The pandemic is driving concern over mis-selling and improper business practices in the financial services sector - ORX

Conduct risk, including mis-selling of services and improper businesses practices, is the most significant risk financial organisations are preparing for in their scenario analysis, according to a report from operational risk association ORX.

In 2020, conduct of their own employees was the top focus for scenario analysis in financial institutions, with over 90 per cent developing scenarios specifically to mitigate against this risk. ‘External fraud’, ‘technology failures’ and ‘physical security and safety’ are also high on banks’ and insurers’ agendas for scenario planning.

“For eight years now, we have collected a library of top operational risk scenarios from the financial institutions we work with, and employee conduct is a subject that comes up every year,” said Steve Bishop, head of risk information at ORX.

“With the recent pandemic outbreak, this trend is likely to continue,” he added. “Discussions with our members on the issue of conduct indicate that adverse economic conditions will likely lead to increased scrutiny from regulators in this area.

“In addition, uncertainty around practices and contractual obligations related to government-backed pandemic relief initiatives, such as mortgages holidays and emergency commercial loans, could lead to further conduct issues within the industry.”

North American institutions often consider business disruption as one of their most material risks. Over the last three years, scenarios referring to business disruption, such as natural disasters, vendor failure, and cyber-attacks, featured highly in scenarios reported from that region.

Fraud is a significant concern in African, Western European and Asia-Pacific financial institutions, with the main difference being the cause.

Scenarios developed in African countries often refer to the direct involvement of internal employees in committing fraudulent activity. On the other hand, Western European and Asia-Pacific scenarios often refer to cyber-related frauds with external parties hacking IT systems to steal credentials.

Bishop added: “As we head towards the end of 2020 and into 2021 there is no doubt that COVID-19 will play an even greater part in shaping financial institutions’ scenario risk planning and, by sharing that information, financial institutions can improve their robustness and capacity to support people and the global economy.”