GFSC 2023 Thematic Review: Conduct Risk Framework

insight featured image
The Gibraltar Financial Services Commission (GFSC) has shared their initial findings from the Conduct Risk thematic review conducted in 2023, which revealed inconsistencies and shortcomings in addressing conduct risk by insurance firms.

The desk-based review aimed to determine the quality of Conduct Risk Frameworks in place in the insurance sector, with five insurance companies and three insurance intermediaries selected and sampled as part of the review.

GFSC's findings

The GFSC’s initial findings indicate some poor industry practices in relation to management of conduct risk and a significant gap between industry practices and regulatory expectations.

Defining & capturing conduct risk

Several firms exhibited poor practices in defining and capturing conduct risk, often adopting a generic approach or failing to allocate clear accountability. Transparency issues arose as specific risks were subsumed within broader risk management frameworks, hindering effective assessment and mitigation.

Conduct risk appetite

The review highlighted deficiencies in setting and implementing conduct risk appetite statements, with many firms struggling to quantify risk tolerances or align appetite statements with actual risk exposure.

Own risk & solvency assessment (ORSA)

While some firms acknowledged conduct risk in their ORSA, others neglected to categorise or embed it effectively within their risk assessment processes, indicating a lack of focus and understanding.

Management information / Key performance indicators

Instances of inaccurate reporting, poor monitoring procedures, and ineffective dashboard management were observed, indicating deficiencies in the production and utilisation of MI/KPI's specific to conduct risk.


Several firms demonstrated inadequate oversight of conduct risks by boards and senior management, with meetings often prioritising commercial interests over customer concerns and conduct risk issues.

What does this mean for your firm?

The Regulator has emphasised the need for a stronger focus on conduct and that firms must be able to effectively demonstrate the capture and management of conduct risk within their organisational frameworks, and that conduct risk and consumer outcomes are not treated as a tick-box exercise. 

Improving conduct risk management is vital for regulatory compliance and overall risk mitigation. Conduct risk encompasses various firm activities beyond customer interactions and requires proactive management.

Conduct risk assessment

A firm can identify its conduct risk environment by reviewing its risk universe and classifying risks as a conduct risk where relevant. This is easier said than done. Conduct risk goes beyond the typical customer facing processes of the business. It includes processes and activities that have an impact on the firm’s conduct in the marketplace also.

Activities such as market abuse regulatory obligations and corporate social responsibility activities are becoming areas to be considered within a firm’s conduct risk universe and so the conduct risk assessment is becoming a task which all areas of an organisation must be a stakeholder in.

Conduct risk management

Effective conduct risk management is proactive by nature. Many firms are in a position to record and store rich, interrogate customer data from all stages of the customer journey. Deploying insightful data analytics techniques, potential conduct risk incidents can be foreseen and potentially mitigated before they occur.

Insights such as changes in the needs and objectives of the target market, misalignment between product attributes and customer needs and / or identifying products which are not following the envisaged customer journey, are all indicators of potential conduct risk incidents.

Competitive advantage – data, insights, action

In today’s data driven world, most firms have the required customer data available to gain valuable insights as to how your firm is serving your customer needs. Not using this data in the pursuit of positive customer outcomes could not only draw scrutiny from supervisors and consumer protection bodies but also competitors.

With a relatively homogeneous portfolio of financial products available across the financial services industry, marketing your firm’s pursuit of positive customer outcomes and effective conduct risk management can be an important tactic for firms in achieving a competitive edge. 

How can we help?

Grant Thornton can assist you in navigating the conduct risk maze. Often, determining the starting point for designing and implementing a conduct risk framework is the hardest part of the journey. But whether it is advising on a starting point, undertaking a conduct risk assessment for your business, or seeking advice on how to gain insights from all the customer data you have to hand, Grant Thornton has the skills and expertise to support your firm to achieve its conduct objectives.

By collaborating with Grant Thornton, firms can effectively address the challenges highlighted by the review, enhance their conduct risk management practices, and position themselves for long-term success in the insurance sector.