Conduct & Ethics

How to Manage Conduct Risk: Building a Proper Ethics Plan

To regain public trust, the boards of directors at banks must take proactive steps to court complaints and encourage whistleblowing about employees’ malfeasance.

Friday, December 17, 2021

By John Thackeray

Public perception that financial institutions are driven by greed and willful blindness has recently been reinforced by a seemingly never-ending litany of scandals. This impression of failure is a damming condemnation of both management and boards of directors to communicate clear messaging and to implement and maintain effective conduct-risk plans.  

john-thackerayJohn Thackeray

To inform and reinforce ethical behavior, a firm needs more than, say, a 150-page employee handbook. Indeed, the pressure is now greater than ever for boards to provide sustainable, ethical governance and oversight – independently and proactively.

The question facing banks’ boards is how to ensure that the character and values they preach are actually practiced by their employees. Board members who place their faith in senior management need a multitude of mechanisms to verify this fidelity. 

Let’s now take a look at three steps every bank can take to mitigate conduct risk:

1. Proactively court complaints.

Create a department that is responsible for categorizing employee complaints and discovering the root cause of misconduct. Complaints should be risk ranked and be readily communicated to the board. Moreover, employees should be actively encouraged with reimbursement for their time and effort. The idea, of course, is not to exonerate bad behavior and bad practices, but, rather, to better understand their underlying causes.

2. Employ secret bankers to act as a company’s eyes and ears, reporting independently to the board.

Much like the concept of secret shoppers within retail, these specialized bankers can be parachuted into areas of concern – including high-profit groups. They should be trained to observe whether existing working practices are compatible with a bank’s ethics policies, and must use all the tools at their disposal to understand behavioral drivers and the underlying pressures that employees are facing.

3. Reward whistleblowing.

Instead of relying on regulators to reward whistleblowers, banks themselves should offer a monetary incentive for employees to report conduct violations. Since whistleblowing is often perceived as a career-ending event, the compensation should be significant. This policy will set the tone from the top, encouraging employees to challenge bad behavior, without being stigmatized and without enduring major financial losses.

Parting Thoughts

All three of these measures are proactive and require very little implementation cost. A change in mindset, above all else, is what’s needed to deploy these measures effectively.

The goal should be to encourage employees to “actively rush toward the fire,” with a plan on to extinguish it. But for that to happen, banks must implement clear conduct standards, while also taking action to better understand employee behaviors.


John Thackeray is a risk and compliance practitioner and writer. His firm, RiskInk, helps businesses control their risks by writing policies and procedures to mitigate them. As a former senior risk executive at Citigroup, Deutsche Bank AG and Société Générale, he has had firsthand engagement with U.S. and European regulators.

We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals