I have been asked by multiple clients and industry contacts to define "conduct compliance" and why they should care. Much of my response comes from my history of working on a trading desk and as a risk consultant - the vast majority of my work has been what I call trading compliance. I see that as working to prevent the few bad apples at the bottom of the barrel for spoiling the bunch. You all know the stereotype - the compliance officer having to dig through numbers to figure out how the devious trader is getting around the rules.
But conduct compliance is different - to the trading compliance consultant it feels "squishy", less analytical. But it is a real thing. The best I can describe my concept of conduct compliance is that it is the system to assure that the other 95+ percent of the employees - the earnest, want to do right employees - don't do bad things because they believe the organization wants them - or their manger instructs them - to do bad things. Think of most of the major "conduct" fines we have seen in the last years - Enron, Wells Fargo and the LIBOR cases come to mind. In all of them, the organization at some level embraced and encouraged and compensated the staff for heading into what were, at best, very murky waters. At worst, they encouraged and drove blatantly criminal activity activity.
In a number of these cases, the employees indicated their direct, one level above manager, or even the person the were replacing led them to believe their performance and possibly job retention would be premised on doing questionable things or it was "just the way we do things". The employees likely would not have done these things on their own - they felt it was part of their job description. And that is where conduct compliance comes to play - it is trying to ascertain whether the organization, at some level, is driving the improper behavior either explicitly or, more difficult to determine, by inference.
And that is why conduct compliance gets "squishier". How do you measure the inferred pressure on the employees by their manager? If questioned, will the manager say "of course I said no such things. Who is saying that about me?" And we all know what happens to the poor employee that reported that the boss was pushing them to open fake accounts.
And that is the problem with conduct compliance - how do you find the root cause of a problem caused by interpersonal communication rather than market conduct you can observe from an analytical model?
And the new Dept of Justice compliance program guidelines - blogged by DCM and available lower on this page - speaks to this "culture of compliance" and even asks whether employee sentiment on the commitment to compliance has been surveyed as an indicator of an effective compliance program. This is a foundation of conduct compliance - does the employee feel safe to question perceived pressure to behave unethically or improperly and will the organization protect the employee from the potential blow back from their supervisor when questions arise?
Let's be honest - any low level employee in a secure job is going to be very reluctant to rock the boat when the first indication start - it is too easy to say "my boss didn't mean that" or "I can just ignore that". That works until it doesn't. How does senior management really know that employees feel safe from repercussions of challenging these pressures?
Here is a simple structure to start from - operational management cares about how much money was made; risk management cares about how much money was at risk to make the money and was the potential downside managed; and compliance management is about understanding the manner in which the money was made and whether the "why money was made" fits with the corporate culture. Do the lower level employees really feel senior management cares about whether the P&L was brought about by unethical behavior and would protect someone from pointing out where someone is cutting corners? If senior management assumes everyone feels safe, then they don't really have a handle on conduct compliance for their firm.
Conduct compliance is about knowing that the how money was made fits with the corporate rules of what is an acceptable way to make money. If a firm says ok to money made in a manner that would cause a problem when repeated on a TV interview, you have a conduct compliance issue.
I hope that helps differentiate between conduct and trading compliance. The conduct compliance issue tends to expand with the scale of the company - the more layers, the more possibilities for the message to get garbled before it gets to the boots on the ground, so to speak