Name Culture, regulation and reputation?Date 2014-01-10 00:00:00 +0000Text
Professor Garry Honey is founder of the governance and reputation risk consultancy Chiron (www.chiron.uk.net) and author of A Short Guide to Reputation Risk.
John Thirlwell is an independent board advisor on risk management and regulation and co-author of Mastering Operational Risk (www.johnthirlwell.co.uk).
It is currently very fashionable to talk of culture change within banking, Barclays post Salz, and subsequently project ‘Transform’, set about reversing the cultural shift of the Bob Diamond legacy. Other major banks have carried out similar changes under political pressure. A recent report from the LSE looked at ‘Risk Culture’ as a phenomenon in itself in part to address the question posed three years ago by the then FSA chair: ‘we simply do not know if we have the tools to change the banking culture’.
This raises the question about whether it is reasonable to expect regulators to effect a change in culture. Culture after all comes from within, it is combination of behaviours and attitudes or ‘institutionalised behaviour’. A corporate culture sets the boundaries of what is deemed acceptable behaviour by those who live within it. Conversely regulation is an external measure, setting standards which outsiders believe should be the behavioural boundaries, based on ‘appropriate outcomes’ for customers and markets. Thus culture is ‘pull’ and conduct is ‘push’.
When we talk of an unhealthy or bad culture that needs to change, what does this mean, what has gone wrong? The culture of the NHS has been widely criticised as a culture that ‘focuses on finance and figures at the expense of patient care’. This was a direct quote from the prime minister summarising the Francis Report on the Mid-Staffs Hospital Trust, where the culture of care had been overtaken by a culture of financial achievement and target-chasing. What caused this culture to shift? Ironically it was partly the incentives of the financial regulator of hospital trusts, Monitor, which set hospitals the targets to achieve foundation trust status.
This example comes from the public service sector where the regulator’s role has been largely to introduce some financial rigour in public spending. The result is that a culture of meeting targets subsumes the underlying culture of care. The same could be said of schools encouraged to chase exam targets as a measure of educational effectiveness. In these industries the regulator’s targets become the metrics of performance even if these are counter-cultural: efficiency and cost-benefit analysis. A risk averse operational culture sees a management layer imposed on it, complete with higher risk appetite given a commercial remit.
In the financial services market commercial understanding is already universally high, so the regulator is there to ensure that the market works as an engine of the national economy. Yet here also a healthy culture has turned bad – at least according to the politicians and the media of today. How was this achieved? The aim post Big Bang was to ensure that London remained a leading player on the global stage, but the ‘light touch’ policing of the market failed to prevent the financial crash and its ensuing fallout. The replacement of the FSA by the PRA and FCA is an attempt to give these twin regulators more rigorous control of the system.
Why is this control needed, what is bad about the culture of UK financial services, and why is there such a clamour for change? The answer is the steady trickle of bad news about behaviours and practices such as PPI mis-selling, LIBOR rate rigging and many more. The cumulative message is that light touch provided a licence to exploit a commercial culture where sales revenue and profit were the only metrics of success. The UK financial regulator remit was to enable the City to generate valuable GDP, but is now to clean up the City and protect the reputation of London as a trustworthy financial centre.
Regulation does not change culture, but it stimulates habits and behaviours, so what does this change of regulator hope to achieve? The role of the regulator differs significantly wherever one is appointed, but as a rule the purpose of regulation is essentially a political attempt to counter-balance commercial interest. The aim is to protect vulnerable stakeholders (ie public/consumers) from exploitation. The role of regulation is therefore to protect the system and its counter-parties through setting standards of behaviour or performance. As a cynic might observe – a political spoke in the commercial wheel.
Cultures generally don’t take well to outside interference especially where that interference involves the imposition of some control. The LSE study on risk culture in financial institutions found that the effectiveness of the risk function depended wholly on the extent to which it was integrated within the business, at a day to day operational level. If a risk function is seen as a positive attribute then it is more likely to be integrated, but if it is seen as a negative attribute then it will tend to be marginalised or information provided to it filtered and rationed.
A culture where risk taking is endemic, such as an investment bank, may well fail to se the value of a separate risk function - even if its remit is to protect the firm and its investors from the zeal and enthusiasm of its own employees. In a trading environment, there is a temptation for traders to manage the amount of information they pass on to their line managers or risk officers. From Barings to JP Morgan, there are examples of ‘rogue traders’ where the reality is more correctly a ‘rogue culture’. Risk management can be perceived as business interference, carried out by those who simply ‘don’t understand our business or how we work here’.
What then can regulation achieve, and how does it impact on operational culture? We know from behavioural studies that commercial interests invariably have a different agenda to regulators, typically favouring shareholder return at the expense of customer value. This is why the regulator is created in the first place to provide a counter- balance against exploitation and permit politicians to assure the electorate that they are looking after their interests.
There are at least three distinct outcomes of regulation which need to be discussed:
1. Parallel universe - The first outcome from introducing regulation is the blossoming of a parallel of universe of ‘Compliance’, an activity with little if any commercial value, but essential to appease regulators and their political masters. Corporate compliance is a growth area, made more so by the differing criteria selected by UK, European and US regulators on which activities to regulate and how. Regulatory compliance is often perceived as anti-commercial in many sales-driven firms, and as such exists in a parallel universe alongside from the core business of wealth creation.
It could be argued that ever since the first Corporate Governance codes required a risk reporting function, some corporations treated risk as a compliance chore, relegating it to the parallel universe where it could do least damage to profit maximisation. It is reasonable to assume that an aggressive sales culture will view risk control as a growth inhibitor not accelerator. This leads to the uncomfortable question: Have all the conduct code updates since Cadbury had any impact on corporate culture at all, or have they been treated as just part of the parallel universe?
2. Ethical questions – The second outcome of regulation questions the value and purpose of rules. Albert Camus famously said: ‘Integrity has no need of rules’, meaning good behaviour does not need a prescription, it should be innate. The more rules we create, the more we encourage people to comply with them and the less they think for themselves about correct behaviour. A sales culture tolerates control as a necessary evil but without any enthusiasm unless it can see value in it.
The LSE study identified ethics and incentives as a major contributor to corporate culture and posed a couple of good questions for companies:
- ‘Do you understand where in the organisation behavioural change is most necessary?’
- ‘Which combination of levers is most likely to be effective in bringing about that change?’
By way of contrast, consider how the FCA views Conduct Risk in its Risk Outlook 2013 published in March this year. Culture is only mentioned in passing. The five priority conduct risks for 2013/14 were singled out as product design, distribution channels, inadequate oversight, high risk funding strategies and poor understanding of risk and return by consumers.
3. Operational cost - The third outcome from regulation is the reaction to regulator censure and fines. In most public service sectors: transport, healthcare, education and energy for example, regulator fines quickly become an operational cost which do little to change corporate culture. Instead of changing corporate behaviour, regulatory compliance simply adds another level of cost (extra monitoring systems or fines) compliance thus becomes a conduct cost. Once a fine is considered an acceptable cost of business, it fails to be an effective behavioural deterrent.
A recent European Policy Forum report covering all UK regulated businesses, not just the financial services, found that fines ‘no longer carried public credibility’ as the cost was ultimately passed on to consumers and shareholders. At best fines name and shame the guilty which may result in temporary reputation damage. Fines demonstrate that regulators watch the market but fines don’t compensate consumers or hit executive bonuses - a measure which might achieve behaviour change.
Is it therefore reasonable to expect a regulator to change culture? In the case of the public services like health and education the answer must be no. There is a duty of care, whether for patients or pupils, which sets operational culture; an overlay of financial controls and targets will create conflicts of interest between meeting targets and delivering care, so regulation will only change priorities. In privatised sectors, like energy and transport, regulation can’t change culture either. Here there is a fundamental duty to deliver shareholder return not customer value, they are not synonymous, despite what politicians might wish. The culture will remain commercial not philanthropical. Regulators have no control over what the consumer is ultimately charged, whether train fares or domestic energy bills.
In strengthening the powers of financial regulators, the culture of the banking industry is unlikely to be changed. Conduct risk now exists and the FCA is busy setting out how it plans to police conduct and penalise unacceptable outcomes. A culture founded on a commercial business model will always regard external controls as an intrusion, tolerated as part of the governance agenda, peripheral to the core business. It remains to be seen how much reputational damage to London accrues from recent revelations, after all the reputation of New York, Frankfurt and Tokyo are what matter by comparison.
This article first appeared in the Winter 2013 edition of inCOMPLIANCE, the official member publication of the International Compliance Association, www.int-comp.org"
- Lista vazia