Compliance people often quail at the question "what is conduct risk?" One City lawyer was brave enough to answer this question when Compliance Matters asked it.

Carl Fernandez, a partner at Linklaters, has extensive experience of advising banks, broker-dealers and asset managers on a range of regulatory issues. At a City & Financial conference in London last autumn, he gave the audience an overview of "conduct regulation," which falls entirely within the purview of the FCA. He looked at what it covered, what the rules were, why those rules existed, and where they were to be found.

"Conduct regulation these days covers (among other things) mortgages, consumer credit now falling into the FCA's remit, insurance of course, and some investment services. Conduct regulation is changing all the time and several reforms - not least from the European Union's second Markets in Financial Instruments Directive or MIFID II - lie on the horizon."

Like all concepts that spring from woolly thinking, the exact nature of conduct regulation is difficult to pin down; Fernandez called it "a question that a lot of people grapple with." He thought that it covered the relationships that a regulated firm has, principally (and this is what most of the relevant rules cover) with its customers. He thought that it also dealt with the way in which firms deal with each other and interact with the market, particularly in the wholesale area. The Financial Conduct Authority's rulebook that covers all types of relationship, although it does not refer to "conduct regulation" or indeed to "conduct risk," a closely allied term.

He went on: "There is of course the relationship that firms have with the regulator, which is, I think, a critical part of the conduct landscape. Often, we see firms being sanctioned, not necessarily publicly, for the way in which they fail to interact with their regulator in an honest way. Occasionally we see public sanctions. I think that that is a very important part of managing conduct risk."

Fernandez delineated the rules that relate to conduct risk. They include the key principles for business, the COBS rules (conduct-of-business rules) which focus on investment business, the CASS rules that cover clients' assets, other COBS sourcebooks containing the insurance rules, the banking rules, and the mortgage rules. There is the Code of Market Conduct, which contains the 'market abuse' regime (market abuse being a crime as well, although that is another story), and finally, said Fernandez, "the way in which you run the firm and cover all the risks and relationships with your customers is also an important focus area for firms and that falls within the senior management arrangements systems and controls sourcebook, referred to as SYSC."

Principles for business 5-10 touch on conduct risk, addressing firms' relationships with other firms, their customers and the market. These days it is rare, if not impossible, to find a decision notice that does not accuse someone of contravening a general principle. Fernandez noted that these vague, catch-all principles acted as something of an "insurance policy" for the regulator whenever some intelligent lawyers for a firm that it wanted to punish could mount an adequate argument that it had not broken a specific rule. Others have found a less charitable way to describe the process.

The purpose of the COBS rules, Fernandez thought, was to guarantee fair results (he called them 'outcomes') for customers. He noted that the meaning of 'fair' was always changing according to the regulators' whims.

"In terms of trying to understand how the rules are structured, I think you can look at the life-cycle of a relationship with a customer in a fairly logical way from when I'm first advertising my services, to when I start to provide services, to after-sales care. You'll see that the rulebook is structured to impose obligations on firms at each step in that life-cycle."

The classification of customers

He also thought, most importantly, that the "level of obligation" that a firm owed to its customer was governed by the way in which that customer was classified. The rules are structured to ensure that when a firm commences a relationship with a client, it has to classify that client into one of three buckets. He could be (in order of vulnerability) a retail client, a professional client or, at the bottom of the scale and the least easy to hurt, an eligible counterparty. If he is in the highest bucket, Fernandez explained, the firm owes him the highest amount of "protection," and the lowest if he is at the bottom. There is no requirement, for example, to provide an eligible counterparty with 'best execution' and the firm need not assess the appropriateness of products or services for it.

Financial promotions

When a firm advertises its services at the beginning of the 'client experience,' it must have recourse to the 'financial promotions' rules. When signing up a customer it must go through the aforementioned classification process. It then has to provide him with terms of business in the form of a written agreement, so as to give him a clear understanding of what to expect. Whether he reads these terms and conditions or not is another story; firms the firm nonetheless has to present them for his perusal.

The 'financial promotions' regime applies to investment advertisements. Firms are obliged to approve financial promotions against certain rigorous standards before they go out. The rules are complicated and draw distinctions between communications in real time and not in real time, and between communiations that the customer has solicited and those that he has not. Quite a lot of the legal advice in this area revolves around whether the regime applies to the client in question in the first place. These rules differ from the rules that determine whether a product-provider has to register a product for offering.

To advise or to sell?

Once a firm starts to perform services, it might advise clients or sell products to them; the distinction between the two activities is crucial. Fernandez explained: "Do I have a responsibility to advise, or am I simply doing what the client has asked me to do and selling them something they've asked for? Failures to understand that difference have been at the heart of a lot of the conduct problems that have occurred in this market and others throughout the world."

Once past this stage, the firm might perform dealing services and/or provide after-sales care.

The provision of advice

Fernandez thought that the area of advice had probably been at the heart of the 'conduct agenda' for a long period of time. The provision of good advice has often been referred to as 'suitability.'

At many firms that distribute financial products, especially in retail finance, many people have seen themselves as sales people, scarcely different from people who sell cars. Fernandez pointed out that this was anathema to the regulators.

He went on: "If you're in a relationship with a client where their expectation is that you're providing some advice, then the obligations on you, as an advisor, are very different from that which would apply to a sales person. There has been a lot of enforcement action over the years." He praised the FCA for launching the Retail Distribution Review, which forces advisors to acquire skills and erect charging structures to ensure that clients are paying for advice overtly. He added: "If you are paying for advice, you expect to receive it. We'll know more in the fullness of time about how successful all that is going to be."

Clients' assets that require protection

The CASS rules aim to protect clients' money and/or assets by requiring the firm to safeguard all money received from or on behalf of clients (including affiliates) in the course of MiFID investment business and not to use it for the firm’s own account. This is called 'segregation.'

The collapse of Lehman Brothers in 2008 highlighted the worth of these already-existing rules that obliged every firm to protect clients' assets in the event of its own default. The old Financial Services Authority became acutely aware that firms had not been paying very close attention to the CASS rules and, indeed, that nobody had been expecting a firm to default. The FSA set up a 'centre of excellence' whose sole aim was to make sure that firms were paying attention to this. This area has been the subject of much enforcement action. More recently, there have been reforms to fill in gaps in those rules. This, too, is part of "the broader conduct agenda" according to Fernandez, although he did not say whose.

The MAR

The European Union's Market Abuse Regulation provides more in the way of 'conduct'-related guidance, this time about the market abuse prohibitions in the Financial Services and Markets Act, from which the FCA's regulatory powers spring. It contains rules about price stabilisation after a company issues securities. MiFID II promises to introduce more rules; it is expected to come into force in 2017.