In the hubbub of day-to-day risk management in our highly leveraged, highly regulated banking business, it is easy to forget that at its core, risk management is a people game.
No matter how well our systems are designed and function, we depend in the end on competent people—bankers of good will taking action with others to achieve important business objectives, including risk-related activities.
Fostering such an environment is the job of all executive management. Some call this “tone at the top,” but in this context I’m speaking more broadly than that phrase. (The oft-repeated phrase was made popular by the “Committee of Sponsoring Organizations,” or COSO.)
Working together in an atmosphere of honesty and respect, in which competence is rewarded and incompetence is dealt with—always and apparently for the good of the enterprise—makes or breaks a business.
I’m going to give you an example of how people issues intersect with risk issues in real life. But first let’s discuss the philosophy behind this intersection.
Good people will walk if they grow uncertain
Some of you, via an early course in economics, may be familiar with Gresham’s Law. Commonly stated, that law holds that “Bad money drives out good.”
So too, bad personnel, particularly managers, will drive out good people.
And before the good go, behavioral patterns change. If colleagues and managers do not demonstrate the key attributes of honesty, respect, competency, and decisions taken solely for the good of the company, good people respond.
Questions arise in their minds:
• Doesn’t management know what’s happening?
• Does management care?
• If management doesn’t care, why should I?
Besides seeking a new place to work, your good people will leave other problems on the table before they go. Open disclosure and discussion will suffer, and with it will go risk identification and mitigation opportunities.
And recognize that good people are typically influential. Their attitudes and behavior patterns, even if they grow worse, will be replicated throughout the bank.
Community bank CROs can’t wait for trends
One of the well-recognized key risk indicators is employee turnover. A large bank’s CRO can review statistics and design responses when the data are indicating negative occurrences.
Not so easy in a community bank where the data may not be revealing. Think of the small department in which dissatisfaction may fester, but no data is yet there to reveal potential or existing issues.
So staying close to people is part of what an effective CRO does. The CRO must be in there ahead of the tracking systems.
Human Resources and Risk must communicate
Much is written about building alliances with the senior management team. The CEO, CFO, and senior lending personnel are most often cited.
But the relationship with the head of Human Resources is no less important. Likewise, building credibility broadly with influential people throughout the bank will aid in staying close to the human resource issues that may affect risk performance outcomes.
Regular and informal chats between the CRO and the head of HR, to share points of view, can only help both parties do their jobs well.
A good HR officer will offer up insight into employee concerns, attitudes, and leadership capacity in a real-time environment.
A good CRO, in turn, offers insight over potential bad outcomes that can result. If the CRO has insight based on informal, trustworthy sources, it can be shared for a fuller understanding.
Together, HR and Risk can offer more thoughtful responses to the rest of the management team.
Solutions need cultural thinking
Once the CRO knows there is turmoil, the next question is what to do. Special attention is warranted, and can take many forms.
What is typically unrevealing, at least on its own, is any formal structure, such as a special risk review or audit. While deficiencies may be revealed and subsequently corrected, the root cause of the concern is a cultural, environmental one. Its underlying cause needs to be identified and ameliorated before the job is done.
How does the CRO delve into such an issue?
Consider informal teamwork opportunities on topics not specifically regarding the department in question. Involve trustworthy people, and seek interaction with them on the team project. Also consider creating opportunities to interact with people in the regular functioning of the unit, such as at a staff meeting as an invited guest.
When CROs don’t keep tabs on human factor
In one case I know of, attendance at a staff meeting was all that would have been necessary to alert a risk professional to emerging problems. Instead, the bank had to wait until problems became obvious and embedded.
A unit had suffered from management turnover. A staff member of the unit was appointed to be its new leader.
Sitting in on one or two meetings would have revealed a clear lack of leadership. Communication at these meetings was ineffective. The atmosphere was tense. No information was volunteered.
The new leader wasn’t working out—but this wasn’t being recognized.
Months later, key people left, risk events went unnoticed, and losses ensued.
By the time statistics revealed the problem, losses were bitterly baked in the cake. The downward spiral had a momentum that further burdened correction efforts, while the cost to the bank, and to its employees was significant.
Experience teaches that a pipeline of informal information and thoughtful personal interaction are key assets in the risk manager’s repertoire. Build them, use them, and your bank will be better off.