Making culture count. Strengthening culture for better risk and compliance outcomes. February 2018

Similar documents
Risk culture. Building great organisations and growing your foundation for success CAPABILITY STATEMENT 2016

Surveillance Program Design and Behavioral Analytics Implementation

MiFID II Extraterritorial Impacts. Product Manufacturing and Distribution

HR: taking the right steps. UK leaving the EU

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

EY Center for Board Matters. Leading practices for audit committees

Risk reduction? Value creation?

Is inclusive leadership a powerful catalyst for growth?

The winning tax transformation trinity. Data, technology and operations

Session 4C: Model Governance: What Could Possibly Go Wrong? (Part I) Moderator: Dwayne Allen Husbands, FSA, MAAA

Ready for takeoff? Overcoming the practical and legal difficulties in identifying and realizing the value of data. Self-assessment guide

report that their financial impact of all fraud, corruption and/or money laundering incidents is over per incident

Making a fast start for your capital projects. Power and Utilities Maturity Model and Architecture

ERM vs. Internal Audit

Next steps for CCO compliance. Helping financial services institutions respond to the UK s new corporate criminal offence

Growing opportunity, growing business. EY s financial services practice in ASEAN

boards King IV TM update Leadership, Ethics and Corporate Citizenship

Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale

How does treasury adapt to the finance function of the future?

The trouble with culture:

Data makes mobility work

Make money, save money and manage risk

Cultivating a Risk Intelligent Culture A fresh perspective

Evolution of shadow accounting for fund managers. July 2013

Industry insight and global experience: the intelligent connection

Peter Fuss Senior Advisory Partner Automotive Ernst & Young

The current state of play. The future of risk in the Australian health sector

EY Digital Boardroom. Overview. EY Digital Boardroom 1

The future enterprise. A transformation road map for the automotive organization

Financial advisor compensation. The changing approach to advisor incentives

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Managing complexity and change in a new landscape. June 2014

Increasing the Intensity and Effectiveness of Supervision

The new revenue standard

Culture: Why is it important?

Attract, motivate and retain

Operational Transaction Services

Stock markets are mainstreaming non-financial reporting. Are New Zealand companies ready?

Global Business Services. Driving value and global integration while evolving to the business partner for the digitalization!

Take-aways from EY s series of Internal Audit Analytics roundtables over 2016

Introduction. Contents

Embedding High-Performance Culture through New Approaches to Performance Management and Behavior Change

AML model risk management and validation

Brexit: considerations for your Internal Audit operating model

Risk consulting. Conduct risk: Aligning product, customer and value. kpmg.ie

Product intervention. Consumer protection agenda: Global regulatory reform

Building and operating the UK s infrastructure. Establishing your roadmap to success

Why digital governance matters

Disruption and resilience in agricultural supply chains

Driving sustainable performance in the oil and gas sector. Supporting your health, safety, environmental and social goals

Effective implementation of COSO s new anti-fraud guidance

Session 059 L - Integrated Financial Planning and Stress Testing. Moderator: Chad R. Runchey, FSA, MAAA

Turbulent times in executive remuneration. Is it time to rethink your approach?

At Law, we are a team of dedicated legal advisors with extensive experience and specialist skills in various areas.

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

CITIBANK N.A JORDAN. Governance and Management of Information and Related Technologies Guide

Go global: positioning your family business expansion across borders. Key considerations for accelerating your growth

See your auditor clearly. Transparency report: How we perform quality audit engagements

Digital transformation in underwriting: what it means and how to get there

Developing high performance teams. 2 3 October 2017

Catching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010

In times of uncertainty, where can governments find opportunity?

Success peak performance and personal branding December 2017

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Supporting local public services through change. Contract optimisation

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Governance and decision rights. HR Business Partner and Centers of Expertise. The HR Chief Operating Officer. HR Organization

Supplier risk compliance obligation or source of competitive advantage? Improve supplier reliability to lift business performance

The credit card industry: navigating an evolving environment. EY Advisory Services

Integrated reporting. Communicating sustainable value creation

Digital Twin & Augmented Reality. Usage of digital product models for product development, production and. service

EY Alumni Network Portal. How to register

Deloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP

EY Advisory: Driving business performance

Automation for the Intelligent Enterprise

Risk Advisory Services Developing your organisation s governance for competitive advantage

Implementing risk transformation in financial institutions Governance and culture

Transparency Report. EY Nigeria

Compliance Program Effectiveness Guide

Insights for boards. King IVTM update Comments on the Municipalities supplement

International Financial Reporting Standards (IFRS) Seminar. IFRS in practice the global experience Tehran, April 2017

Turning Strategy Into Action: Why Many Organizations Are Not Fit to Deliver

Benchmarking 101: Shaping your E&C Program for Maximum Value

Transparency Report Kost Forer Gabbay & Kasierer (EY Israel)

Risk Management and Regulatory Examination/Compliance Seminar October 27, Eric Young CCO-Americas and CCO-IHC

26th Annual Health Sciences Tax Conference

Finance for non-finance managers. Delhi Mumbai Bengaluru

Managing complex services in SAP and Ariba from a client perspective. Ariba Live 2018

As meters get smarter, who gets the power?

Supplementary Guidance to the FSB Principles and Standards on Sound Compensation Practices. The use of compensation tools to address misconduct risk

INTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT. Foundation for an Effective Safety Culture

USC Compliance and Ethics Program Governance and Standards

The past, present and future of service organization control reporting

Business resilience in the provider care sector. Actively adapting to a changing environment

Enterprise risk management Protecting and enhancing value Advisory

Powering the future. EY capital and infrastructure services for power and utilities organizations

Best practice workshop. Training course outline

CFO attestation: building a sustainable process

Transcription:

Making culture count Strengthening culture for better risk and compliance outcomes February 2018

Risk culture is the collective attitudes, perceptions, beliefs and behaviors that impact risk and affect outcomes 2 Making culture count

Making culture count 3

What is risk culture? Risk culture influences business strategy, its execution, risk governance and, ultimately, firm outcomes. Every organization has a risk culture that determines the collective ability to identify, understand, openly discuss and act on risk. Risk culture is an important subset of an organization s overall culture; there is high correlation between the two. A large organization will not have one risk culture smaller subcultures will exist in different lines of business, geographies, etc. Risk culture is not something you can design and execute. Rather, it is the outcome of a series of trade-offs across a number of dimensions. EY s definition and underlying methodology places a risk lens on: Attitudes: what people think Perceptions and beliefs: the conclusions people make about what s important Behaviors: what people do A sound risk culture is essential for ensuring effective risk governance Talent and incentives Risk transparency, MIS and data Board risk oversight Risk culture Risk appetite framework Risk governance Risk accountability (3LoD) Controls effectiveness Outcomes: the results Risk culture is the collective attitudes, perceptions, beliefs and behaviors that impact risk and affect outcomes 4 Making culture count

Why culture counts There is a strong causal link between conduct failings and poor risk culture. This has resulted in significant financial losses and fines. Over the past five years, firms have paid out more than US$300 billion in fines, settlements and remediation as a consequence of misconduct. ¹ Top reasons banks give for culture breakdown These costs are a big part of the reason that banks return on equity has fallen below their cost of capital. ² 1 Conflict between a sales-driven first-line culture and firm s risk culture Six years ago, the Global Financial Crisis tipped national economies into recession and brought to their knees some of the most hallowed names in the financial industry And six years after the Crisis broke, the global industry continues to be dogged by shocking revelations of financial malfeasance, mis-selling, and dishonesty. 3 Ravi Menon, Managing Director, MAS, January 2015 2 3 4 Lack of first-line accountability Too great a focus on meeting targets Profit and market share pressure Getting the culture right in financial institutions is critical because poor culture can be a driver of poor conduct. The financial industry s most valuable asset trust can be significantly undermined by poor conduct. And all financial institutions need their customers to trust them in order to build a sustainable business. 4 Lee Boon Ngiap, Assistant Managing Director, MAS, March 2017 5 Messages not cascaded effectively throughout the organization ¹ Conduct Costs Project Report, CCP Research Foundation, August 2017. ² Capital Markets: building the investment bank of the future, EY, October 2016. 3 MAS-Singapore Academy of Law Conference, 23 January 2015. 4 2017 Annual Luncheon of the Life Insurance Association Singapore, 6 March 2017. Making culture count 5

Regulatory focus on risk culture is growing Globally and across APAC, there has been a significant increase in the supervisory focus on risk culture. A growing number of regulators are more clearly documenting their risk culture expectations, e.g., the Financial Conduct Authority (FCA) in the UK, the Hong Kong Monetary Authority (HKMA) and the Australian Prudential Regulation Authority (APRA). Regulators have introduced, or are considering, senior manager or accountable executive regimes to increase accountability for risk culture and conduct outcomes, e.g., the FCA Senior Managers Regime, the Hong Kong Securities and Futures Commission Manager-In-Charge (MIC) regime and the APRA Banking Executive Accountability Regime. Some regulators are using multidisciplinary teams, including behavioral psychologists, when undertaking risk culture reviews (e.g., APRA). Key themes emerging from this regulatory focus include: 1. Tone from the top: does the bank s C-suite, especially its CEO, consistently send the right message on risk? Does the board reinforce this message? Is it communicated effectively across the organization, and is it consistent with the tone from the middle? 2. Accountability: do the bank hold senior managers accountable for managing risk effectively? 3. Incentives: does the bank s rewards program support effective risk management or inadvertently create an incentive for misconduct? 4. Effective communications and challenge: does the risk message get through? Are escalation paths clearly defined and understood? If the message is wrong, or the delivery goes awry, will someone point this out? How is effective challenge viewed and what protections for whistle-blowers exist? In Singapore, financial institutions report three key questions being asked during supervisory inspections: 1 2 3 What is your risk culture? What is this based on? What are you doing to improve risk culture? 55% 55% of firms report that regulators are showing interest in firm risk culture.* *Seventh annual global EY/IIF bank risk management survey 6 Making culture count

however, risk culture remains a challenge for many financial institutions Many firms continue to experience challenges in improving culture. Top challenges: Messages not cascading throughout firm Lack of first-line accountability Conflict between sales-driven first-line and firm s target culture 54% 54% of firms believe understanding of desired behaviors varies across their firm. * 1 Most firms are not investing significantly in understanding or transforming their organizational culture, and conduct risk is not well integrated into enterprise risk management frameworks. 2 Responses to date have been limited to internal senior management surveys, culture questions added to people engagement surveys or corporate communications initiatives with a focus on firm values. 3 Where surveys have been initiated, firms struggle to interpret the findings or identify where problems and conduct hot spots might exist. 4 CROs report that culture and conduct are not seen as core to firm strategy or business objectives and there remains a lack of alignment between tone from the top and tone from the middle. 5 Performance incentives are not used to drive the firm s risk, compliance and conduct agenda. Where KPIs for conduct, compliance, risk or governance objectives have been introduced, these remain poorly defined. *Seventh annual global EY/IIF bank risk management survey Making culture count 7

What should you be considering? Financial services firms face three simple questions when addressing risk culture: 1 What is our risk culture? 2 What is this based on? 3 What are we doing about our risk culture? To address these questions, financial institutions should consider the following actions: 1. Defining what risk culture means for your organization: Define a continuum of behaviors from unacceptable to desired Identify and prioritize the mechanisms that influence employees Agree on an assessment approach, e.g., determine the optimal combination of qualitative measures and quantitative analysis 2. Assessing risk culture to determine what is it based on: Identify areas of good risk culture along with areas of potential vulnerability, e.g., behavioral issues and mechanisms to strengthen to deliver desired behaviors Prioritize gaps and identify interventions Agree an ongoing monitoring or assurance process 3. Changing risk culture through interventions: Communicate and train desired behaviors Address immediate behavioral issues Strengthen the mechanisms that deliver the desired behaviors, e.g., HR processes, risk appetite and risk governance 8 Making culture count

EY s Risk Culture Framework To embed an appropriate culture and manage organizational risk, a variety of enablers need to be in place and be effective. When in place and effective, these enablers contribute to delivering desired behaviors and outcomes. EY s five enablers are described below. Risk culture enablers Organizational capabality Talent management Motivation Responsiveness Capabilities Relationships Risk Strategy transparency Risk appetite Tone at top and from middle Risk management framework Leadership Behaviors Organizational structure Roles and responsibilities Governance Leadership: tone from the middle is aligned with tone from the top and desired behaviors are established and role modeled. Organizational structure: risk governance and operating model support the delivery of desired behaviors and enable strong accountability and effective challenge. Risk management framework: risk management framework is embedded in the way the business manages risk and enables effective challenge. Organizational capability: lessons are learned and root causes are addressed. Constructive, collaborative behaviors are expected and measured. Behaviors Outcomes Talent management: employee life cycle and incentives are aligned to risk appetite and reinforce the delivery of desired behaviors. Making culture count 9

How EY can help Across APAC and globally, EY has supported banks and insurance organizations in their risk culture journey. Defining the ambition Support for boards and senior management teams to define their risk culture objectives and the target conduct principles, values and behaviors that will promote a sound risk culture Enhancements to governance and accountability frameworks for setting, promoting and overseeing culture Establishing the essentials of effective risk reporting and escalation on behavioral and conduct matters Embedding effective culture and conduct risk measures into performance management Multidisciplinary approach leveraging an experienced team of risk, regulatory and behavioral psychology professionals Risk culture assessment Proven methodology balancing quantitative data with qualitative assessments through a range of interview and focus group-based sessions to ensure a deep understanding of the drivers of risk culture and how these vary across the organization EY s market-leading research-backed analytics and diagnostic tool that focuses on behavior, culture and ethics and analyzes where these spheres are benefiting or hindering your risk and compliance objectives Bespoke and fully integrated culture transformation programs that are actionable and measurable, focusing on governance, communication and training initiatives addressing: Culture change programs Leadership capabilities and getting tone from the top right Strengthening and aligning tone from the middle Consolidating risk governance and accountability Aligning the talent life cycle to risk, compliance and conduct objectives Culture and conduct metrics and dashboards to track and monitor progress over time 10 Making culture count

Ready to start your risk culture journey? David Scott Key Singapore contacts Financial Services Risk +65 6309 8031 david.scott@sg.ey.com Maggi Hughes Financial Services Risk +65 6309 8268 maggi.hughes@sg.ey.com Joanne Abbott People Advisory Services +65 6309 6128 joanne.abbott@sg.ey.com Making culture count 11

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2018 EYGM Limited. All Rights Reserved. EYG no: 00605-184GBL ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback