Business conduct data is becoming more important to financial institutions as the risk of exposure to damaging incidents increases.
A new survey of more than 500 C-suite risk leaders by RepRisk – a provider of data on business conduct risks faced by financial and other industries – found that four-fifths expect business conduct risk data to become more valuable to them over the next three years. At the same time, almost 60 per cent said they had increased spending on business conduct data following a major incident.
The survey also identified rapid changes in the perceptions of where those risks are coming from, with more than half citing artificial intelligence as the main risk over the next three years. That is up from 15 per cent who said it was a risk over the past three years.
Data Can Help Identify Risks Before They Strike
The survey, which is expected to usher in an annual examination of the topic and is also the first of its kind that RepRisk has conducted, highlights how organisations are retooling their data estates to be proactive in preventing incidents such as corruption, data breaches, human rights offences and biodiversity destruction.“The data is very clear: business conduct risk is no longer a compliance afterthought. It’s a direct commercial risk, with incidents becoming more frequent, more complex, and more costly for banks and asset managers,” RepRisk Global Head of Market Development Alexandra Mihailescu Cichon told Data Management Insight.
“What we’re seeing is a shift from reaction to prevention. Firms that invest early in high quality business conduct risk data are far better positioned to detect issues sooner and avoid multimillion dollar impacts on the balance sheet.”
The survey findings, contained in “The Business Conduct Risk Intelligence Report 2026”, explain that the reported incidents of business misconduct have risen 55 per cent in the past three years. The damage can be financial, reputational and legal. Recent enforcement actions illustrate the scale of those risks, including a £11 million fine meted to Equifax in 2023 over failures in data governance and oversight.
Institutions Fear Loss of Business and Remediation Costs
The consequence that most worries financial institutions in the aftermath of a business conduct incident, according to the survey, is the loss of investors and clients, followed by the cost of remediation and regulatory sanctions.
As a result, more than a fifth of respondents said they’d significantly increased spending on business conduct risk data and 71 per cent said such data is essential for effective risk management.
Mihailescu Cichon said that many RepRisk clients are increasingly turning to a data-led early-warning strategy across their enterprises to enable the signalling of potential risks before incidents happen.
Organisations “need robust data to help them assess at scale on a daily basis in an accurate and relevant way the risk that they have in their portfolios, if they’re an asset manager, and in their client book, if they’re a bank,” Mihailescu Cichon said. “It’s definitely linked to a company’s social licence to operate, but also beyond that, the potential bottom line implications. Loss of clients is a serious financial and reputational implication.”C-Suite Leaders Express Their Concerns About AI
The survey, conducted for RepRisk by Oxford Economics research and advisory, questioned 513 C-suite leaders, with the single largest proportion – two-fifths – in the asset management sector. A fifth were in banking and the rest across insurance, asset owners and development banks.
Respondents identified a more complex set of business conduct risk areas material risks are shifting to new, fast-evolving exposures such as AI, data integrity, and the energy transition, demanding new capabilities. Two-thirds of respondents said the business landscape had become more complex and a half reported that the total cost of managing those risks had increased.
While data-linked risks, corruption and greenwashing topped the list of risks over the past 12 months, leaders said they expected AI, climate and energy-transition risks, and data protection worries to dominate their risk profiles in the next three years.
“Every organisation, every client we talk to is trying to figure it out, embed it, drive efficiency, generate insights from it,” said Mihailescu Cichon. “But that also means that as you operationalise activities with AI, they also lead to potential risks like false information, hallucinations and other model risks.”
That goes hand in hand with low trust in AI-derived data for decision-making; two-thirds said they trusted hybrid AI-human-generated data for investment decisions, while only a third trusted AI-only data.
“As AI-related risks rise, trust in data becomes critical,” Mihailescu Cichon added. “Leaders increasingly favour hybrid human AI approaches because they deliver risk intelligence that can be explained, defended, and relied on at board level and vis-à-vis investors and regulators.”
Subscribe to our newsletter
