Even after the financial crisis, we continue to witness a stunning parade of bank scandals.
No wonder public trust in banks remains low and politicians and regulators have been piling on tougher and more intrusive rules on bank conduct.
However, even stringent laws and regulations and heightened supervision cannot always reach every nook and cranny of bank activities, or keep up with clever, “innovative” new financial products.
Risk culture pivotal
Scrutiny has properly widened to include banks’ self-governance, of which risk culture is a crucial aspect.
The Financial Stability Board (FSB) considers “risk culture” to comprise “the norms of behaviour for individuals and groups within an organisation that determine the collective ability to identify and understand, openly discuss and act on the organisation’s current and future risk.”
As the FSB states, “Weaknesses in risk culture are often considered a root cause of the global financial crisis, headline risk and compliance events.”
Whether as a matter of regulatory pressure and/or true contrition, banks appear eager to redress past transgressions by changing their culture.
Do as told
The most obvious approach to risk culture change at big banks has typically been prescriptive, i.e. devising or upgrading a set of values, rules of conduct and compliance training aimed at preventing past wrongs – one’s own or those of peers - from recurring, and requiring employees to abide by such values and rules.
For example, a firm that has been charged with mis-selling Payment Protection Insurance or Interest Rate Hedging Products might emphasize in its code of conduct and compliance training honest dealing with, and suitability of products to, customers.
Prescribed values and conduct rules provide substantive guidance on important aspects of the business and can enhance risk culture if they are aligned with the right mission and actually adhered to. That’s a big “if”, however, as numerous banks have suffered scandals despite having perfectly adequate professed values and codes of conduct in place.
The issue often is how well employees internalize values and codes that are dictated from without, by senior management or regulatory requirement.
Excessive reliance on this top-down approach runs the risk of employees’ moral compass and antenna being dropped off with the risk functions or bank supervisors.
Moreover, since regulatory-driven prescriptions tend to be backward-looking - addressing the last scandal(s) - query how well they prepare the culture to deal with future, unforeseen ethical issues.
I have argued in Ethical Corporation since 2010 that, as a complement to the prescriptive approach, the banking industry should adopt truly open cultures as a key approach to managing conduct risk.
The premise is that most bank employees are decent people subscribing to universal values such as honesty, respect, responsibility, fairness and empathy.
However, voicing such inner values in regard to questionable practices may often be stifled by fear of retaliation or other negative consequences to one’s job or career.
Conversely, banks can improve their risk management by creating a space – a safe environment - in which employees are allowed or even rewarded to voice values-driven concerns regarding problematic business activities. This is a bottom-up strategy that can tap into knowledge and insights of front line employees, who are often closest to potential problems.
Open culture also entails an open-ended approach to detecting and challenging unforeseen bad behaviours, as contrasted from the prescriptive approach.
During the past few years, both the harmful effects of lack of openness and the viability of open culture in reducing conduct risk have been validated by bank governance experts as well as regulators. Their views on this topic can inform how to further develop best practices in bank culture as well as give useful background to certain new regulatory requirements.
A building block of high performance learning organisations (HPLOs)?
Open culture could be viewed as a strategy to learn and understand more effectively business practices and their impact on stakeholders such as customers or even taxpayers.
This area of study can borrow insights from Edward Hess’ recent, acclaimed book, “Learn or Die: Using Science to Build a Leading-Edge Learning Organization”, which constructs a framework, claimed to be based on latest cognitive science, for institutionalized superior learning in order to drive better corporate performance.
Hess observes that the best learning environment is one “where critical debate, permission to speak freely… and… to be vulnerable are the behavioral norms and not penalized.” That description fits well with the design of cultural openness to allow employees to question practices more effectively at early stages, by flagging issues for management as well as serving as a check, through critical inquiry and debate, on dubious activities.
According to Hess, individuals are more engaged to learn when their needs for autonomy and effectiveness are met. For example, in the case of an employee being asked to change a process – which could be the risk culture - “it is likely that she will perform better if she has input into how and when the change happens.” By valuing employees’ input on risks, open culture can also enhance employees’ engagement with their firm’s mission.They may even start to “own” the more prescriptive elements of the culture.
The key, Hess underscores, is that the environment must foster trust and a positive mindset among employees, which requires leaders who model openness and are “humble” – another prerequisite of open culture.
These findings suggest that leaders who foster truly open cultures will have made big strides toward building HPLOs as well.
For example, Anthony Salz led a review of Barclays’ values and practices in the wake of the bank’s involvement in Libor-rigging. In his report, Salz cited a “culture that lacked openness” as contributing to failures to escalate Libor issues to senior management. Therefore, Salz recommended that Barclays “foster a culture where employees feel that escalating issues is safe and valued.”
According to FSB’s guidance, “A sound risk culture promotes an environment of open communication and effective challenge… and encourages a range of views…; stimulates a positive, critical attitude among employees; and promotes an environment of open and constructive engagement.”
In laying the groundwork for a professional standards body in which UK banks would voluntarily participate, the Lambert review argues that trust in the banking sector can only be restored by banks’ own initiative to hold themselves to higher standards of conduct and culture; otherwise the industry would invite over-regulation that dampens vibrancy of the business. One of the key areas identified for standard-setting is “effective processes to encourage employees at all levels to challenge poor behaviour and report any concerns up the management chain”.
Lambert envisions that the new body will develop a framework under which each participating bank will periodically report to the public its progress in various areas such as culture, including the openness of the institution’s reporting systems, “and how easy and safe it was for employees to raise concerns...”.
The new body would be expected to comment on progress made on culture and other areas by the banking industry as well as individual participating banks.
As work to create this body is underway, astute senior bank managers should be positioning their own institutions now to lead on reporting authentic progress on culture under the new framework.
Parliamentary Commission on Banking Standards (PCBS)
In its 2013 report commissioned by UK’s legislature to review causes of and solutions to bank misdeeds , the PCBS discussed the problem of pervasive fear in the cultures of banks:
“Fear of the consequences… deters bank employees from raising wrongdoing with their manager or firm…had staff come forward at an early stage, even at one firm, and had their concerns been acted on…, much of the damage caused by the LIBOR-rigging scandal might have been avoided.”
In order to create more openness, PCBS opined that,
“…banks must have in place mechanisms for employees to raise concerns when they feel discomfort about products or practices, even where they are not making a specific allegation of wrongdoing.”
The PCBS report suggests that rejection of cultural openness by senior bank managers is one reason the new bank regulatory regime in the UK is focused on senior level individual accountability:
“Those who should have been exercising supervisory or leadership roles benefited from an accountability firewall between themselves and individual misconduct, and demonstrated poor, perhaps deliberately poor, understanding of the front line.”
Individual accountability at the top
Review of the currently proposed Senior Persons Regime for financial services firms - inspired in part by the PCBS report - suggests cultural openness as an enabler of regulatory compliance.
Under such regime, the final rules for which are expected to be published by end of 2014/early 2015, there will be new requirements on directors and other persons who carry out designated “senior management functions” aimed at making it easier to hold these individuals liable for failures of their firm, including:
- A new criminal offence of reckless misconduct by senior managers that leads to a bank insolvency, with a penalty of up to 7 years’ imprisonment; and
- a “reverse” burden of proof that needs to be met to avoid disciplinary action, i.e. a senior manager is presumed to be culpable if a firm breaches a regulatory requirement in an area for which he is responsible, unless he can prove that he took reasonable steps to prevent the breach from occurring or continuing.
As Deloitte advises: “Ignorance of issues will not wash with regulators and so, more than ever before, Senior Managers will need to… play an active role in determining the level and detail of information they receive from the business and control functions.”
Therefore, senior bank managers would do well to encourage openness and free flow of ethical concerns from employees (in addition to formal management information reporting) in order to identify actual or potential misconduct as early on as possible.
It would help regulators strike a proper balance between over-regulation and self-governance in the banking industry if banks could meaningfully improve their risk cultures, including openness.
Open culture does not replace the risk management, compliance or internal audit function; rather, openness can complement such functions, as well as engage each employee of the firm to manage risks better.
Fostering true openness will require much more than an endorsement thereof in the firm’s code of conduct. Fundamentally, senior bank executives need to develop and embrace best practices in openness, including humbly listening to employees’ ethical concerns. Such cultural change should also be monitored and encouraged by the board of directors.
Ultimately, bank boards and senior managers must come to grips with how to properly define and serve stakeholders. If a bank aims primarily to maximize quick profits for shareholders, then short-termist pressures may continue to shape risk-taking and undermine the time and resource investments needed to cultivate a sound risk culture.
However, cutting edge thinking on corporate governance suggests that the long-term viability of an institution rests on harmonizing the interests of a wider group of equally legitimate stakeholders, including but not limited to customers, employees, shareholders and (in the case of major banks) taxpayers.
In that light, cultural openness would mean engaging and empowering employees, as key stakeholders in rooting out misconduct, in order to better serve customers and long-term interests of shareholders and even taxpayers.
This article by Wilfred Chow is reproduced from The Good Conduct Report, November 2014banks Conduct Risk Ethical banking finance risk