Good behaviour can't be regulated

In facing the media about Commonwealth Bank’s response to its financial planning malfunction, CBA chief executive Ian Narev made a crucial point about culture and regulation.

“The failings, such as they were, in the business are not as a result of poor regulation,” he said. Narev’s point was a positive culture is something management creates. Regulation cannot alone deliver a desirable culture.

That’s a view shared by the regulator, Australian Securities and Investment Commission chairman Greg Medcraft.  Medcraft argued in a recent interview with the Centre for International Finance and Regulation culture and governance, vital as they are and core ASIC concerns, cannot be regulated for.

He noted these challenges represented "an issue of culture” that existed below the level of top management but still under their influence. The corollary being that cultures are set from the very top.

ANZ chief executive Mike Smith made very similar observations in the wake of this bank’s own problems with failed broking house Opes Prime in 2008. Having commissioned highly regarded director David Crawford to produce an independent report, Smith noted the review identified management failings. The bank had codes of conduct but in some cases they had been ignored. Several senior officers lost their jobs.

As to the particular situation at CBA and the bank’s response, someone such as me who works for a rival bank is inevitably not the most credible commentator. But Narev’s point is not specific to this matter and in exploring this theme I’m not opining specifically on CBA.

The challenge of commanding a proper culture is common across the corporate world and it lies at the heart of the perennial debate about regulation being drafted in black letter or with a focus on intent and outcome. The lessons of history are that more and more regulation, tougher and tougher laws, create loopholes, complexity, costs and confusion as a side-effect of trying to address behaviours.

Click image to zoom Tap image to zoom

Photo: Eugene Ludwig, chief executive officer of Promontory Financial Group LLC, right, and Edward Kane, professor of finance at Boston College, listen to Joseph Stiglitz, Nobel prize-winning economist and professor of economics at Columbia University. Photographer: Andrew Harrer/Bloomberg via Getty Images.

In the aftermath of the financial crisis, highly regarded risk consultancy Promontoryspent a lot of time looking at which institutions failed and which flourished. Interviewing the firm’s founder and former US Federal banking regulator Gene Ludwig about the work, he told me the most interesting insight was tougher regulation was no guide to survival.

Our conversation took place as global regulators were imposing new capital, liquidity and leverage targets and Ludwig made the point that none of these, separately or in concert, distinguished good from bad institutions or good from bad jurisdictions.

What had made a difference was the second stage of global banking regulation Basel II. Basel II dates back to 2004 and paved the way for the so-called “advanced” risk management model which allows financial institutions to measure their own risks and exposures and, typically, enjoy some capital relief.

Now Promontory didn’t find that Basel II was a panacea nor that “advanced” banks did better or worse. What they found was that institutions which took Basel II seriously, undertook the work necessary to apply for accreditation, in the process – the process – came to understand their business and its risks better.

Ludwig’s message then was one of culture: those institutions which took most seriously understanding and managing risk had healthier cultures. They were more risk sensitive, more communicative, more compliant with important processes. Those more concerned with just ticking off on compliance were more likely to fail.

In Narev’s response, such discipline in what is part of a proper operational risk culture, is more management dependent than regulator dependent.

And indeed we might add that those insights from Promontory support the experience in Australia, which I wrote about in a long series for the Australian Financial Review, where the intensity of supervision was more important than the specific regulation.

As I’ve heard one senior banker put it, “all models in whatever field have limitations. However the regulation to understand risk and hold appropriate capital and liquidity makes sense”. It’s the understanding not the model that’s important.

When we talk about culture what we are really talking about is behaviour and so the question becomes how do institutions make a positive impact on behaviour. In strong banks experience tells us they hire well, structure rewards appropriately and have direct reporting lines with the chief risk officer reporting to the chief executive and the board.  But clearly, with increasingly large financial institutions, in even the best run banks, this is a constantly  challenging proposition. 

The Basel-based Financial Stability Board has been working on compensation practices at financial institutions with a focus on principles and standards. A recent FSB workshop focused on three main areas: the identification and treatment of material risk takers; the use of malus and clawback clauses as part of the alignment of compensation with risk taking and performance; and governance frameworks, including the role of compensation structures.

(Malus, for those like me who thought it was a misspelling, refers specifically to the return of performance-based compensation when performance turns out to be deficient.)

Having compensation structures which reinforce a positive culture is no easy matter. The FSB says “while good progress has been made, more work is needed to embed positive risk management in firms’ compensation practices and to achieve effective alignment with risk and performance”.

However workshop participants argued regulatory change and complexity made this process even more difficult.

“The need for firms to adapt their compensation frameworks to reflect certain regulatory developments was seen as the primary challenge currently confronting them in the area of compensation policy,” the FSB said.

“This continuing effort to comply with changes in legislation was perceived by some firms as substantially increasing the amount of time needed to oversee compensation issues, and complicating the task of ensuring effective implementation of the principles and standards. Some firms also argued that more prescriptive and sometimes overlapping rules created impediments to a truly global playing field.”

This was a subject Narev touched upon as well, once again putting the onus on internal cultures. He noted “in terms of how we think about remuneration in this business and more broadly, number one … there is an absolute gate-opener on responsible, ethical, compliant behaviour”.

This reflects global best practice where chief risk officers and the board are now expected to have significant input into strategy, investment decisions and remuneration.

The line you frequently hear now is everyone, from the bottom up, has to be part of a culture of risk and compliance.

In my time here at ANZ I’ve heard reference made to some work by McKinsey & Coon four areas where an appropriate risk culture can fail. McKinsey categorised them as “Denial”, “Detachment (risk is not understood or acted upon), “Ambiguity” (poor information); and “Disregard”.

The view is the Basel “advanced bank” regime has led to vast improvement in the first three categories.

It is the fourth one however, disregard, that is the most toxic for companies. It is the one that can lead to actions and responses not in the best interests of customers (and ultimately the company). Critically, disregard is not an industry issue, it resides at the level of individuals and institutions. And it is that one which even the best regulation can’t fix – only healthy cultures.

The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.

editor's picks