Submission to the Basel Committee for Banking Supervision: Corporate governance principles for banks October 2014.

Similar documents
WHAT WE KNOW ABOUT RISK CULTURE MACQUARIE UNIVERSITY

HSE Integrated Risk Management Policy. Part 1. Managing Risk in Everyday Practice Guidance for Managers

Qatar, 24 May Basel II and Corporate Governance Issues

Increasing the Intensity and Effectiveness of Supervision

REVISED CORPORATE GOVERNANCE PRINCIPLES FOR BANKS (CONSULTATION PAPER) ISSUED BY THE BASEL COMMITTEE ON BANKING SUPERVISION

Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

The Orion Pre-Employment Assessment Program

European Association of Public Banks - European Association of Public Banks and Funding Agencies AISBL -

KEY. riskupdate PREDICTIONS FOR Risk Reward. Jan 2011

Why do people do what they do? The impact of behaviours on risk (culture)

AFM Corporate Governance Code

ENHANCING CORPORATE GOVERNANCE

Principles for enhancing corporate governance issued by Basel Committee. Comments of IFACI s Banking Professional Group

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

Making culture count. Strengthening culture for better risk and compliance outcomes. February 2018

RE: FSB Guidance on Supervisory Assessments of Risk Culture

COPDEND consultation on a Quality Assurance Framework for CPD in Dentistry Response from the Faculty of General Dental Practice (UK)

Quality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation

SM&CR Culture Measurement Toolkit

NACCHO GOVERNANCE CODE: NATIONAL PRINCIPLES AND GUIDELINES FOR GOOD GOVERNANCE

Final Report. Guidelines. on internal governance under Directive 2013/36/EU EBA/GL/2017/ September 2017

CGMA Competency Framework

IIF IIF Issues Paper Promoting Sound Risk Culture 11. IIF Issues Paper

Safety Perception / Cultural Surveys

A FRAMEWORK FOR AUDIT QUALITY. KEY ELEMENTS THAT CREATE AN ENVIRONMENT FOR AUDIT QUALITY February 2014

Auditing culture and risk culture in financial services firms. Making the intangible, tangible and auditable

Active Essex Risk Management Strategy

Final May Corporate Governance Guideline

Audit & Risk Committee Charter

RESEARCH AND PUBLICATION POLICY

LEARNING OBJECTIVES LEARNING OBJECTIVES. Session 11. Ethics, leadership and culture

Stakeholder Perceptions of the Dubai Financial Services Authority

CGIAR System Management Board Audit and Risk Committee Terms of Reference

2 Collaborate to increase immediate safety. 3 Facilitate links to further support. 4 Review and report on support provided

An integrated approach for assessing risk culture at financial institutions

Risk Culture: The Heart and Soul of Enterprise Risk Management

Risk Management Maturity in large Australian Superannuation Funds

The topic for this session is How Should Financial Market Regulators

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

Culture: Why is it important?

ASSESSMENT REPORT BRC CULTURE EXCELLENCE COMPANY: SITE NAME: SITE ADDRESS: BRC SITE CODE: SCOPE OF PRODUCTION: REPORT DATE: MODULE:

pggm.nl PGGM Remuneration Guidelines for Portfolio Companies

Chapter 1. Introduction

MANAGING RISK AT SUNCORP

King IV and the governance of ethics

The Role and Value of Independent Chairs

DIGNITY AND RESPECT POLICY AND GUIDELINES ON PREVENTING AND MANAGING WORKPLACE BULLYING

International Standards for the Professional Practice of Internal Auditing (Standards)

Risk Appetite Statement

Consultation Paper: Going public a director s guide

1 st edition 2016 EMEA Health Survey

NZ POLICE CORE COMPETENCIES. Communicate, Partner, Solve, Deliver, Lead, Innovate, Develop HOW WE DO THINGS: OUR CORE COMPETENCIES

Dutch Banking Supervision on Conduct and Culture Deloitte Dublin 26 June 2018

The Workforce and Productivity: People Management is the Key to Closing the Productivity Gap

The Effects of Employee Ownership in the Context of the Large Multinational : an Attitudinal Cross-Cultural Approach. PhD Thesis Summary

Insurance Professional

Defining And Building A Culture Of Sustainability

Using Employee Surveys to Measure and Improve Ethics and Compliance Programme Effectiveness

NSW boards and committees: Consultation paper

A guide to the FMA s view of conduct

FRC PROGRESS REPORT AND SECOND CONSULTATION ON THE COMBINED CODE RESPONSE TO CONSULTATION FROM SCOTTISH AND SOUTHERN ENERGY PLC

E T H I C A L L E A D E R S H I P. Bolder than ever

Practical Systems Review. A Self-Review Tool for Local Government to Evaluate the Capability and Performance of Compliance Systems

Quarterly Brief ing. Board Evaluations. Executive Summary. Chief Contributor: N Balasubramanian* October 2014 No. 7

The Self-Assessment Process

Risk appetite and internal audit

ANZ Human Resources Committee Charter

Banks Internal Control System, the case of Albania

The FCA s focus on competition and behavioural economics. Grant Saggers Competition Economist PwC LLP

Misconduct in the Banking, Superannuation and Financial Services Industry FINSIA's Submission to the Royal Commission

Corporate governance in New Zealand

Operation Turnaround executive initiative improves company performance through integrated training

Ref: IASB and IFRS Interpretations Committee Due Process Handbook

Spreading Organizational Happiness Through Internal Auditing. Adil Buhariwalla Crowe Horwath Partner, Internal Auditing & Risk Consulting

Transparency report Grant Thornton Cyprus

The Authority s responses to the key comments received and any other substantive changes are outlined below.

The Gym Group plc. (the Company ) Audit and Risk Committee - Terms of Reference. Adopted by the board on 14 October 2015 (conditional on Admission)

THESIS SUMMARY The study entitled "Impact of Organizational Culture upon Employees and Employer's Behaviour" looks into the effect of organisational c

CHAPTER 1: THE FIELD OF ORGANIZATIONAL BEHAVIOR

CORPORATE GOVERNANCE GUIDE

MEASURING YOUR ORGANIZATION S CLIMATE FOR ETHICS: THE SURVEY APPROACH

Insight in performance of safety regions

Via online survey: Committee of University Chairs. 12 March CUC Consultation Draft Remuneration Code

IAEA Approach to Culture and Leadership for Safety

Report of the review of the application of the Framework for Improving Quality in our Health services: Learning to guide future approaches.

DECOMMISSIONING AND DISINVESTMENT STRATEGY CCG: CS01

NZ POLICE CORE COMPETENCIES. Communicate, Partner, Solve, Deliver, Lead, Innovate, Develop HOW WE DO THINGS: OUR CORE COMPETENCIES

Abu Dhabi Commercial Bank PJSC Code of Corporate Governance

MITIGATING STRESS of NATIONAL STAFF Suggestions for proactive management

CREATIVITY AUDIT QUESTIONNAIRE

Addressing driver behaviour. Fleet Risk Management Guidance

Implementation Guides

Corporate Governance and Financial Markets

Code of Corporate Governance

The 2017/18 Remuneration Round

Discussion paper. The Auditor- General s observations on the quality of performance reporting

SEMINAR FOR SENIOR BANK SUPERVISORS

Human Resources Committee Charter

ICAAP. Engaging the business in risk management. A presentation to FIDE Forum by Penny Fosker. 10 January towerswatson.com

Transcription:

Submission to the Basel Committee for Banking Supervision: Corporate governance principles for banks October 2014. Elizabeth Sheedy* Barbara Griffin^ * Applied Finance Centre, Faculty of Business and Economics, Macquarie University ^Department of Psychology, Faculty of Human Sciences, Macquarie University Date: 9 January 2015 Further information about the Risk Culture Project is available at www.be.mq.edu.au/risk_culture

Introduction The Risk Culture Project is a university-based research project bringing together expertise in risk governance, financial risk management, organisational psychology, survey design and state of the art statistical analysis. Based at Macquarie University in Sydney, the research is jointly funded by the university and the Centre for International Finance and Regulation. Starting in early 2013, the first aim of the research was to produce a rigorously validated survey instrument for assessing risk culture in financial institutions. We hope that this will become an industry standard, allowing for independent and meaningful risk culture comparisons both over time and between banks (or parts of banks). Already the Macquarie University Risk Culture Scale has been used to assess culture in 172 business units across five large banks including staff in multiple countries and business lines. Further information about the Risk Culture Project, the authors of this submission and findings to date may be found at www.be.mq.edu.au/risk_culture We strongly support the thrust of the guidelines that have been produced by the Basel Committee in relation to corporate governance for banks. In particular we applaud the emphasis on the importance of risk culture throughout the new guidelines. Our research and interactions with the industry over the past two years on the topic of risk culture have been illuminating. While we have observed a great deal of interest and activity in relation to risk culture, in many cases this activity is not evidence-based and demonstrates a degree of confusion regarding the nature of organisational culture. This is understandable as most bankers and their regulators have not received any formal education in this field and have only recently become aware of its importance. The new Basel Committee guidelines issued October 2014 emphasise the need for the board, board risk committees and senior executives to assess risk culture, for example: Para. 10 FSB underscored the critical role of the board and the board risk committees in strengthening a bank s risk governance. This includes greater involvement in evaluating and promoting a strong risk culture in the organisation Para. 27 A fundamental component of good governance is a demonstrated corporate culture of reinforcing appropriate norms for responsible and ethical behaviour. These norms are especially critical in terms of a bank s risk awareness, risk-taking and risk management. Para. 71 The risk committee of the board is responsible for advising the board on the bank s overall current and future risk appetite, overseeing senior management s implementation of the RAS, reporting on the state of risk culture in the bank, and interacting with and overseeing the CRO. Para. 73 The committee should receive regular reporting and communication from the CRO and other relevant functions about the bank s current risk profile, current state of the risk culture, utilisation against the established risk appetite and limits, limit breaches and mitigation plans (see Principle 6). The guidelines further promote the importance of supervisory oversight of risk culture, for example: Para. 7 National authorities need to strengthen their ability to assess the effectiveness of a bank s risk governance and its risk culture

Para 163. The evaluation of governance effectiveness includes review of any board and management assessments, surveys and other information often used by banks in assessing their internal culture, as well as supervisory observations and qualitative judgments. It is clear therefore that assessment of risk culture is a priority for both banks and their supervisors. We have however observed some issues across the industry that may inhibit effective culture assessment: 1. Confusion regarding risk structures, risk culture and risk behaviour 2. Mistaken perceptions of culture uniformity; unrealistic expectations of tone at the top 3. Poorly validated survey instruments 4. Lack of independence and anonymity. In the following sections we address each of these issues in detail. The final section summarises and provides our recommendations. 1. Confusion regarding risk structures, risk culture and risk behaviour. We observe that some firms are confusing the assessment of culture with assessment of risk structures and/or behaviour. While the three are connected, research has shown that they are separate constructs as illustrated in Figure 1 below. Figure 1: Structures, Culture and Behaviour

Researchers believe that culture 1 is a predictor of behaviour and risk structures are antecedents of culture. Culture itself refers to shared perceptions of the relative priority given to risk management, including perceptions of the risk-related practices and behaviours that are expected, valued and supported. In many cases the assessment tools used by management consultants and banks themselves are measuring either risk structures or behaviour rather than culture. This may prove to be counter-productive as explained below. a) Risk structures vs Culture. Risk structures include: limits and policies, the performance measurement and remuneration systems, training programs, frameworks such as the three lines of defence. These structures are interpreted through the lens of culture; culture determines the meaning and priority that is attached to those structures by staff. In the best case, the culture gives those structures their power but alternatively can render them ineffectual. When staff perceive that breaches of risk policy are not taken seriously then similar breaches will multiply as employees form the opinion that other objectives (such as high shortterm profits) are the true priority. Ultimately culture determines how we behave when we are under pressure and have to act instinctively, when there is no opportunity to review the rule book. Culture also guides employees in how to balance competing objectives when there are multiple valid actions possible. For all these reasons a strong risk culture should be more effective than structures alone in ensuring that the organisation s objectives are reached. Assessment of structures without assessment of culture could therefore give a false sense of security. b) Culture vs Behaviour. Research by organisational psychologists indicates that culture predicts behaviour. Some may argue that since appropriate behaviour is the ultimate goal, the best way to assess culture is to assess behaviour. The danger of this approach is that monitoring behaviour can create a mere compliance mentality. When a particular set of behaviours are selected for monitoring, it can create a false sense of security that culture is strong. If it is not, there is a danger that the consequences of unfavourable culture will show up in different behaviours, or that the monitoring of existing behaviours will be gamed. We believe that assessing culture is more effective in diagnosing the underlying causes of behavioural symptoms and is therefore more useful for management. Since culture predicts behaviour, deteriorating culture scores may be a leading indicator, highlighting problems before the behavioural consequences emerge, thus avoiding adverse outcomes for bank stakeholders. Culture relates to perceptions of desirable behaviour i.e. the norms of behaviour. While the difference between actual behaviour and perceptions of desirable behaviour might seem subtle, it is in fact crucial. Confusion in this regard means that some financial institutions monitor specific behaviours rather than assessing culture itself. An undue focus on compliance with a specific set of behaviours was found to be counter-productive in the field of safety culture. The breakthrough in safety was to switch emphasis to culture itself i.e. the perceptions of employees regarding behavioural norms. This was found to be more productive in ultimately reducing accident frequency and severity. 1 Organisational psychologists typically use the term climate rather than culture which has been widely adopted in the finance industry. In this document we have adopted the normal practice of referring to culture but much of the research we refer to relates to organisational climate. References may be found in our papers available at www.be.mq.edu.au/risk_culture.

We expect that the widespread focus on monitoring of behaviour or structures is driven by a desire to measure something that is perceived as objective. We note, however, that it is possible to measure risk culture directly (i.e. the perceptions of employees) provided that survey instruments have been rigorously validated. 2. Mistaken perceptions of cultural uniformity; unrealistic expectations of tone at the top Discussions of risk culture often emphasise the importance of tone at the top i.e. the crucial role of senior leaders in setting organisational culture. While there is no evidence to dispute this hypothesis, we caution against the belief that tone at the top is not only necessary but also sufficient i.e. that it will guarantee that a favourable culture is uniform throughout the organisation. This is likely to be unrealistic, especially in very large and geographically dispersed organisations. The Risk Culture Project has produced evidence that risk culture exists as a local construct. In the banks analysed to date, there are always business units where the risk culture is rated as significantly better or worse than the organisational average (despite having the same tone at the top ). Two business units from the same bank, located in the same country, from the same business line (wealth management for example) but located in different cities might have different risk cultures. These differences are likely to be driven by local management and the interactions between team members. It is consistent with the view that team members tend to follow the lead of those they respect in the immediate vicinity. New policies or statements from senior leaders are interpreted on the ground with colleagues and immediate managers through a process of sense-making. Employees explore the implications of new policies and statements for their own work processes, for reporting lines and for the way their performance is evaluated. Immediate managers and respected others can play an important role in signalling, through words and actions, whether the new initiative is a matter of genuine priority or perhaps just window-dressing for the benefit of prudential supervisors. This has important implications for the way in which risk culture is assessed. To identify business units where culture is unfavourable it is necessary to examine the perceptions of a broad range of employees across a number of units. Interview methods are less practical 2 for this purpose and we therefore recommend the use of survey methods. An advantage of assessing risk culture at the business unit level rather than assuming organization-wide uniformity is that culture intervention can be targeted to those business units where problems are identified. 2 We note however that interviews can be useful for further investigating cultural problems once the problematic business units are identified.

3. Poorly Validated Survey Instruments. Our research indicates that, like many other facets of organizational culture (such as safety climate), risk culture is multidimensional. We have identified four discrete factors: Valued (risk management is valued within the organisation), Proactive (risk issues and events are proactively identified and addressed), Avoidance (risk issues and policy breaches are ignored, downplayed or excused), and Manager (the immediate manager is an effective role model for desirable risk management behaviors). Understanding the unique factors or components of risk culture is important for diagnosis and change management, but requires well-validated assessment instruments. The survey instruments being used by some organisations have not been through a rigorous validation process so one cannot be confident in what is actually being measured. The science of psychometrics is concerned with the construction and validation of assessment instruments for personality, intelligence, attitudes etc. Psychometric analysis can ensure that a survey instrument is: valid (i.e. measures what it purports to measure); reliable (i.e. is internally consistent and will produce consistent results if repeated); as short as possible to reduce survey fatigue; and invariant across organizations (and countries if used internationally) While there is a natural desire to reduce the length of surveys, to reliably measure each unique culture factor requires at least 3-5 survey items. It is therefore unlikely, in our opinion, that one could effectively measure risk culture with fewer than 12 survey items. There is little benefit in doing any culture assessment at all if the results are not reliable. Furthermore, there is no basis for diagnosis and intervention unless appropriate analysis shows that differences between units/organizations are statistically significant (and not just the result of sampling error). Some questions that should be asked of any survey provider are as follows: 1. What is the reliability of the survey scale? In other words, what is the evidence that the items are consistently measuring what is claimed they measure? 2. Is there any evidence that the proposed culture factors are statistically robust? That is, are the culture factors all different from one another? Can they be effectively measured? Have they been confirmed in more than one organisation and/or country? 3. On what basis are certain scores determined to be low, medium or high? This is related to reliability and validity, but you would need to be confident that wherever differences are noted, these differences are statistically significant (and not just the result of sampling error). 4. What evidence exists that the measure of culture is associated with (or even better predicts) desirable risk behaviour? 5. What peer review process has the assessment methodology been subjected to? Academic peer review is very useful for ensuring that a survey instrument has been correctly validated and is therefore fit for purpose.

Adequate oversight in relation to these issues requires considerable expertise with regard to an understanding of organisational psychology and psychometrics. While cultural issues are deemed by many to be soft issues, we note that hard science lies behind any effective assessment of culture. 4. Independent and Anonymous Assessment of Risk Culture. We observe a tendency for risk culture assessments to be undertaken either by internal management or by consulting groups that have been engaged to perform cultural change programs. In either case there is a potential conflict of interest and therefore a danger that the true picture will not emerge. People will tend not to answer questions with complete candour unless they are confident that their answers are anonymous. Such a situation is very difficult to achieve where assessments are undertaken by management or when external consultants can link responses to individual employees. Lack of true anonymity appears to be common in current employee opinion assessment and threatens its validity. Our results indicate that senior leaders report a rosy view of risk culture compared with lower ranking staff. We hypothesise that this is because rule breaking tends to be hidden from management. We note the common practice of including a culture assessment as part of a change management engagement but believe such a practice introduces the potential for a conflict of interest, with an incentive to overstate culture problems prior to a change management and understate them afterwards. We have also come across cases of cultural change programs being implemented with no proper baseline analysis and therefore no objective way of assessing whether the program made any difference.

Summary and Recommendations Issue Comment Recommendations Confusion regarding risk structures, risk culture and behaviour. In many cases assessment tools are measuring risk structures or behaviour but not risk culture. This may be counterproductive and lead to an unhealthy mere compliance mentality. 1. Amend definition of risk culture in Glossary: A bank s norms, attitudes and behaviourspriority related to risk awareness, risk taking and risk management and controls that shape decisions on risks. Risk culture influences the decisions of management and employees during the day-to-day activities and has an impact on the risks they assume. Mistaken perceptions of cultural uniformity; unrealistic expectations of tone at the top Poorly validated survey instruments Independent, anonymous assessment of risk culture. Culture is a local construct and can vary significantly within the same bank, the same country and even the same business line. Therefore need to assess culture by business unit. Without rigorous validation, culture assessments may not be measuring what they purport to measure, may be unreliable, excessively long/short and likely to be gamed. Change management programs based on such assessments may be a waste of money. Culture assessments undertaken by management or by consultants who have been engaged to change culture are not independent. It is crucial that employees are given anonymity in culture assessments to maximise candour. 2. Amend paragraph 73: The committee should receive regular reporting and communication from the CRO and other relevant functions about the bank s current risk profile, current state of the risk culture and how it varies by business unit, utilisation against the established risk appetite and limits, limit breaches and mitigation plans (see Principle 6). 3. Amend paragraph 163: The evaluation of governance effectiveness includes review of any board and management assessments, surveys and other information often used by banks in assessing their internal culture, as well as supervisory observations and qualitative judgments. In arriving at such judgments, supervisors need to be particularly mindful of consistency of treatment across the banks they supervise and ensure that staff have appropriate training and competence in these areas. Expertise in organisational psychology and psychometrics is particularly valuable in this regard. 4. Further amend paragraph 163: The evaluation of governance effectiveness includes review of any board and management assessments, surveys and other information often used by banks in assessing their internal culture, as well as supervisory observations and qualitative judgments. In arriving at such judgments, supervisors need to be particularly mindful of anonymity for staff, the independence of such assessments, consistency of treatment across the banks they supervise and ensure that staff have appropriate training and competence in these areas.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback