Conduct risk is broadly defined as any action of a firm or individual that leads to consumer / investor detriment or has an adverse effect on market stability or even competition.  

Over the last number of years, the Central Bank of Ireland increased their regulatory focus on conduct and culture as a result of significant misconduct identified at financial institutions. 

This focus has resulted in enhancements to the CPC, improved protections for mortgage holders in arrears, enhanced regulation for SME’s, changes to macroprudential lending limits, the introduction of desired consumer protection outcomes and the adoption of a Consumer Protection Risk Assessment (“CPRA”) Model to enhance its supervisory approach for regulated firms in relation to conduct and consumer protection risk management.

EU legislation

There has also been significant focus at EU level with the introduction of new legislation / enhancement to existing legislation (e.g. PRIIPs, MiFID II, EMIR, MCD, IDD etc.). The CBI have made it clear that they will be conducting more intrusive conduct and culture inspections as a result of the misconduct in the financial services industry cross all sectors, including wholesale markets.

Now more than ever, a firm’s future success may well depend on how effectively it can meet the challenge of enhancing consumer/investor protection. Firms that fail to see the importance of conduct risk may face regulatory action, fines and significant reputational damage which can harm an organisation for years beyond the event.  

Behaviour and accountability

There is a heightened regulatory focus on risk culture within organisations over the last number of years as a cause of business failure and a key driver of conduct risk. Organisations are increasing their focus on culture and behaviours of employees within their organisations to understand what the drivers of good and bad behaviour are. 

Furthermore, following the Report on the Behaviour and Culture of the Irish Retail Banks in July 2018 (following the findings of the tracker mortgage scandal), the Central Bank of Ireland are actively focused on conducting culture inspections of regulated financial services providers.

The Central Bank will also soon introduce the Individual Accountability Framework aiming to improve customer outcomes by improving accountability within the organisation. For more information on Internal Audit click here.

How we can help

KPMG’s conduct risk & culture professionals can help financial services organisations transform regulatory compliance and consumer / investor protection into a strategic business advantage.

We have significant experience across a wide variety of industries in the following:

Conduct risk

  • Provide guidance on regulatory expectations and industry practice in terms of what a comprehensive conduct risk framework looks like.
  • Assist with design and implementation of a conduct risk framework including conduct risk training.
  • Using KPMG’s conduct risk framework (which is built on six core areas for successful conduct risk framework), assess the completeness and effectiveness of the organisations conduct risk framework and identify any gaps and make recommendations.
  • Support internal Audit functions to carry out conduct risk assessments within organisations.
  • Assisting firms prepare for a conduct risk inspection, including:
    • preparing your teams for regulator interviews (from PCF/CFs to front line staff); and
    • Preparing for full, targeted or thematic conduct risk assessments.
  • Complete regular conduct risk training across the organisations either on a regular or ad-hoc basis.
  • Complete a CPRA assessment within the organisation to identify areas of weaknesses.
  • Using our specially designed data led risk assessment framework to assist clients in managing its conduct risk using quantitative data which is over laid with key qualitative KPIs.


  • Using our scientific culture model (which has been adopted by the Dutch National Bank), assess the culture and behaviours of an organisation (including benchmarking to peers).
  • Design a behaviours and culture framework for organisations to allow them to conduct regular reviews and assessments.
  • Raise awareness of risk culture at all levels (in-depth interviews, board dynamic scans).
  • Identify culture and behaviour drivers and link to both qualitative  and quantitative MI to aid assessment and triggers.
  • Conduct culture reviews as part of the internal audit plan.
  • Roll out a tailored training programme across the organisation.


KPMG’s risk consulting department has extensive conduct risk & culture experience across all financial services industries and with KPMG, you can have confidence that you’re partnering with the best team in the market, with unrivalled experience, insight and commitment. We incorporate the latest global thinking into the provision of our services in the financial services sector and provide best practice advice.

Contact our team below today for guidance on conduct risk or culture in your business. We look forward to hearing from you.

Our team - get in touch

Read more in Risk Consulting

Visit pages related to Conduct Risk & Culture