Trading- and relationship manager-related fraud were causes of some of the largest instances of financial losses in capital markets history. In those instances, significant failures in operational controls, governance and oversight both inside and outside the companies where the fraud was perpetrated were identified. Such instances of fraud are detrimental to not only the balance sheet of financial institutions, but also to an institution’s future reputation and economic viability. Specifically, fraud related to instances of individual traders taking disproportionate risks with company money caused immense losses of capital, reputational damage, regulatory fines and penalties and also precipitated a drop in the company’s share price. In extreme cases, employees that engaged in fraudulent behavior caused their companies to completely collapse.
This report examines notable instances of fraud and trading losses that triggered renewed regulatory focus on conduct-related risks. The report also details regulatory responses to those risks, formulating recommendations for best practices that capital markets participants can implement to avoid the worst consequences of employee misconduct. The report explores conduct-related best practices and effective conduct risk management guidelines including incident escalation, root cause identification, handling of incidents, remedial actions and the application of disciplinary action when appropriate. The report also examines the key themes of governance, surveillance, culture, financial products mis-selling and general trading-related misconduct.
GreySpark Partners works with sellside and buyside financial institutions to develop conduct risk mitigation controls and monitoring tools. For example, the presence of multiple low-likelihood and low-impact conduct risk root causes leads to an increase in the likelihood of a high-impact incident. This report highlights the need for accurate and timely post-trade surveillance and thorough scenario analysis to ensure that conduct-related breaches are identified as quickly as possible and that they are effectively managed.
