What is Conduct Risk
Conduct risk refers to the risk that a company’s employees, agents, or contractors may engage in behaviour that is inappropriate, unethical, or illegal, and which could lead to harm or damage to the company or its stakeholders.
Although there is no official definition, it is usually associated with issues such as how consumers are handled, employee compensation, and how businesses handle conflicts of interest. The Australian Securities & Investment Commission (ASIC) states conduct risk is a risk of improper, unethical, or unlawful activity that may be brought on by intentional acts or unintentional deficiencies in an entity’s procedures, framework, or training programs.
Conduct risk has become an increasingly important consideration for companies in Australia, as regulatory agencies have become more focused on ensuring that companies operate in an ethical and compliant manner.
What causes Conduct Risk?
According to ASIC, there is a strong correlation between culture and conduct risk. The culture that the board and senior management embed should be one that is a top-down approach and one that supports values driven attitude in which customers should be the focus.
Some of the leading causes of conduct risk are listed in the table below:
| Cause | Description |
| Pressure to meet targets | Employees or contractors may feel pressure to meet targets or deadlines, which can lead them to engage in inappropriate or unethical behaviour in order to achieve these goals. |
| Lack of clarity about expectations | If employees or contractors are not clear about the expectations and standards of behaviour that are expected of them, they may engage in conduct that is inappropriate or unethical. |
| Poor management or leadership | Poor management or leadership can contribute to a culture of misconduct within a company. If employees or contractors do not see their managers or leaders setting a good example, they may be more likely to engage in inappropriate conduct. |
| Insufficient training or support | If employees or contractors do not receive sufficient training or support, they may be more likely to engage in conduct that is inappropriate or unethical. This can be especially true if they are not aware of the policies and procedures that are in place to prevent such conduct. |
| Poorly defined or vague policies | If a company’s policies and procedures are poorly defined or vague, employees and contractors may be more likely to engage in conduct that is inappropriate or unethical. |
| Weak internal controls | If a company lacks strong internal controls, it may be more vulnerable to conduct risk. This can include issues such as inadequate financial controls, a lack of oversight of employee conduct, or weak systems for reporting and addressing misconduct. |
Businesses should strive for a positive culture that promotes and encourages good behavior which is essential for customer and investor confidence and also helps maintain market integrity and trust.
A business that relies on a culture of incentives (i.e. higher commission paid depending on the number of customers an employee brings into the business) and/or deterrence (i.e. the attitude of blaming its employees if something goes wrong including putting the fear of regulator intervention and the likelihood of receiving a penalty) is likely to encourage negative conduct among its employees.
What are the consequences of conduct risk?
The consequences of conduct risk can be significant, and can include:
- Damage to reputation: Conduct risk can damage a company’s reputation, as it can lead to a decline in customer trust and loyalty and can erode the company’s credibility and integrity. This can make it difficult for the company to attract and retain customers, as well as to secure funding or partnerships.
- Legal action: Conduct risk can also lead to legal action, such as regulatory investigations, fines, and lawsuits. This can result in significant costs for the company, including legal fees and damages, which can impact the company’s financial performance.
- Decreased employee morale: Conduct risk can also have a negative impact on employee morale, as it can create a toxic or negative culture within the company. This can lead to high levels of staff turnover and low levels of productivity, which can further impact the company’s financial performance.
- Loss of market share: If a company’s reputation is damaged due to conduct risk, it may lose market share to competitors. This can lead to a decline in revenue and profits and may ultimately threaten the long-term viability of the company.
These consequences can impact a business’s reputation, legal and regulatory standing, employee morale, and financial performance.
Why is Conduct Risk important – the energy sector?
In the energy retail sector, managing conduct risk is critical for a number of reasons:
- Reputation: Energy retail businesses rely on the trust and confidence of their customers. If a company’s employees or contractors engage in inappropriate, unethical, or illegal conduct, it can damage the company’s reputation and undermine customer trust. This can lead to a decline in customer loyalty and sales, as well as increased regulatory scrutiny and legal action.
- Integrity: Conduct risk can impact the integrity of a company and its operations. For example, if employees or contractors engage in corrupt or dishonest practices, it can undermine the company’s values and ethical standards. This can lead to a decline in employee morale and a negative culture within the company.
- Financial performance: Conduct risk can also have a negative impact on a company’s financial performance. If a company is involved in a conduct-related investigation or legal action, it can incur significant costs in the form of fines, legal fees, and damage to the company’s reputation. This can impact the company’s bottom line and shareholders’ returns.
For these reasons, it is important for energy retail businesses in Australia to manage conduct risk as part of their overall business strategy. This may involve implementing policies and procedures to ensure that employees, contractors, and agents adhere to ethical and legal standards, providing training to educate employees about appropriate conduct, and establishing internal reporting mechanisms to allow employees to report misconduct.
What are some examples of conduct risk?
- Employees engaging in corrupt or dishonest practices, such as accepting bribes or embezzling company funds
- Employees or contractors knowingly or unknowingly violating energy and safety regulations, which could result in compliance breaches, incidents or injuries
- Employees or contractors engaging in discriminatory or harassing behaviour, which could lead to legal action and damage to the company’s reputation
- Employees or contractors engaging in insider trading or other financial misconduct
- Employees or contractors engaging in activities that could damage the company’s reputation, such as engaging in unethical marketing practices or making false or misleading statements to customers
- Employees or contractors breaching confidentiality or data protection laws, such as by sharing sensitive information without proper authorization
- Employees or contractors failing to comply with regulations or industry standards, which could lead to fines or other penalties for the company.
The reference to employees in the examples above, applies to all employees and contractors of the business including the senior management and members of the board.
What should energy businesses do to manage their ‘Conduct Risk’?
The regulatory environment nevertheless continues to intensify with a raft of tighter regulations being implemented and a heightened appetite among regulators for close oversight and enforcement action, even for minor breaches. In line with the top-down approach mentioned above, it is recommended for businesses to review their compliance management and risk management framework and ensure there is clarity regarding roles and responsibilities from the Board to the employees and contractors of the energy business.
There are a number of steps that a business can take to protect itself against conduct risk, including:
- Implementing policies and procedures: A business can implement policies and procedures that outline the standards of behaviour that are expected of employees, contractors, and agents. These policies and procedures should cover a range of topics, including ethical behaviour, safety, diversity and inclusion, and environmental sustainability.
- Providing training: A business can provide training to employees, contractors, and agents to educate them about appropriate conduct and the company’s policies and procedures. This can help to ensure that everyone understands their responsibilities and the expectations of the company.
- Establishing internal reporting mechanisms: A business can establish internal reporting mechanisms, such as hotlines or email addresses, to allow employees to report any concerns or misconduct. This can help to identify and address conduct risks early on.
- Monitoring and auditing: A business can monitor and audit employee behaviour to identify any potential conduct risks. This can be done through regular reviews of employee performance, as well as through the use of data analytics and other monitoring tools.
- Implementing a code of conduct: A business can implement a code of conduct, which outlines the expectations and standards of behaviour that are expected of employees and contractors. This can help to create a culture of integrity within the company.
- Establishing a risk management framework: A business can establish a risk management framework to identify, assess, and manage conduct risk. This can involve regularly reviewing and updating policies and procedures, as well as conducting risk assessments to identify potential areas of concern.
Contact us to discuss further.
