Whilst the scope and discussion around risk culture has grown at a rapid rate in the last decade or so, there has been an explosion on the topic of good conduct and good culture in the last couple of years. Leaving many asking the question: what does good risk culture actually look like?
To get to the bottom of this, it’s crucial to understand what risk culture means. Risk culture, or conduct risk as it is interchangeably known as, can be hard to define, but what it generally boils down to is people risk. Everyone in the business, from the CEO to the receptionist on the front desk, has a part to play in their company’s risk culture.
Bad conduct risk management rarely makes the headlines – in fact, it can be hard to even pinpoint where and when things start to slip. Rachel Conran, Chief Underwriting Officer at SCOR Group has the job of underwriting company conduct risk and explained what she looks for when assessing the risk culture. “I look at the causes that lead to that conduct,” she began. “For instance, cultural cohesion. If the c-suite is an island, an inner circle of people, or there isn’t diversity and people that will challenge the board, that can ring alarm bells. What happens at the board level trickles down; the board set the cultural acceptance of a corporation.”
The few times a scandal makes it to the headlines, they are catastrophic. Cases like Nick Leeson’s insider trading, which ended in the collapse of Baring’s Bank, is perhaps the biggest example of irreversible repercussions from mis-managed conduct risk for a financial institution. Yet over the last 22 years, there have been several other financial scandals. It seems we still have plenty to learn.
Most (if not all) senior managers now agree that conduct risk needs to be treated with the same respect and rigor as credit risk, and while it may seem like an immature category of risk – the discipline should be the same.
The myths surrounding good culture
As senior managers have grappled with the need to overhaul their company culture, they have increasingly come up with a number of crutches to help them, many of which don’t work.
Rafael Gomes, Senior Manager at Accenture, describes four “myths” being touted around developing a good risk culture:
Myth 1 - If you hire good people, good behaviours will follow (when in fact individual behaviours are based on a culture)
Myth 2 - It’s all down to apples and the barrel is sound (many of the miss-selling practices were an issue of the business model such as the overreliance on sophisticated maths)
Myth 3 - Incentives are essential for promoting the right behaviours (it’s the non-financial incentives, particularly among high earners, that must complement this)
Myth 4 - Conduct and culture are all trading floor issues (when in fact this belongs across every level)
How to support good conduct risk
Good culture depends on how an institution, and the people within it, interpret the rules it has been given, and the support they receive in doing this. There are perhaps two approaches, one that follows the letter of the law and uses it as a tick box exercise for compliance, and one that implements the spirit of the law. Gomes continues, “if you follow it in spirit you can set out more sustainable behaviours and that can be a strategic differentiator. That begins to breakdown the game of cat and mouse between regulators and industry.”
The key to seeing what good culture looks like in your own organisation is to get the right information to the right people and empowering them to make better decisions.
The key to building the framework of a good culture, particularly where customers are concerned, is to identify key touchpoints; whether that’s the marketing message, the decisions made within a business unit, or the employee selling the product. Customers won’t be the only benefactors of this approach; proactive behaviour from banks will ward off regulatory action.
And, whilst using data and KPIs is great for keeping an eye on progress, it can be detrimental to use too many. Indeed, excessive targets and incentives on an individual level can lead to indiscriminate behaviour, and some underwriters also consider how people are remunerated, which can show how acceptable it is within the organisation to spend corporate money. Gomes adds that, “KPIs are just data. For them to be useful and to get buy in and to be used sustainably that data needs to be moderated by qualitative judgement.”
“The key to seeing what good culture looks like in your own organisation,” he concluded, “is to get the right information to the right people and empowering them to make better decisions.”