Putting the Customer at the heart of our company’s culture

Wilfred Nagel, CRO ING Group

How can the CRO influence sentiment, values and behaviours throughout the firm

Amsterdam, 8 December 2015

2

0 10 20 30 40 50 60

Spain

Germany

Ireland

France

Sweden

Netherlands

Poland

Italy

UK

Japan

United States

Canada

Global

2009 2015

Trust mostly still below

2009 levels

2015 Edelman Trust Barometer: “How much do you trust your bank to do what is right?”

3

Misconduct severely affects the financial industry Trust in the financial sector remains low Increasing fines are hitting profitability, and do not

improve the reputation of the industry

-15,000 5,000 25,000 45,000 65,000 85,000

Bank of TokyoING

SocgenStanChartRabobank

SunTrustGoldman

Credit SuisseMorgan Stanley

UBSDeutsche Bank

HSBCBNP ParibasWells Fargo

RBSBarclaysCitigroup

LloydsJPMorgan

Bank of America

US mortgages UK mis-sellingSanctions/AML FXLIBOR/IR Tax avoidanceOther

Twenty of the world’s largest banks have paid more than $235bn in fines since 2008, many of them

related to mis-selling to customers

Banking misconduct bill – Thomson Reuters ($ mln), May 2015

Banks face some specific industry-wide challenges…

4

Taking calculated risks is at the core of our business model, leading to the delegation of risk-taking to less senior employees compared to other industries.

Complexity of the business model leads to challenges in retaining a clear overview of all risks present as well as on effective monitoring of risk-taking staff.

Potential failure of market discipline due to information asymmetry and the lack of incentive for small depositors to monitor bank actions as they are protected by a DGS, resulting in large banks being liable for the risks taken at smaller institutions.

Compensation practices not always properly adjusted for risk/reward and historically linked to short-term results, while successful banking requires long-term considerations and vision.

Banks have a large influence on the lives of their clients:

• Most banking products are based on long-term relationships and contracts. • Banking products often amount to a significant portion of disposable income of our clients. • Banking products are often “must-haves” instead of a “nice-to-haves”.

Products are complex: • Due to complexity of banking products, bankers are responsible for ensuring product-client suitability.

Clients often do not have a clear understanding of the products themselves. • Client fees and fines are often misunderstood: clients do not understand the underlying mechanisms in

place to fund and hedge the client proposition.

…as well as more scrutiny from society and clients

5

6

Typical causes of misconduct

Rationalisation

Motive and Pressure

Opportunity

Misconduct

Fraud Triangle by Donald R. Cressey

Insufficient monitoring and control and limited accountability: no clear ownership of risks, as well as breaches being inadequately noticed and escalated. Without adequate risk data and systems, accountability for risk is undermined which can damage the culture.

Unclear vision and values: short-term vision and uncertainty

on what the bank is trying to achieve, as well as uncertainty on what is acceptable behaviour and

what is not.

Improper incentives and sales-driven culture: performance management and incentives which focus

on short-term gains not incorporating risk/return.

7

Addressing causes for misconduct Ra

tiona

lisat

ion

Mot

ive/

Pres

sure

Op

port

unity

Unclear vision

Unclear values

Unclear desired behaviours

What are our long term objectives?

What values do we live by?

How should we behave?

Insufficient accountability Who’s responsible?

Insufficient monitoring and

control How are we measuring compliance?

Sales-driven culture What is good performance?

Improper incentives How are we rewarding people?

• Clear strategy and sense of purpose: every employee should be familiar with the bank’s long-term objectives.

• Strong ethical culture: organisational commitment to purpose, values and desired behaviours.

• Strong risk culture: organisational commitment that risk is everyone’s responsibility.

• Strong 3LoD: primary responsibility for risk is on the risk takers: 1st line of defense, with every line adding value.

• Clear governance: defined vision is consistently supported within a risk governance framework.

• Proper control mechanisms: ensure all risk types are measured and managed properly, by means of quantitative methods as well as by soft controls.

• Open culture: people should be encouraged to admit and correct mistakes as well as challenge each other.

• Proper performance management: incorporating the risk appetite as well as soft metrics related to the strategy, values and preferred behaviour of the bank.

• Proper incentives: remuneration should be rewarded on a risk-adjusted basis and linked to long-term objectives.

Define and Com

municate

Monitor and M

anage Enable and Encourage

8

Defining a common purpose : placing the customer central to everything we do Our Purpose Our promise to the customer

Values and desired behaviour are clearly defined: the Orange Code

9

• Senior management must lead by example. • Tone from the top: top of organisation has to promote, as well as be willing to educate. • Acceptance necessary at various level of the organisation (including middle management) that risk

culture is key. • Establishing a culture takes time and requires regular, clear and consistent communication.

• Primary responsibility for risk has to lie with risk-takers: they are far more informed and involved than

the second line. • Proper escalation processes and clear consequences need to be in place. • Collaboration and interaction between the 3 LoD is a key success factor: risk managers who are

structurally independent and have the right incentive and evaluation structures can be more hands-on and proactive, yet retain objectivity. Risk is not supposed to be an extension of internal audit.

• Open culture needed with willingness to admit and address mistakes quickly. • Individual assessment on KPIs set by the CRO MT for staff marked as having a material impact on the

risk profile of the bank, performance on which is translated into a modifier on variable remuneration. • Risk and Front office exchanges strongly encouraged for talent development and succession planning. • Desired behaviours will be incorporated in performance management for all employees by means of a

common set of KPIs.

Proper embedding of culture: key elements

10

Defin

e an

d Co

mm

unic

ate

M

onito

r and

M

anag

e En

able

and

En

cour

age

• As a ground rule, culture should be a board-wide responsibility and the importance of the culture needs to be acknowledged at every level of the organisation.

• However, CROs do have the responsibility for deciding on what is acceptable: • Business lines and product owners sometimes lack vision on the bigger picture and might struggle with

balancing local market practices with the bank’s global view. • CROs are responsible for challenging and forcing decisions on the continuation of a product or business line,

a bank does not function optimally as a democracy. • Example at ING: revising the sale of Structured Notes in retail units.

• It is important to invest in talent management: • A long-term sustainable institution is established by investing in talents. • It is important to pass on knowledge to the next generation. Example at ING: CRO sponsors the International

Traineeship, over past few years there has been a clear shift to more content in the programme. • Instilling clear values and standards should be initiated at the very start of a career. • For promotion and succession planning experience in Risk Management should be deemed important.

The role of the CRO

11

“We tackle every crisis by imposing more rules, but we are often unable to make those rules universally binding. We resolve the problem by identifying exceptions. The result is an accumulation of rules of conduct and exceptions to those rules. However, this mechanism only creates more confusion. Certainty is possible only if one follows the letter of the rule, and this encourages, even forces, people to disconnect their moral compass. Moral judgments are made on automatic pilot. In other words, too many rules discourage rather than promote good behaviour.” George Möller, Banking on Ethics, Euromoney Institutional Investor, 2012.

Food for thought

12

“With hindsight we can now see that the risk management catastrophes of the past 3 years were (…) due to (…) the failure to bring collective human judgment to bear on critical decisions. In fact, companies current focus on compliance process – in reaction to regulatory zeal – is likely to give Boards and shareholders false confidence about their risk defenses”. T. Monahan, CEO of The Corporate Executive Board Company