Conduct and Regulatory Risks
RBS remains focused on putting adequate measures in place to ensure that the conduct failings from the past never occur again. We are committed to ensuring the behaviour of RBS and its staff towards customers, or in the markets in which it operates, always promotes fair and appropriate customer outcomes and avoids reputational damage, financial loss or both.
Conduct risk exists across all stages of relationships with customers, from the development of business strategies, through to governance arrangements and post-sales processes. It can arise from a diverse range of activities, including product design, marketing and sales, complaint handling, staff training, and the handling of confidential inside information. Conduct risk also exists if RBS does not take effective action to prevent fraud, bribery and money laundering.
The conduct risk appetite framework was established in 2015 and has been embedded across RBS.
The management of conduct risk is based on seven key elements, ensuring that conduct risk exposures are understood and managed in accordance with agreed risk appetite. The conduct risk appetite statements, in line with RBS-wide risk appetite, articulate the levels of risk which franchises and functions must not exceed. Where businesses are operating outside conduct appetite, the problems are addressed through agreed risk mitigation plans.
The Conduct Performance Assessment was run in Q1 and Q3 2017, reporting on risk exposures and the operating effectiveness of controls across the businesses. In Q4 2017, the Conduct Performance Assessment was discontinued, in advance of the roll-out of a new approach in early 2018, providing a real-time quantitative view, supported by qualitative assessment.
RBS defines appropriate standards of conduct and drives adherence to these standards through its framework for managing conduct risk. The Board and its senior committees receive updates on conduct risk exposures and action plans through regular reporting.
Key elements of the governance structure are set out below:
- The Risk, Conduct & Restructuring Executive Committee considers emerging material risks and issues, and implements Board and Executive Committee risk management policy decisions;
- The Financial Crime Risk Executive Committee (accountable to the Executive Risk Forum) ensures the customer businesses and the Services function fulfil strategic objectives by identifying and managing their financial crime risks effectively.
Selected highlights during 2017
A key development in 2017 was that parts of the Conduct & Regulatory Affairs function were merged with the Risk function with effect from 1 January 2017.. Regulatory Affairs moved to Corporate Governance & Secretariat, while Remediation and Complaints moved to Services’ Chief Operating Office. The change was designed to take advantage of synergies across the risk, conduct and regulatory agendas.
RBS continued to remediate historical conduct issues, while also focusing its customer-facing businesses and support functions around the needs of customers, including the delivery of a number of regulatory change programmes. Work also progressed on the conduct-related aspects of the UK’s ring-fencing requirements.
Our Code and YES check
We have a number of tools that guide the way we work together.
Our Code provides guidance on the behaviour we expect from all employees, and lays out the standards of conduct that support our values. It sets out what we expect of each other and what our customers and communities expect of us.
The YES check is a simple tool that asks five questions to guide the thinking behind our decisions and actions.
Our customers expect each of us to exercise good judgement and to do the right thing. We use our values to help us think through decisions and make sure we do the right thing. When in doubt, we use the YES check for guidance.
Other content in this section
Customer focused overview
Customer satisfaction and trust
Customers in vulnerable situations
Security and fraud prevention
Technology innovation and disruption
Conduct and regulatory risks