According to Comptroller of the Currency Thomas Curry, misdeeds like the robo-signing scandal are caused in large part by banks' failure to build a strong risk culture.
Curry is right. Having interacted closely with multiple banks, I've found that while a few individuals may be blamed for misbehavior or bad decision-making, the real problem tends to go deeper. Too often, bank leaders fail to be clear about certain values and standards of conduct and are not held accountable for driving them deep into the fabric of the organization. Bank scandals are not the product of failed policies, procedures and communications alone; they stem from a failure of culture.
The good news is that this state of affairs is slowly changing. Forty-three percent of banks said that they have achieved a strong risk culture in a 2013 EY global survey of 76 international firms. Yet more than half of the respondents believed that there was more work to be done.
Most people in governance, risk management and compliance argue that the biggest obstacle to creating a strong culture is that many banks neglect to address the "G" in GRC. Instead, they focus all their resources on the other two areas. Yet all three elements are inextricably linked. Banks need good governance to enforce a risk-aware and compliant culture across the organization. Good governance requires bank leaders to undergo a formal process of examining standards and expectations on a regular basisboth in discussions and by reviewing metrics and data. Repeating this process drives cultural shifts.
Years ago, one of the first organizations I worked for had their vision and values inscribed on a wall where everyone could see it the moment they entered the office. It served as a constant reminder of who we were as a company and what we believed in, which in turn influenced everything we did.
Today, things are different. Banking workforces are huge and scattered across the globe, which makes it difficult to reinforce organizational values on a daily basis. What's more, employees are incredibly diverse. While that's extremely important, it also brings lots of different cultural mindsets that can be challenging to reconcile with unified organizational values.
So how can banks weave the fabric of your culture into the hearts and minds of your employees?
First, a good corporate culture is not forced but facilitated. The key is to have a well-defined risk appetite and vision that is constantly reinforced through various visual reminders. All employees need to understand how their work and behavior helps the organization achieve its values. This starts with the tone at the top. When executives embody the ideals of the organization in everything they do, the rest of the employees will follow suit.
Second, implement regular cultural reviews. Visionary organizations don't just establish a code of ethics or values. They assess how well employees are complying with these ideals. In doing so, they are able to swiftly identify and resolve cultural issues. No doubt, it can be challenging to conduct compliance assessments across a vast, scattered workforce. But this is where technology can help. It automates and streamlines the assessment process so that banks can save time and effort while effectively analyzing the state of their organizational culture.
Third, align your bank's cultural ideals with hiring, training and compensation. Many potential hires may have the appropriate skills and qualifications for your organization. But are they a cultural fit? And if you do hire them, are you ensuring that risk management practices and codes of conduct are woven into initial training and orientation sessions? When I worked at Wells Fargo, for example, our bonus was linked in part to receiving satisfactory audit reports and completing our compliance trainings on time. Data in these areas was reviewed at least quarterly.
Maintaining a healthy organizational culture should be the objective of every bank. Not only does it protect banks against losses, litigation and other operational risks, it builds trust and credibility among shareholders, customers and employees. In other words, a strong culture just makes good business sense.
Susan Palm is vice president of industry solutions at risk management and compliance software company MetricStream. She previously served as senior vice president of audit and risk at Sterling Savings Bank and as senior vice president of enterprise governance and risk management at Norwest and Wells Fargo.