The following is the second in a series of articles on bank risk culture. The previous article can be accessed here.
The subject of the risk culture in banks is all the rage these days and experts and academics of every hue and stripe have opined on the subject and given their views. A 2012 report by Ernst & Young entitled; Progress in financial services risk management: A survey of major financial institutions, states the following:
“Culture is a critical area of management focus, particularly for firms most severely impacted by the 2009 crisis. Strengthening risk roles and responsibilities, enhancing communication and training, and reinforcing accountability were the key initiatives reported to strengthen risk culture. Making risk “everyone’s business” throughout the organization is an ongoing effort.”This would seem to indicate that risk culture is a separate and distinct phenomenon within an organisation, and that in order to improve it banks and other institutions must focus on strengthening organisational control, accountability and information flows.
This view of risk culture is reinforced by another paper sponsored by amongst others Plymouth University and the LSE. The paper, entitled Risk culture in financial organisations: An interim report by Simon Ashby, Tommaso Palermo and Michael Power, states the following:
“The problem of risk culture may be as much about recovering clarity and enforcement capacity over organisational activities and information sharing as it is about changing mindsets. Risk information infrastructure, diffusion and use are a core feature of perceived ‘good’ risk culture by organisations.”
The paper further goes on to talk about the importance of the “organisational footprint of the risk management function”. Colin Lawrence, director of the risk specialist division at the UK’s Financial Services Authority or FSA, is one regulator who is supportive of these views on risk culture. Lawrence notes:
“Culture is absolutely critical because it’s an attitude towards risk,”… “It’s the way you organise your board and the way you report risk information. If you get that inside banks they themselves should reach that conclusion.”
However, the question we must ask ourselves is whether or not having better trained and organised accountants, external auditors, internal auditors, risk managers, credit risk managers, compliance and SOX professionals is in fact the answer to all our problems?
More specifically, can we divorce the risk culture of banks and institutions from everything else they do? Does better risk management simply mean better people management? Or, does managing people better, make them better people?
In order to understand the limitations of the organisational management focus on the risk culture of banks we merely have to look at the last financial crisis from an alternative perspective. During that crisis, many of the loans that were eventually securitised by the big Wall Street banks were originated by unlicensed brokers (those infamous ninja loans) on behalf of smaller banks.
Hal Gregersen, one of the co-authors of The Innovator’s DNA, commented on the origins of the crisis as follows:
“But I look back to the financial crisis in 2009 and wonder how many of the CEOs and executives of the major banks in the world ever took the time to get out of their offices to walk down to their home loan making office and just watch the process of how these loans were being made?”
“I bet if they had they would have sniffed something ugly really fast. And they would have done something.”
The ninja loans were the original sin of the crisis and the ultimate source of problems that flowed through the entire banking system and into the global economy. It is obvious that these loans were not just a risk management problem but a problem of the how and the why business was being done. They were a problem that stemmed from neither caring nor understanding what was happening in those communities that were being ripped off by those ninja loans (and which suffered in the foreclosure crisis that followed).
If ever there was an example that risk culture goes beyond merely managing risk but also to the very nature of business itself, as well as the how and why that business impacts people and the wider community; then this surely must be it.
We will further explore these topics in the next article.
Jonathan Ledwidge is the author of the book Clearing The Bull, The Financial Crisis And Why Banks Need A Human Transformation (iUniverse).