate, unethical or unlawful behaviour by an organisation’s management or employees.

The payday lending industry is a prime example of the type of conduct risk that investors can face. Payday lenders typically make small, short-term unsecured loans to customers who may struggle to receive standard personal loans from the traditional banking community. Payday lenders typically charge higher rates of interest.

At Ausbil, we believe the integration of environmental, social and governance (ESG) analysis with quality investment management can help investors identify and assess these types of conduct risk.

About 12 months ago, the Federal Court handed down a penalty of $19m – the largest civil penalty obtained by ASIC at the time - for irresponsible lending and unconscionable conduct by one of the unlisted payday lenders and its loan funder. A subsequent report by ASIC found that payday lenders needed to improve their compliance with key consumer protection laws. ASIC found particular compliance risks and concerns around the tests for loan suitability and systemically poor record keeping. 

Thorough ESG analysis can help investors to assess the sustainability of a company’s business model. In cases where an industry thrives on poorly informed customers and a lack of robust regulation or the enforcement of regulation, current earnings may not be as sustainable as they first appear. Allegations and anecdotes of misconduct also need to be investigated by investors. In our view, payday lending was one such area that deserved closer analysis.

The payday lending example also shows how increased media coverage can serve as a leading indicator of increased regulatory scrutiny. This is similar to other cases regarding social issues, such as labour rights in the garment supply chain. In this instance, NGOs campaigned about the issues for a long time, but it took media exposure to act as the game changer.

Ultimately with Payday Lending, it was the ABC’s Four Corners program ‘Game of Loans’ in 2015 that ultimately brought the public’s attention to the social and compliance issues linked to this industry. 

The ASIC crackdown has had a major impact on the share prices of listed companies with exposure to payday lending. This was exacerbated when Westpac pulled its funding of payday lenders. The share prices of both Money 3 and Cash Converters fell sharply afterwards and remain far below their previous highs. How should investors regard conduct risk going forward? The issue of conduct risk has been a major issue internationally and Australian regulatorshave stepped up their investigations. Non-compliance can result in direct impacts such as fines and changed licencing conditions, while indirect impacts, such as declining customer loyalty, can also play out over time.

Financial services providers are responding to the increased regulatory scrutiny with stricter oversight and control processes, which leads to higher compliance costs, but risks remain. In our view, conduct risk is intrinsically linked to a company’s intangible drivers, particularly culture. In addition to reviewing a company’s risk policy framework, investor assessment of culture should also include an analysis of the management and board culture, trends in complaints made to independent ombudsmen and a company’s code of conduct, as well as anecdotes and independent staff reviews. Culture can be difficult to assess, but the potential rewards from proactively detecting risks can be significant.

Delving deeper into the subject, a series of issues related to conduct risk have been in the spotlight this year, such as ASIC’s case against ANZ for alleged manipulation of the bank bill swap rate and the CommInsure investigation where ASIC is promising a very thorough investigation. ASIC is also probing whether there are deeper systemic issues in the life insurance industry.

Conduct risk is also a big issue internationally and has been a major topic in the US and the UK where financial institutions have received significant fines as well as large remediation costs, as was the case with the payment protection insurance scandal in the UK. ASIC has pointed out that the cost of poor conduct of the ten most affected global banks was approximately US$250 billion between 2008 and 20121. In recent years BNP Paribas, Credit Suisse, HSBC and UBS were fined almost US$15 billion2 on aggregate for a wide range of issues, including insurance mis-selling, rigging of forex markets and sanctions violations. In addition to penalties, financial institutions have seen significant increases in compliance costs.

The big bank investigations might have peaked in the UK and the US, but as illustrated by the step-up in ASIC investigations, conduct risk is becoming more topical in Australia, which means a greater risk of fines and/or settlement costs. The fines to date in Australia, however, have been significantly below those in the US and Europe.

The worst case scenario is that compliance issues, if very severe, can lead to the loss of an organisation’s financial services licence and its ability to operate. Another aspect, as previously mentioned, which is more difficult to quantify is the indirect impact, such as staff morale and productivity, the ability to attract staff, as well as impacts on the brand and customer loyalty. In some cases, these impacts can play out over time. The loss of customer goodwill and brand damage might be increasingly important as technological change opens up increased competition and lower barriers to entry.

Company responses and links to corporate culture

Regulatory changes along with new rules and penalties provide strong incentives to change for the better. Many financial firms have acted on conduct risk with stricter oversight and control processes, including increased employee supervision. Examples include tougher regulation of chatrooms and banning mobile phones in trading rooms. In a similar way to companies tracking near-misses for occupational health and safety risk management, some financial institutions are now tracking near-miss events in terms of conduct risk.

In Australia, APRA-regulated entities are now required to maintain a ‘board-approved risk management strategy that describes the key elements of the risk management framework that give effect to its approach to managing risk’3 (under the Prudential Standard CPS 220 Risk Management). As a result, many financial institutions have assessed and attempted to address issues that fall under the conduct risk definition.

In our view, conduct risk is often closely linked to risk culture, which is rarely driven by regulatory changes, but from changes within the financial institutions themselves. The concept of ‘culture’ is an important aspect of ESG analysis. A company’s market capitalisation is made up of a mix of tangible and intangible values. Over time, the relative importance of intangible values has increased. Today, for the average listed company the tangible assets represent only a minor percentage of value: 


These intangibles include a company’s brand reputation, customer relationships, corporate governance and its culture, which is perhaps the most intangible of all the intangibles.

Internationally, many financial institutions are now focusing on changing their culture. However, correcting culture can be a slow, time-consuming and costly exercise. To be effective, it might need a clear message from the top accompanied with training, new performance metrics and remuneration structures. In some cases, it might include shifting accountability for risk into the front office.

How should investors assess the key risk areas and where are key risk areas?

Investors should also monitor anecdotal evidence from a wide range of sources, including industry consumer advocacy groups, industry contacts and independent ombudsmen, such as the Financial Ombudsman Service (FOS), which offers a dispute resolution service as an alternative to court.

For example, financial institutions with Southeast Asian exposure have a relatively higher risk profile. While in Australia, ASIC acts as the consumer credit regulator, the markets regulator and as the financial services regulator. In other words, ASIC’s activities cover a wide scope and budget constraints mean that when it is actively investigating, it may be unlikely to do a deep dive into more than one sub-segment at a time. As a result, we believe the starting point should be to assess whether a sub segment is currently underregulated or whether a business model relies on poorly informed customers. This is where media focus on a particular industry can act as a leading indicator for major investigations by the authorities.

Conduct risk can differ significantly across various geographies.
The starting point is to assess management and board culture as these set the tone for the overall organisational culture. However, culture can be difficult to assess from an external perspective, particularly as there can be different cultures within different business divisions and teams. We believe culture analysis and conduct risk assessment should cover three aspects; a) industry risk analysis, b) analysis of formal policies and frameworks at the company level and c) implementation in practice. 

Given the relationship between intangible drivers and company value, we believe analysis of how companies manage their intangible drivers – through integration of ESG analysis – can lead to better informed investment decisions. Ultimately, ESG analysis comes down to assessing how a company is managing its intangible assets, particularly culture.


FOS’s 2014-15 annual review showed that there were approximately 32,000 disputes in FY15. The majority of these were resolved by agreement with the financial service providers while 13% were resolved by a FOS decision or assessment, 6% were discontinued and 17% were outside the terms of reference.

The review highlighted that while dispute numbers remained steady compared to previous years, (as illustrated by the chart above), there were 347 investigations of alleged breaches of industry codes of practice with 238 confirmed breaches. Of the disputes lodged in 2014-15, credit accounted for 49%, general insurance 26%, while payment systems, deposit taking, life insurance and investments accounted for between 5% and 7%. In addition to resolving individual disputes, FOS is also required to identify, resolve and report on systemic issues and notify ASIC of cases of serious misconduct.

Over the 2014/15 financial year, FOS’s systemic issues team received 2,137 referrals of possible systemic issues from FOS dispute handling teams (an increase by approximately 12% year on year). Also, FOS administers and monitors compliance with industry codes of practice, such as the code of banking practice and general insurance code of practice. Over a similar period FOS dealt with 20 breaches that were assessed as ‘significant’, including eight in banking.

Importantly, FOS issues comparative tables showing disputes and outcomes by financial service provider, which gives investors a tool to measure trends among listed companies. Recent data showed major differences between the various banks.

Debt Collection

Before the ASIC investigation into the payday lending industry there were anecdotes about widespread non-compliance. Another sub segment of the financial sector where anecdotes about noncompliance abound is debt collection. A report commissioned by the ACCC in 2015 on the debt collection industry highlighted that increased regulatory oversight, including the ACCC/ASIC debt collection guidelines which offer best practice processes, has led to an improvement in debt collection behaviour. Investment in technology has also helped. The report states that alleged incidents occur in less than 0.015% of contacts made by the industry. 

However, there could be an issue of under reporting. The report also noted that non-compliant practices can result in “significant detriment” to vulnerable and disadvantaged consumers and that regulators are willing to take action in such cases. The Credit & Investments Ombudsman’s report from October 2015 showed that approximately 5,000 complaints were made against financial service providers, which represents an increase of 7.4%4. Debt purchasers and collectors attracted the largest number of complaints (40.7%).

Code of Conduct

Analysis of companies’ codes of conduct can also identify risk flags. These documents, which are often publicly available, can differ widely in terms of scope and coverage. Companies also differ widely in terms of methods and approaches when it comes to enforcing codes of conduct. While most financial companies have robust policy frameworks on paper, it is important to understand how staff are trained and updated on these.

A robust code of conduct should include detailed coverage of regulatory compliance, anti-bribery and corruption and most importantly, how staff should report on these issues. 

Reputable companies tend to have whistle-blower protection policies. However, in some cases they clearly don’t work. In practice, at least one case in Australia has been recorded where the whistle blower went to the media instead of using the internal reporting channels, because the whistle blower did not trust the company’s protection protocol. Gaining a clear understanding of how compliance incidentsand breaches are reported internally can give investors important insights.

Another area that impacts conduct risk is related to remuneration, especially with regard to incentives. For instance, are employees and management encouraged to take risks and what is their subsequent personal downside risk? While many investors focus much of their attention on executive remuneration, understanding the remuneration structures further down the value chain can also result in important insights. For instance, where base pay is low and staff are highly incentivised on commission, conduct risk might be higher.

Many companies conduct formal staff engagement surveys on a periodic basis, although few details are typically disclosed to investors. Rather, investors can get more insights from independent staff reviews in the public domain as well as conversations with people working in the industry. While these only give a snapshot based on employees who have taken the time to submit a review, in many cases certain patterns can be identified regarding culture and conduct risk. They can also indicate CEO approval rates, employees’ views on the business outlook and incentive structures within the organisation.

Analysis of the above can be time-consuming, but given the potential downside risk to valuation and performance, the potential rewards can be significant, especially when risks are detected on a proactive basis.


  • Conduct risk has been a major issue internationally and Australian regulators have stepped up their investigations. Non-compliance can result in direct impacts such as fines and changed licencing conditions, but also a number of indirect impacts can play out over time.
  • The regulatory review of the payday lending industry is a case study in how ESG analysis can help assess the sustainability of a business model and identify downside risks proactively.
  • Financial services providers are responding with stricter oversight and control processes, which leads to higher compliance costs, however, risks remain.
  • Conduct risk is intrinsically linked to culture, which can be difficult to assess, but the potential rewards of detecting risks proactively can be significant. The assessment should include analysing the management and board culture, the trends in complaints made to independent ombudsmen, companies’ codes of conduct and also listening to anecdotes. Media coverage can act as a leading indicator.



1. Australian Securities Investment Commission, Report 444 ASIC enforcement outcomes:January to June 2015. [Online] Available at:[Accessed 29 May 2016]
2. Ethical Corporation, Banks still mired in red over conduct risk. [Online] Available at: [Accessed 29 May 2016]
3. Allens Australia, Unravelled: Corporate Culture and Conduct Risk [Online] Available at [Accessed 29 May 2016]
4. Credit & Investments Ombudsman, Annual Report on Operations 2015. [Online] Available at: [Accessed 29 May 2016]


Latest News

  • Celebrating 25 years in fund management
  • Banner Image Manager
  • Banner Image About Us
  • Banner Image Lonsec winner