Let’s face it, the operational aspects of banking have never been sexy. 

Settlement, custody, paperwork – yawn.  Many of these services even generate a nice, steady profit, yet they will always be viewed as secondary concerns, especially when it comes to risk. 

Market and credit risk drive the business of banking – the right bets on lending and investing can rake in the cash.  On any given day, most bank CEOs are aware of their potential exposures there.  By contrast, operational risk is a downside-only nuisance.  It plays into the overall capital cushion a bank must hold, but then is usually the concern of some back office middle manager. 

Instead, operational risks should be viewed like cockroaches – they hide well, multiply quickly, and are everyone’s problem to stomp out. Two recent examples show just how much risk can infest the supposedly dull operations of a bank.  

The financial crisis exposed serious problems with mortgage servicing – from sloppiness to outright fraud.  In the “robo-signing” scandal, employees signed foreclosure filings without ever verifying the documents. Banks were forced to suspend foreclosures for a year, conduct internal investigations, and negotiate a still-pending national settlement of $25 billion for the top five banks. No firm-wide risk analysis considered costs like those, not to mention the waves of bad press.

On the eve of Lehman Brothers’ failure, some banks discovered an even greater risk, this time in their clearing operations. When Bank A clears securities for Client X, the Bank is on the hook for all of X’s trades until they settle. Bank A’s exposure only lasts for three days (from trade to settlement date), so the risk in the securities themselves is not a major focus. Bank A isn’t holding them long enough to care.

Unless Client X goes bankrupt. 

Banks found themselves on the hook for Lehman’s wildly risky trades, with exposures reaching the tens of billions for some. The clearing business – long considered a staid cash cow – had not kept pace with financial engineering; banks were not adjusting prices to reflect the risks of ever-more-complex instruments.  It’s as if a book warehouse started accepting shipments of plutonium for the same price as encyclopedias. 

The question is, why didn’t anybody speak up?  Surely, someone in the clearing operation noticed that, over the years, the securities had started to look more radioactive.  

Unfortunately, while firms encourage new product and revenue ideas, that type of initiative on risk is not part of the culture of most banks. Employees are not praised for raising concerns. The mantra is: “bring me solutions, not problems.”  Competition for share of the bonus pool provides little incentive to help another division manage its risk.

Banks need to start sending the message that risk is everyone’s problem. The best defense against operational risk is vigilant employees – up and down the line, throughout the organization.

Just as roaches inspire both immediate action – quick, kill it! – and preventive measures, such as pesticides and cleaner kitchens, bank employees need to take the same approach toward operational risks. 

No more process band-aids that will get fixed “when we find time later” (you never find it), no more assumptions that a colleague or superior must already know about an issue (it’s likely they don’t), no more silo mentality that risk in another area won’t affect you (see: Subprime Mortgage Desk).   

The idea is to create an army of risk officers, not just the one. Create a sense of responsibility, and with it, empowerment.  Like the Toyota car factories where any worker has the ability to stop the assembly line, give every employee the mandate to address risk. Squish! Then applaud when they do.

Susan Ochs, a consultant in New York, served as a senior advisor at the Department of the Treasury in the Obama Administration.