In the aftermath of the financial crisis, highly regarded risk consultancy Promontoryspent a lot of time looking at which institutions failed and which flourished. Interviewing the firm’s founder and former US Federal banking regulator Gene Ludwig about the work, he told me the most interesting insight was tougher regulation was no guide to survival.
Our conversation took place as global regulators were imposing new capital, liquidity and leverage targets and Ludwig made the point that none of these, separately or in concert, distinguished good from bad institutions or good from bad jurisdictions.
What had made a difference was the second stage of global banking regulation Basel II. Basel II dates back to 2004 and paved the way for the so-called “advanced” risk management model which allows financial institutions to measure their own risks and exposures and, typically, enjoy some capital relief.
Now Promontory didn’t find that Basel II was a panacea nor that “advanced” banks did better or worse. What they found was that institutions which took Basel II seriously, undertook the work necessary to apply for accreditation, in the process – the process – came to understand their business and its risks better.
Ludwig’s message then was one of culture: those institutions which took most seriously understanding and managing risk had healthier cultures. They were more risk sensitive, more communicative, more compliant with important processes. Those more concerned with just ticking off on compliance were more likely to fail.
In Narev’s response, such discipline in what is part of a proper operational risk culture, is more management dependent than regulator dependent.
And indeed we might add that those insights from Promontory support the experience in Australia, which I wrote about in a long series for the Australian Financial Review, where the intensity of supervision was more important than the specific regulation.
As I’ve heard one senior banker put it, “all models in whatever field have limitations. However the regulation to understand risk and hold appropriate capital and liquidity makes sense”. It’s the understanding not the model that’s important.
When we talk about culture what we are really talking about is behaviour and so the question becomes how do institutions make a positive impact on behaviour. In strong banks experience tells us they hire well, structure rewards appropriately and have direct reporting lines with the chief risk officer reporting to the chief executive and the board. But clearly, with increasingly large financial institutions, in even the best run banks, this is a constantly challenging proposition.
The Basel-based Financial Stability Board has been working on compensation practices at financial institutions with a focus on principles and standards. A recent FSB workshop focused on three main areas: the identification and treatment of material risk takers; the use of malus and clawback clauses as part of the alignment of compensation with risk taking and performance; and governance frameworks, including the role of compensation structures.
(Malus, for those like me who thought it was a misspelling, refers specifically to the return of performance-based compensation when performance turns out to be deficient.)
Having compensation structures which reinforce a positive culture is no easy matter. The FSB says “while good progress has been made, more work is needed to embed positive risk management in firms’ compensation practices and to achieve effective alignment with risk and performance”.
However workshop participants argued regulatory change and complexity made this process even more difficult.
“The need for firms to adapt their compensation frameworks to reflect certain regulatory developments was seen as the primary challenge currently confronting them in the area of compensation policy,” the FSB said.
“This continuing effort to comply with changes in legislation was perceived by some firms as substantially increasing the amount of time needed to oversee compensation issues, and complicating the task of ensuring effective implementation of the principles and standards. Some firms also argued that more prescriptive and sometimes overlapping rules created impediments to a truly global playing field.”
This was a subject Narev touched upon as well, once again putting the onus on internal cultures. He noted “in terms of how we think about remuneration in this business and more broadly, number one … there is an absolute gate-opener on responsible, ethical, compliant behaviour”.
This reflects global best practice where chief risk officers and the board are now expected to have significant input into strategy, investment decisions and remuneration.
The line you frequently hear now is everyone, from the bottom up, has to be part of a culture of risk and compliance.
In my time here at ANZ I’ve heard reference made to some work by McKinsey & Coon four areas where an appropriate risk culture can fail. McKinsey categorised them as “Denial”, “Detachment (risk is not understood or acted upon), “Ambiguity” (poor information); and “Disregard”.
The view is the Basel “advanced bank” regime has led to vast improvement in the first three categories.
It is the fourth one however, disregard, that is the most toxic for companies. It is the one that can lead to actions and responses not in the best interests of customers (and ultimately the company). Critically, disregard is not an industry issue, it resides at the level of individuals and institutions. And it is that one which even the best regulation can’t fix – only healthy cultures.