The big question is whether these questions are sufficient in the light of not just the Wells Fargo issue but scandals with seemingly similar attributes such as Samsung’s fire prone batteries or Volkswagen’s industrial-scale cheating of environmental controls.
From what has been uncovered so far with these scandals, it seems they are cultural in the broadest possible sense rather than simply examples of where cultural ambitions have been thwarted – for example with the Libor scandal or misssold mortgages. These latest scandals indicate bad orchards not just bad apples.
With Volkswagen and Samsung the evidence suggests the corporate culture of these institutions was very hierarchical, with advancement reliant on senior patronage, thereby choking off the transmission of bad news or practices up to senior levels.
Indeed with both companies employees have said senior management only wanted to see targets hit and didn’t want to hear about what was done to achieve them.
As one American politician on a California Assembly Committee hearing into Wells Fargo told a Wells executive, "It shocks me that you never met one client of yours that had a fraudulent account opened or seen one incident that you deemed was wrong.”
“There were still thousands of employees that engaged in this behaviour based on sales goals. They engaged in fraudulent activities millions of times."
In the light of these scandals, the IIF/EY survey may seem prosaic or rarefied even when it says “banks have to manage non-financial risks more effectively”.
But this is right. All these scandals and other ‘non-financial’ issues such as diversity, sustainability, purpose can become financial with a vengeance.
It wasn’t that long ago that governance was considered ‘non-financial’ until more and more research emerged showing better governance delivered better and more sustainable financial returns.
The challenge for Wells, for Volkswagen, for Samsung is not just that governance and cultural issues have now manifested themselves in financial disasters but that they are so fundamental, they go to the heart of the agent-principal fiduciary arrangement where the board of a company is the agent for its owners, the shareholders.
It’s not a matter of changing systems or even remuneration but of creating a radically different culture.
Yet one of the most telling findings of the IIF/EY survey is how the respondents – chief risk officers and their ilk – are so focussed on process and implementation of regulation.
Obviously, as a CRO one is clearly pre-occupied with “implementation of new regulatory rules and supervisory expectations” – ranked top risk area by 50 per cent of respondents – and “cybersecurity” – 48 per cent – along with “risk appetite” – 37 per cent.
But in this climate should reputational risk be right down the bottom with 5 per cent? When surveyed on the “top five issues requiring the most attention from CROs in the next 12 months” reputation fared only marginal better at 8 per cent.
There is recognition culture is important.
“Banks recognise that to achieve a strong risk culture – only a quarter of banks claim to have done so – means embedding behavioural criteria into performance evaluations and compensation assessments,” the survey says.
“As such, beyond implementing regulatory requirements on deferrals, claw backs, and (in most regions) risk-adjusted, performance-based pay, banks are advancing their approach to embed ethics and control issues into employee pay and performance decisions.”
Such actions are necessary but not sufficient.