Go Back

Conduct risk management and the rise of RegTech

Mission Impossible?

The RC initially requested from the 60+ Australian financial services firms 10 years’ worth of misconduct data, alongside action plans and the corresponding remediation programmes.

Not surprisingly perhaps, the feedback from the major Australian financial institutions was that they would have difficulty in complying with the request given that the information and data were spread across a multitude of disparate sources.

The RC concluded that if these firms were unable to provide the requested information, how could the firms’ senior management or indeed, their boards, be confident that the risk reporting presented to them was complete and presenting a holistic view of the extent of compliance failures?

Data retention requirements permitting, I suspect that many global financial institutions would also struggle to easily, quickly and comprehensively compile this type of data, and certainly covering a 10 year time period.

But of broader concern, anyone serving on a Board or ExCo should feel confident that the risk reporting presented to them is comprehensive and complete.  And, if the Board or ExCo consider that they aren’t getting the complete picture, their role is to challenge until they are satisfied they are able to effectively discharge their oversight duty.

The rise of RegTech

As those of us who have been actively involved in supporting investigations will know, they can be highly labour intensive – drawing resources from the first and second line, and often working in partnership with independent and specialist investigative teams.  The amount of data collected, collated and then analysed (in my experience, sometimes via the ubiquitous Excel spreadsheet or three) can be overwhelming.  Overlay onto that, the need for subject matter experts to provide insights and explanations of the data, and you can start to understand why some of these investigations can be so protracted.

With regulatory reforms driving an increasing breadth and variety of controls to be implemented and data to be collected, analysed and reported upon, the situation will become still more complicated.

There is no doubt that RegTech solutions are providing very innovative ways to address growing and increasingly detailed regulatory requirements.  These range from targeted solutions to address specific MiFID II Best Execution requirements, through to control tools such as electronic communications surveillance that detect and capture market abuse at the very earliest opportunity.

Growing eComms channels provide a fertile ground for market manipulations

The challenge is that, alongside regulatory change, the technology landscape also continues to evolve.

In the context of surveillance, firms continue to expand the range of communication channels available both internally and with clients.  These advancements are undoubtedly improving the overall client experience but pose an increasingly complex surveillance challenge.  RegTech solutions that enable firms to collate disparate structured and unstructured data, and indeed, retrieve and reconstruct a complete communication chain across various platforms is a tremendous step forward.

The evolution of conduct risk management

Firms are continuing to evolve how they measure and manage conduct risk.  This may include revising metrics in light of changes to the strategic business model, reviewing the effectiveness of escalation channels and governance in the context of the Senior Managers Regime, alongside reviewing their risk appetite statements and thresholds.


What is key is for firms to also have an architectural vision showing how the various RegTech solutions fit together and into the broader infrastructure, alongside how the data they hold feeds into the overall risk and control framework.  With so many conduct risk data points – complaints, best execution, internal breaches to name but a few – this is critical.

Without this vision, firms run the risk – as highlighted by the Australian RC – of disjointed reporting.  And, at the very worst, the information presented to the board and ExCos will be fragmented, incomplete and, presenting an inaccurate picture of the extent of conduct risk issues within the firm.


If you are on the journey of designing or delivering your Conduct Risk Framework, Aurora can support you both in ensuring the organisation structure and operating model align to the framework and in bringing innovative technology solutions to support your implementation. If you have any questions or would like to discuss the blog in more detail, please get in touch at: [email protected]

Aurora website: https://aurorasde.com/

Aurora are a London-based boutique consultancy with global reach. Former Financial Services leaders rather than consultants, with decades of experience across all customer segments and spanning functions including COO, strategy, technology, change delivery, sales and risk.


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.