Why is risk management a challenge for banks?
ANZ, Citigroup and Deutsche Bank are three more names to join the long list of financial institutions that have faced criminal charges. In this instance, the accusations relate to cartel conduct surrounding the sale of AU$2.5 billion of ANZ shares to institutional investors in August 2015. This comes after the Commonwealth Bank of Australia (CBA) was fined AU$700 million for its failure to implement appropriate anti-money laundering controls.
It appears that financial institutions all over the world are incapable of going many months without being hit by some scandal – so why is risk management a challenge for banks?
News: Criminal cartel charges laid against ANZ, Citigroup and Deutsche Bank https://t.co/CaDpVtBWWU
— ACCC (@acccgovau) June 5, 2018
Risk management is more than just a compliance exercise
Despite the increased focus on risk, the development of the profession and the scandals, risk management is all too often seen as simply a compliance exercise. Though inter-related, there is a clear distinction between the two. Compliance involves ensuring an organisation satisfies all regulatory requirements or complies with its own internal policies. From international financial reporting standards to the General Data Protection Regulation, banks have a long and ever-growing list of requirements they must comply with.
The sheer volume of regulations banks have to conform to can lead them to see risk management wholly in terms of compliance.
Compliance is in fact just a subset of the risks that banks face.
Seeing risk management this way means taking a broader view of risk and understanding how risk management is actually about achieving strategic objectives and not only focusing on compliance or regulatory expectations.
Proactive and strategic risk management
The key to successful risk management is to be strategic and proactive.
Culture is the most important aspect of this. If banks create a culture where people at every level of the organisation proactively manage risk, then not only will risk management improve, but compliance standards are also likely to lift.
Currently, however, the evidence shows that banks are struggling with questions around culture – how to develop and maintain the "right" risk culture and also be highly profitable. This was highlighted in the Australian Prudential Regulation Authority's (APRA) enquiry into CBA. Interestingly, APRA claimed that CBA had too collaborative a culture, fueled by financial success, in which non-financial risks simply weren't monitored and there was insufficient challenge or oversight.
APRA releases CBA Prudential Inquiry Final Report and accepts Enforceable Undertaking from CBA – https://t.co/X4q5BgIwmi
— APRA (@APRAinfo) April 30, 2018
The phrase "fueled by financial success" is important here. For employees, it's a lot easier to show the amount of money you've made from a successful deal or other project than it is to show how well you've managed risk or looked after the client.
This means it's up to the institution itself to create a culture where money isn't everything, and where risk management is both encouraged and expected by employees at all levels of the organisation. In order to achieve this, organisations of all kinds, including banks, need to develop a strategy for risk management, and assess their culture, including what motivates employees and what gets people promotions, in order to ensure the right things are being incentivised.
Once an organisation starts to see risk management as a strategic exercise and as something that encompasses the whole organisation, and particularly culture, they will put themselves in a better position to avoid the scandals we have been hearing about recently.
For advice on risk management, including getting your risk strategy right, talk to one of the expert consultants at PFS Consulting today.