Regulation, risk & culture: will we never learn?

1Regulation, risk & culture: will we never learn?

Regulation, risk & culture: will we never learn?The truth about Neil Armstrong, Barclays, LIBOR, risk & culture

riskbriefing Autumn 2012

2 Paradigm Risk

One small step for man . . . ‘risk culture’ revisited: Context, interconnectedness and complexity

The recent parliamentary Treasury Committee report on the LIBOR uses the word ‘culture’ 50 times; it was used 96 times in the record of Oral Evidence. There was plenty of confusion in the way it was used by those giving evidence and in the Committee’s report. Culture has appeared frequently in previous analyses of failure in different contexts. Can we and will we learn the lessons of history?

Based on the evidence from the recent parliamentary Treasury Committee report on the LIBOR scan-dal and other industry bodies’ and regulators’ reports internationally, the answer would appear to be a resounding ‘No’. There is little evidence that regulators or industry bodies or market participants have understood the nature of the regulatory challenge or have understood how to respond the calls for improving culture and risk culture. Without a change of focus, considerably greater application of be-havioural insight and a strong measure of analytic caution, behavioural regulation of financial services will not move forward in the way that Parliament, regulators, the media, executives, shareholders or consumers expect or intend.

This pessimistic conclusion argues for the need to address risk, behavioural control and culture from first principles in order to reach a regulatory ‘settlement’ that will improve compliance and the management of risk rather than simply adding cost and confusion. If we are to avoid regulating in haste and repenting at leisure, there is much that financial regulators can and must learn from other sectors’ failures about the importance of organisations’ history and context, of their technical, control and administrative cul-tures and compliance and the limits of rule-making.

Financial services firms face a choice:

• wait for the regulator and/or supervisor to act, however blunderingly, to mandate new forms of regulatory 'cultural imperialism' and live with the consequences; and/or

• adopt whatever superficial but fashionable solutions emerge from the consulting sector; or, • invest in greater understanding of the utility and limits of cultural descriptions of organisational

activity and the potential prescriptions that emerge from them.

Whether recharting the behavioural course of banks, responding to the rigours of Solvency II in insurers or refocusing asset managers in a lower-yield world, we believe the latter course is an urgent imperative facing all firms in the financial sector.

This riskbriefing examines the relationship between behaviour and culture in a context of the social, market and internal pressures facing an organization. Seeking lessons to learn, we examine first the ac-complishments of the US space programme, its subsequent failures and some of the conclusions from the analysis of those failures. Then we review the recent parliamentary report on manipulation of LIBOR and the mis-characterisation by the Treasury Committee, by regulators, supervisors, industry bodies and market participants of culture and risk culture. So far, the portents are ominous. Realism and humility are both in short supply.

Introduction

© 2012 Paradigm Risk. All rights reserved.


Last month, the first man from Earth to walk on another non-terrestrial body (at least that we know of; alien encounter and conspiracy theories notwithstanding) died of complications less than a month after heart surgery. In the words of the President of the US (at least until 20 January next year), Neil Armstrong “was among the greatest of American heroes – not just of his time, but of all time.” The giant leap that Armstrong took on 20 July 1969, watched by an estimated global audience of 600 million people, he claimed for all mankind. But he planted a very American flag.

The walk that Mr Armstrong and Dr Edwin “Buzz” Aldrin took on the moon that day was a remark-able accomplishment that belonged not only to Armstrong and Aldrin and command module pilot Michael Collins, but to a generation of NASA astronauts, ground crew, engineers, physicists, techni-cians and other personnel. It was not one man or two men or three; it took many men and women many years and vast resources to make Neil Armstrong one of “the greatest American heroes”.

The beginnings of Armstrong’s, Aldrin’s and Collins’ voyage are often attributed to a speech to a joint session of Congress in late May 1961 in which President Kennedy announced the commitment to “land (sic) a man on the moon and return him safely to earth” by the end of the decade. However, that was only a small part of Kennedy’s speech that day. Introducing the package of measures that included the moon shot, Kennedy outlined the dangers posed by the (unnamed) “adversaries of free-dom”. “There is no single, simple policy”, he stated,

. . . which meets this challenge. Experience has taught us that no one nation has the power or the wisdom to solve all the problems of the world or manage its revolutionary tides – that extending our commitments does not always increase our security – that any initiative carries with it the risk of a temporary defeat – that nuclear weapons cannot prevent subversion – that no free people can be kept free without will and energy of their own – and that no two nations or situations are exactly alike.

Yet there is much we can do – and must do. The proposals I bring before you are numerous and varied. They arise from the host of special opportunities and dangers which have become increasingly clear in recent months. Taken together, I believe that they can mark another step forward in our effort as a people. I am here to ask the help of this Congress and the nation in approving these necessary measures.

1. Space and context: the setting for a great American hero

Space and context: the setting for a great American hero

4 Paradigm Risk

In reality, the voyage that led to the moon had its origins much earlier; it began on or even before 7 January 1942 when the German offensive on the eastern front, Operation Barbarossa, was reversed at Moscow and the rejuvenated Soviet Army began its relentless march westwards. Rather than stop at the limits of the Soviet Union as they had pushing Napoleon's Grande Armée back to Lithuania 132 years earlier, the Red Army marched the Germans back 1,000 miles westwards ending in the capture of Berlin by Soviet forces commanded by General Zhukov and Marshal Konev on 2 May 1945. Within days, there followed the unconditional surrender of Germany to the Allies by Gen.Alfred Jodl on 7 May 1945 at Reims in France and formalized with the pre-approved version of the surrender instrument by Reichpräsident Admiral Karl Dönitz in Berlin the following day. In the march westwards, Soviet forces had liberated and captured control of Eastern Europe from the Bal-tic Sea to Bulgaria in the south – from “Stettin in the Baltic to Trieste in the Adriatic” in Churchill’s phrase in 1946. The post-war tensions began early.

When he arrived at the tripartite conference of occupying powers at Schloss Cecilienhof in Potsdam, 20 km SW of Berlin, Harry Truman had been US president for only a little over 3 months, having assumed office following the death of FDR just 82 days after Roosevelt had been sworn in for his fourth term as President (subsequently prohibited under the 22nd Amendment). Truman had been a Captain in an infantry regiment in France during the Great War prior to a career in state and fed-eral politics. Henry Stimson, the highly-experienced Secretary of War who had served in previous Republican administrations in that role and as Secretary of State, accompanied Truman to Potsdam. It was Stimson who oversaw the Manhattan Project almost from its inception, advising Truman of the project to develop an atomic bomb the day after Truman assumed the Presidency.

Prior to the Potsdam Conference, Stimson, a respected anti-trust lawyer from New York, cautioned that the security of the science of atomic weaponry could not long be maintained. Stimson urged Truman to consider building trust with their Soviet allies by revealing to them the development of the atomic bomb. Truman decided not to do so. Instead, at Postdam, he chose to surprise Stalin telling him that the US had “a new weapon of unusually destructive force,” which had been tested successfully the day before the Postdam Conference opened; Stimson had successfully argued for a delay in conference until the ‘Trinity’ test had occurred. Truman later noted that Stalin “showed no special interest.” In reality, Stalin had known details of the Manhattan Project since late 1943 through the German physicist Klaus Fuchs, a former communist, who had begun sharing scientific intelligence with the Soviets after the German invasion while Fuchs was working in England prior to his move to Columbia University to work on the Manhattan Project.

The power of the new ‘unusually destructive force’ was clearly evident in the destruction of the towns and populations of Hiroshima and Nagasaki in Japan on 6 and 9 August 1945 respectively. The Japanese Emperor, Hirohito, ordered Japan’s surrender on the terms set out at Potsdam, which he announced on 15 August 1945. The Second World War, the most destructive in history, had ended; with that end, the atomic age had begun. Therein began the race between the victorious powers in WWII to develop ever-more-powerful atomic and nuclear weapons and a stand-off that George Orwell predicted in 1946 in a newspaper article in which he coined the term ‘the cold war’.

It did not take the Soviets long to catch up. Just three years after its inception, the Soviet weapons programme successfully tested its first atomic bomb in 1949, based largely on American design from Fuchs’ intelligence. However, based heavily on knowledge captured from German research and development facilities during the march westwards in the latter stages of WWII, Soviet scientists maintained parity with their American counterparts in the development of missile technology. In 1956, Premier Khrushchev ordered the Soviet space programme, which had begun in the 1930s, to establish and maintain a lead over their American rivals. In April 1961, to global acclaim, that lead was spectacularly realized; Cosmonaut Yuri Gagarin became the first man in space. Fewer than six weeks elapsed between Gagarin’s successful Earth orbit in the Vostock 1 vehicle and Kennedy’s speech to the US Congress.


Twenty years to the day after Gagarin’s first orbit came the first orbit of the reusable space vehicle, the space shuttle Columbia. The primary objective of the space shuttle programme was “to provide a new space transportation capability that will (1) reduce substantially the cost of space operations and (2) provide a future capability designed to support a wide range of scientific, defense, and commercial uses.” (GAO report, 1972) NASA launched the space shuttle programme in 1972 with an initially estimated cost of less than $45 billion based on 514 missions. When the final shuttle, Atlantis, re-tired in 2011, the programme had launched only 135, a quarter of the original estimate. Space had not been ‘operationalized’; nature had not been fooled.

The first disaster of the space shuttle programme came in late January 1986, when Challenger, carry-ing a crew of seven, broke apart following an explosion 73 seconds after its launch from the Kennedy Space Center in Merritt Island, Florida. It would be two and a half years before another shuttle, Discovery, would launch. The results of the independent Rogers Commission investigation in to the Challenger disaster would change irrevocably our understanding of the relationship between risk and organisational systems and behaviour.

In the meantime, less than three months after the Challenger explosion, monitors at a nuclear power plant in Sweden detected raised radiation levels in routine tests. The source was rapidly identified as the Soviet Union, forcing Soviet authorities to announce that the Chernobyl nuclear power plant had suffered a catastrophic explosion two days earlier. At the time, Soviet officials had no idea of the extent of the damage or the health risks associated with the release of radioactive material. Yet the effects of the Chernobyl disaster were felt world-wide. Of the accident, then-Soviet Premier, Mikhail Gorbachev has subsequently written:

The Chernobyl disaster, more than anything else, opened the possibility of much greater freedom of expres-sion, to the point that the system as we knew it could no longer continue.

Since the glasnost and perestroika of Gorbachev and his Foreign Secretary, Eduard Shevardnadze, and the lifting of what Churchill had, in 1946, called the 'iron curtain', much has changed geopolitically, strategically and economically. But the events of that period must be viewed in the context in which they occurred. Not to do so – to view history through the lens of the present day and in the context of our knowledge only of contemporary events – distorts our understanding of validity of historic decisions as well as their causes and effects.

Armstrong’s and other contributors’ achievement in the Apollo programme was part of the Cold War arms race projected in to space using rocket technologies necessary for the inter-continental ballistic missiles to deliver nuclear payloads against a distant adversary. Armstrong was one of the greatest American heroes (and Aldrin and Collins with him), but he was, at the time, primarily a hero of a propaganda war against a clearly identified foe. That foe no longer exists.

To put Armstrong’s, Aldrin’s and Collins’ achievement in this context does nothing to belittle ei-ther their actions or their heroism. On the contrary, in Armstrong’s case it makes his subsequent withdrawal from public view all the more remarkable. He was a reluctant hero, who saw himself as merely doing his job for the agency, government, country and cause he served.

In the same week that Armstrong died, Curiosity, a rover vehicle sent to Mars in November 2011, began to transmit pictures of the surface of Mars showing clearly aspects of Mars’ geological his-tory. This science-based mission is a far cry from Kennedy’s exhortation to defeat the ‘adversaries of freedom’; interesting and informative as it may be, it will not stir the blood as did Armstrong’s giant leap for mankind. Armstrong’s fellow moon walker, Buzz Aldrin, has long called for manned mis-sions to our nearest planetary neighbour, Mars. But, in the absence of a clear strategic imperative, Dr Aldrin’s exhortations are likely to go unheeded. In these straitened times, space exploration will be, for the foreseeable future, unmanned and on a tight budget. Without a clearly identified foe to overcome, NASA's context has changed.

6 Paradigm Risk

Barclays: coming back to Earth

Exactly a week before Armstrong’s death, the UK’s Treasury Select Committee released a prelimi-nary report on the scandal surrounding attempts by traders at Barclays Capital and Barclays Bank to manipulate the London Inter-Bank Offered Rate or LIBOR. The investigation by the Treasury Committee following the decision by US supervisory agencies – the Commodity Futures Trading Commission (CTFC) and Department of Justice (DoJ) – to impose fines of $200 million and $160 million respectively, and by the UK’s Financial Services Authority (FSA) to impose a fine of £59.5 million, the largest fine it has ever imposed. Collectively, the fines amounted to £290m, just less than 5% of Barclays’ 2011 profit figure. The report of the Treasury Committee followed their interroga-tion on four days between 4 and 16 July 2012 of the Chairman and officers of Barclays, the Deputy Governor of the Bank of England and the Executive Chairman and officials of the FSA.

At 115 pages (excluding appendices) the Treasury Committee’s report is not a page-turner. But it is remarkable for two things, at least. First, the report levelled strong criticism at the BoE Governor’s and FSA’s process of removal of the Barclays’ CEO, Bob Diamond. The Committee concludes:

Neither the FSA or the Bank of England should intervene to remove senior bank executives to placate pub-lic, media and Parliamentary opinion . . . Whatever the merits of the action taken by the Governor of the Bank of England and the Chairman of the FSA . . . the action they took has exposed implicit, and potentially arbitrary, power to force out senior figures in the financial services industry . . . [O]nce the Bank of Eng-land assumes full responsibility for financial stability and micro-prudential supervision, [t]he Governor of the Bank of England will stand all-powerful and able, by dint of raising his eyebrows, effectively to dismiss senior banking executives without discussing it with, or consulting, anyone. This is unsatisfactory . . . [A] much stronger governance framework is needed. Among other things this can ensure that the regulatory authorities are unable to remove senior bank executives arbitrarily or without just cause.

Secondly, the report of the Treasury Committee is remarkable for the frequency of use of the term ‘culture’. The word is used 50 times in the report and 96 times in the record of Oral Evidence. Clearly, by any measure, that must mean it is salient to the report. Indeed, the report concludes

There was something deeply wrong with the culture of Barclays . . . The standards and culture of Barclays, and banking more widely, are in a poor state. Urgent reform, by both regulators and banks, is needed to prevent such misconduct flourishing.


This is a very strong finding, but it is unclear what the Committee means by stating the culture is “in a poor state”? In oral evidence, Barclays’ chairman, Marcus Agius, was asked directly to define culture. He replied:

Culture is the way in which you behave instinctively.

The Committee’s report provides a similar definition of sorts:

We endorse Mr Diamond’s view, which echoes that of the Group of Thirty, that the culture of an organisa-tion is demonstrated by how people behave when no-one is watching.

In fact, the G30 report states something slightly, but importantly, different by combining the group and social dimensions of culture with personal values:

Values and culture drive people to do the right thing even when no one is looking. Values and culture are a fundamental aspect of the governance system, which makes them legitimate and important dimensions of inquiry for supervisors. Values and culture are also important areas for consideration and inquiry by boards. While these soft features defy quantitative measurement, they cannot be ignored. Anyone spending time in an organization quickly develops a clear sense of what drives it: most new employees understand the values and culture of the institution within a year, and many figure it out within just a few months. They instinctively observe how values and culture influence day-to-day business decisions and personnel choices. Supervisors can do likewise.

The Group of Thirty cites no evidence to support this rather astonishing conclusion of supervisors’ speed of anthropological observation or sociological omniscience. However, it moderates its message somewhat, acknowledging that supervisors have a way to go to get to this level of insight:

Supervisors that more fully comprehend FI strategies, risk appetite and profile, culture, and governance effectiveness will be better able to make the key judgments their mandate requires.

They also recognize the essential role of understanding in supervisors’ communications with firms:

As supervisors develop a deeper understanding of the culture and values that drive behaviors in FIs, they will be better positioned to discuss their concerns or recommendations with FI leaders.

Crucially, they associate values and culture with the effectiveness of governance:

Values and culture may be the keystone of FI governance because they drive behaviors of people throughout the organization and the ultimate effectiveness of its governance arrangements.

The Group of Thirty calls on firms to:

actively assess and manage the risk culture so that it supports the firm’s risk appetite,

although quite how to do so is left to firms’ imagination. However, unusually for industry reports, the Group of Thirty document notes the level of focus for operationalising attention to culture:

In practice, firms that actively manage their risk culture focus attention on individuals’ behaviors. Culture can be viewed as a high-level aggregation of those behaviors.

While this description is misleadingly, if not dangerously, simplistic, it introduces a more useful de-scription of a process for considering ‘risk culture’. The G30 report continues:

Directors and executives should draw on intelligence gathered across the firm in employee surveys, internal audit reports, risk-limit breaches, and so on to evaluate these behaviors. Each piece of information con-tributes to a portrait of the firm’s culture and the direction in which the culture is moving. Directors and executives can then address those traits and trends that do not reflect the culture they want to encourage, while supporting those they do.

8 Paradigm Risk

While the G30 report has some sensible suggestions to make about elements of an effective pro-gramme for improving individuals’ behaviours and aligning them more closely with the firm’s objec-tives, it still falls in to the same old trap of almost all industry and official reports in financial services, that

[m]anagement shapes the institution’s culture.

Yes, management does, but it does so unpredictably and in no way instrumentally; there are no cul-tural levers the firm or its executives can pull to create its desired cultural outcomes; perhaps influenc-es would have been a more apposite verb to use. Context also plays a vital role. To think that culture can be deployed instrumentally is simply to misunderstand the emergent character and complexities of culture and cultural analysis and to set up the firm for a plethora of unintended consequences of an ill-conceived cultural change programme.


Within the Treasury Committee report, this dilemma is amply illustrated by the performance of Barclays’ governance during the period during which LIBOR was subject to manipulation.

A curious and unheralded exchange between the Committee chair, John Tyrie, and Barclays’ chair-man, Marcus Agius (reported in the record of oral evidence), results in the following statement in the report:

Mr Agius told us that the FSA had recently undertaken a “governance review” of Barclays and that Barclays had received a letter saying that its governance was deemed “satisfactory”. He added that the official con-ducting the review had said told him that she had ranked Barclays “best in class”.

This reports a private conversation which appears to have taken place before February 2012; no evidence for it is produced. But the FSA officials giving evidence subsequently did not deny the statement had been made. The report does on to state:

Mr Bailey told us that the governance review was part of the FSA’s recently-introduced “core prudential programme” which focused on what he called “form of governance”, and in particular the board and its committees. He contrasted this with his concerns about the substance of Barclays’ governance, which was “not working”.

Dr Bailey, who is a Bank of England official and head of the FSA’s Prudential Business Unit, makes a telling distinction. Clearly, the form of governance – compliance with requirements for governance structures – differs from its effectiveness, “the substance”, in his words. The FSA’s Executive Chair-man, Lord Turner provides clarification (of a sort):

What you have there is, in formal terms—in terms of the formal processes—a perfectly good governance process. Everything is signed off at the appropriate level. But they are still having a try-on . . . in terms of pushing the limits of regulatory or accounting treatment.

Having your governance cake and eating it

10 Paradigm Risk

However, the distinction, and its communication to Barclays, clearly makes for mixed messages. As the Committee wryly notes:

The episode shows, however, that judgement-led regulation will require the regulator to be resolutely clear about its concerns to senior figures in systemically important firms.

But there is a deeper problem here; one which the Treasury Committee does not appear to see and on which it does not comment. The (now former) FSA official who opined to Barclays’ Chairman that its governance was “best-in-class” appears not to have shared her Executive Chairman’s dis-satisfaction with the effectiveness or “substance” of Barclays’ governance. The belief of the Group of Thirty, that “values and culture are a fundamental aspect of the governance system, which makes them legitimate and important dimensions of inquiry for supervisors”, depends crucially on the competence of supervisors to observe and understand values and culture and to judge effectively their contribution to the effectiveness of a firm’s governance. In the case of Barclays, either the FSA’s major banks’ supervisory team in 2011 appears to have fallen short of that level of competence or judgement, just as it did with Northern Rock in 2007, or the Executive Chairman, Director of the Prudential Business Unit and the Governor of the Bank of England have got it wrong.

There is nothing in the written or oral evidence of the FSA or the Bank of England, in their publica-tions or officials’ speeches or in the Treasury Committee’s report that shows that these institutions or their personnel are competent to observe or understand the relationship between values and culture, their impact on the effectiveness of a firm’s risk management or its governance. Indeed, any evidence available points clearly and forcefully in the other direction.

If nature cannot be fooled, it would appear supervisors can.


As Hegel pointed out, learning the lessons of history can be fraught with problems. But that does not mean we should not try. At present, the UK (and European) financial regulators, current and future, and parliamentarians do not even seem to be trying to learn the lessons of history in any systematic or structured way.

Just like the programme to land a man on the moon and return him safely to earth and the failures experienced during the space shuttle programme, the apparently-sustained attempts to manipulate LIBOR occurred within a context – in this case both and organisational and a regulatory and su-pervisory context.

In the case of the Apollo programme, the race to the moon was driven by the need to triumph over “adversaries of freedom”, in Kennedy’s phrase. The science was new and experimental; the agency had a clear mission and was driven by scientists and engineers. Despite the disaster of the initial Apollo mission causing the death of three astronauts on the launch pad, NASA enjoyed “seventeen years and 87 missions (sic) without [a] major incident” (CAIB, 2003). But even that history of suc-cess created a context, resulting in NASA becoming, in the words of sociologist Diane Vaughan, “immersed in a culture of invincibility,” prior to the explosion of the twenty-fifth space shuttle flight, Challenger. The subsequent analysis of the disaster, by a Presidential Commission chaired by lawyer and former Secretary of State under Richard Nixon, William Rogers, stands as a landmark of pen-etrative thinking about the potentially pernicious effects of organisational culture. The Commission panel included astronauts Neil Armstrong, Chuck Yeager and Sally Ride and Nobel laureate physi-cist Richard Feynman. Dr Ride, also a physicist, would also serve on the later Columbia Accident Investigation Board (CAIB), the only participant to serve on both panels.

Feynman concluded his personal appendix to the Rogers Commission report by writing:

Let us make recommendations to ensure that NASA officials deal in a world of reality in understanding technological weaknesses and imperfections well enough to be actively trying to eliminate them.

For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.

Learning and the lessons of history

12 Paradigm Risk

The same is true for financial (and any other form sectoral) regulation. To paraphrase Feynman, regulators must deal in a world of reality in understanding behavioural weaknesses and imperfections well enough to be actively trying to eliminate them, or at least manage them to an acceptable mini-mum. To do so, reality must take precedence over public relations – and over simplistic and populist explanations of causes of behaviour – for (human) nature cannot be fooled.

Organisational culture is a complex area that defies simple assumptions of cause or effect; in finan-cial services firms, organisational leaders cannot pull cultural levers to control human behaviour any more than they can in aerospace or any other sector. Similarly, assumptions about linear or scalar attributes of culture are dangerous over-simplifications: a 'strong' culture can be just as destructive as a 'weak' one; a compliant culture can have unintended deleterious consequences, as judgement is suspended by compliant operatives.

The reality is that culture emerges spontaneously from each human group that forms and is sustained over time. Each organization has, at any one time, multiple cultures; each individual may be a mem-ber of multiple sub-groups simultaneously, each with a distinct cultural identity in which he or she participates and to which he or she contributes. The ascendency or dominance of one sub-culture over another will be driven as much by organisational political considerations and context as by ethi-cal or compliance considerations. Before organisational leaders can effect any intended or designed cultural change, behavioural expectations must be specified, understood, codified, communicated, received, related to tasks and acted upon across multiple settings and in multiple contexts. Oppor-tunities for miscommunication and unintended consequences in such a behavioural exercise are rife. Organisational participants will be driven more by what they have lived through and the behaviour they observe in the firm and its operating environment than written policies – context and experi-ence are all-important; actions speak louder than words. As Vaughan wrote in the CAIB report,

The explanation is about system effects: how actions taken in one layer of NASA's organizational system impact other layers. History is not just a backdrop or a scene-setter. History is cause.

Learning the lessons of history, therefore, is vital.

In the Columbia Accident Investigation Board report (and elsewhere), Diane Vaughan wrote of the problems of normalization of deviance – where,

[i]n both cases [Challenger and Columbia], engineers and managers conducting risk assessments continu-ally normalized the technical deviations they found. In all official engineering analyses and launch recom-mendations prior to the accidents, evidence that the design was not performing as expected was reinter-preted as acceptable and non-deviant, which diminished perceptions of risk throughout the agency.

Within financial services, similar processes of normalization of deviance have been very visible since well prior to the onset of the financial crisis, resulting in sustained non-compliance and insufficient recognition and escalation of risk. But the picture is far from simple. For example, the Treasury Committee report states:

Barclays’ internal compliance department was told three times about concerns over LIBOR fixing during the period under consideration and it appears that these warnings were not passed to senior management within the bank. Statements that everything possible was done after the information came to light must be considered against a background of serious failures of the compliance function within the bank. In other words, the senior management should have known earlier and acted earlier.

Elsewhere, the report stresses the importance of compliance functions when it states:

These are serious failures of governance within Barclays, for which the board is responsible. The compliance function within a bank is very important. If it is weak or ignored in the practices of the bank that is reflective of a poor culture which does not take seriously enough abiding by the rules essential to proper functioning of the bank and the wider financial system. The serious failings of the compliance function during the period under examination suggest there was this kind of culture at Barclays.


However, a similar result – systematic non-compliance – can be reached without a conclusion of “a poor culture which does not take seriously enough abiding by the rules essential to proper func-tioning of the bank and the wider financial system”. The mechanism is Vaughan’s ‘normalization of deviance’; the conclusion altogether more nuanced. This normalization of deviance occurs within a context that includes the internal organisational norms and routines of the financial firm, its people’s knowledge of market practices in other firms as well as its regulatory context and supervisory experi-ence. “Serious failures of governance” are not readily compatible with “‘best-in-class’ governance”; yet the supervisor communicated both messages to Barclays’ Chairman within a short space of time. Writing about conflicting strong and weak signals, Vaughan writes:

This kind of doublespeak by top administrators affects peoples’ decisions and actions without them even realizing it.

The same is true for regulators and supervisors. They are inextricably part of the context of the firm’s compliance. And they are far from blameless. The interminable flow of ever-changing and poorly co-ordinated regulatory requirements has made firms’ compliance a task of constant adjustment of priorities and, as a result, confused signals to firms' executives and from those executives to their managers. In such a context, any management group will struggle to send clear and consistent sig-nals emphasizing the importance of compliance with regulatory fiats whose application, effect and the supervisory emphasis will be uncertain. The deluge of new, complex and prescriptive (and, in some cases, irreconcilable) regulatory instruments has created the very conditions that make compre-hensive compliance with them a practical impossibility. Such is the context of regulation in financial services; such is the dilemma facing regulators, supervisors and the firms they supervise alike.

14 Paradigm Risk

Risk and culture have a strong association in social sciences dating to the ground-breaking work of English anthropologist Mary Douglas and Berkeley political scientist Aaron Wildavsky, Risk and Culture, published in 1982. Both authors, in their separate fields, had addressed the issue previously, most notably Wildavsky’s 1979 work Speaking Truth to Power. However, it was investigation of the failures in NASA’s space programme that wove the two ideas together inextricably.

Following the loss of the space shuttle Challenger, forensic work of the Rogers Commission, and later the Columbia Accident Investigation Board, brought the two issues – risk and culture – together organisationally in a way that still resonates powerfully today. The description by the Rogers Com-mission of the Challenger disaster as “an accident rooted in history” relates organisational context and history, technical and administrative cultures and risk-taking in a way that views the firm as a complex behavioural system in its historical context. Each firm’s history is unique and will impact its culture differently; understanding that history objectively and subjectively as it is experienced in the firm (ie. phenomenologically) is essential to understanding culture; the Cold War context of Armstrong’s and his colleagues’ heroism is a case in point. Each firm’s people and their inter-relationships are unique; despite disciplinary and functional commonalities, each firm’s sub-cultures will weave together differently. This insight is applicable across sectors and technical disciplines; it applies equally in the financial services sector.

Since the financial crisis, the enthusiasm for regulatory and supervisory engagement with culture, risk-taking and behaviour is obvious from speeches and publications of HM Treasury, the Bank of England and Financial Services Authority. They have found their traditional routes of regulatory intervention and historic routines of supervisory oversight were ineffective. In culture, risk culture and behaviour they have found organisational attributes that were previously unregulated that have, they believe, proved deficient. Survey after survey has shown that banks' and other institutions' executives have, likewise, found their cultures deficient, unfit for purpose. The solution proposed: greater intervention, greater control of culture.

The problem is that, in this context, surveys are uninformative; they add no fresh insight and of-fer only biased participants’ opinions, shaped turbulently by the very cultural forces on which they

Knowing, not knowing and acting: who should do what?


opine. Individual psychometric instruments provide only part of the picture; while meaningful at the individual level, neither culture nor cultural perceptions are additive. Culture cannot, to repeat the flawed statement of the Group of Thirty “be viewed as a high-level aggregation of [individuals'] behaviors.” As used by regulators, it can, at best, be viewed as a pattern of tacit and perceived expected behaviours and behavioural limits or constraints.

In his comments to the Treasury Committee, the head of prudential regulation at the FSA and BoE, Andrew Bailey, distinguished the form and the substance of governance, a behavioural activity that is heavily regulated in a financial institution. However, regulators and supervisors need to be acutely careful to recognize that regulation, much like the politics that gives birth to it, is the art of the possible (to borrow a line from Bismarck). Even within a relatively uniform sector like financial services, firms’ contexts are so subject to variation, to what Hegel referred to as “a condition of things so strictly idiosyncratic”, that direct regulation of behaviour or other attempts to produce a cultural outcome are doomed to produce unintended consequences and, almost certainly, disappointment.

The simple truth, no doubt disappointing to Dr Bailey and his colleagues, is that regulators can only stipulate behavioural form and process – committee structures, membership, terms of reference, re-porting requirements, expectations of duly diligent attention. They cannot stipulate the nature of the attention or its quality; they cannot ex ante stipulate behavioural “substance”. Supervisory judgement on behavioural efficacy must be retrospective.

To complicate matters, social science research techniques are neither widely understood nor uncon-troversial. To understand an organisation’s multiple cultures, their relative dominance and cycles, the only reliable methods are direct observation and extensive interview of firm participants. To expect that financial firms’ supervisors who probably have no formal (or other) training in anthropological or sociological research will be able to assess culture “instinctively” is preposterous. We all use sus-pension bridges; that does not mean we understand their load-bearing characteristics and potential failure loads or could design one.

The idea of ‘best practice’ in behaviour and culture is similarly illusory. It is only in the form and structure of organisational routines – and not their behavioural substance – that any lessons may be transportable across firms with different histories and contexts and thus cultures. The notion that su-pervisors or consultants can convey leading practices in culture around different firms demonstrates a remarkably shallow understanding of the complexity of social organisation and organisational cul-ture. Yet such assumptions are commonplace and singularly evident among senior FSA and other regulatory officials, in industry and professional bodies and among consultants themselves. In any event, much sought-after compliance can, under different conditions, also have negative consequenc-es. Writing on the Challenger disaster, leading organisational behaviouralists William Starbuck and Francis Milliken (1988) observed:

People acting on the basis of habits and obedience are not reflecting on the assumptions underlying their actions.

A pool of supervisors trained in the subtleties of social and behavioural observation is unlikely to be available any time soon. Supervisory comment on aspects of organisational culture should proceed with enormous care; it should not be an area for routine comment in supervisory visits. Supervi-sors must be attentive to the dangers of over-reach beyond their skills and knowledge. As Vaughan (1997) points out

In the Challenger incident, the organization culture was much more complicated and its effects on decision-making more subtle and hard to detect than even insiders realized. As members of an organization, we are sensitive to certain aspects of culture, resisting it, but others become taken for granted, so that we unques-tioningly follow its dictates without realizing what the culture is, how it is operating on us, or how we both use and contribute to it.

So much for the Group of Thirty’s bold assumption of understanding it all in “just a few months”.

16 Paradigm Risk

In previous reports, the regulators (both current and future) have shown their willingness to regulate with limited technical understanding of culture or risk culture – limited principally to subjective or personal experience and 'expert opinion'. Similarly, in the report on the Royal Bank of Scotland and its actions relating to Barclays, the supervisor has acted based on presumed knowledge about culture and risk culture. As Vaughan shows, subjective understanding of culture, even from within, can be both restricted and flawed; wrong prescriptions can easily result. This is not a satisfactory basis for either regulatory fiat or supervisory action. Rather, it is a form of regulatory or supervisory expan-sionism or 'cultural imperialism' that is neither evidence-based nor well founded.

Prospects for regulators

Perhaps regulators must face the prospect that culture is not an area for regulation or active super-visory intervention. Despite the rush of amateur (and even some professional) enthusiasts eager to fill the void of knowledge on culture and risk culture, regulators’ and supervisors’ knowledge and knowledge generally has not reached a level where the results of intervention are predictable in the range of contexts present across regulated firms. The tremendous opportunities for unintended consequences suggest the need for thoroughgoing caution. Making changes 'in-mission', as busi-ness continues around multiple change initiatives, compounds the probability of unintended conse-quences and makes the task of gathering evidence of efficacy – of isolating cause and effect – even more problematic.

Most importantly, our understanding of financial firms’ cultures and the impact of their differing histories and contexts will not be moved forwards without "dealing (sic) in a world of reality," to use Feynman's phrase. Disciplined observation and analysis of behaviour must drive thinking and action on culture and risk culture. Observed reality must take precedence over fashion, wishful thinking, guesswork, intellectual laziness, opinion (public or otherwise) and public or government relations. Regulation must be evidence-based. That requires evidence.

Prospects for firms

The pressure for regulatory action is building; supervisors are already flexing their 'cultural' muscles. All financial services firms – banks, insurers and asset managers, alike – face a clear and present dan-ger of untested and unproven regulatory cultural edicts and supervisory over-reach.

Firms also should proceed with caution. There is a pressing need to explore how firms can create the environments and behaviours that will provide long-term value to customers and shareholders and comply with the spirit of regulation while retaining the capacity to recognize when it is necessary to “drop tools” to respond to a crisis. We also need to know more about the role of observation and approaches to analysis of organisational cultures. That knowledge will not be acquired without effort and perseverance. It will not come from consultants’ simplistic or reductionist assumptions about culture. And it appears that it will not come from regulators.

If the regulator and supervisor will not invest in the evidence-gathering and analysis, the knowledge and competence to understand properly the utility and limits of organisational culture and risk culture, firms must accept, however, reluctantly, that they will need to make that investment them-selves. That means pushing back against regulatory and supervisory fashion. After all, as Feynman observed, nature cannot be fooled. Ultimately, it is firms' shareholders that will have to pay the price for regulatory zealotry and 'cultural imperialism' and supervisory over-reach. Barclays is already counting the cost.


Pushing back: Where will the evidence come from? What should firms do?

If they are to push back effectively on the growing regulatory and supervisory 'cultural imperialism', firms must, themselves, propose the limits of a cultural 'regulatory settlement' – a defensible area of regulatory and supervisory attention to culture and risk culture – that is evidence-based, practical and actionable.

We believe financial services firms across banking, insurance and asset management must work to-gether to invest in evidence-gathering and knowledge development on how the complex concepts of culture and risk culture can be used within firms and the limits to that utility. That evidence and knowledge must be collaboratively assembled, analysed and put forcefully to regulators and politi-cians in a form that cannot be ignored. The alternative is to live with the regulatory and supervisory consequences – to repent at leisure and pay for regulators' and supervisors' haste, misplaced enthu-siasm and over-reach.

Multiple surveys (quite validly) show that many executives acknowledge the need for more direct and concerted action to improve the firm's culture and risk culture. Very few executives profess to know what that means; reliable, evidence-based guidance is conspicuously absent. Producing it would require an ambitious programme, co-ordinated between firms and at multiple points within firms, across disciplinary boundaries and organisational internal 'silos'. It would require expertise in social science research methods; it would require extensive, detailed interviews with people at multi-ple levels within participating firms. It would require understanding not only of culture but also of governance processes, management of risk and compliance routines in the different types of financial firms. Such skills, especially in combination, are very rare.

But it would also provide much of the knowledge firms require to act meaninfully in the area of culture and force the regulator to act from a position of understanding what works and what does not. It would give firms direct influence on the limits of the regulatory and supervisory agenda. Ultimately that would save firms considerable wasted effort and money.

18 Paradigm Risk


Paradigm Risk is a specialist, multi-disciplinary strategic risk and governance consultancy bringing together expert consultants and practitioners in the fields of governance, risk and assurance. Paradigm Risk offers experience-based and thought-led advisory services in governance, risk and assurance to financial institutions as well as to the broader corporate community and government agencies.

In a modern financial institution, managing the governance processes for risk and for prudential and other regulatory compliance is a constant challenge, as are providing assurance over compliance with applicable regulations, and managing the supervisory interface. Managing the association between the firm’s risk preferences and profile and its business objectives and regulatory requirements in risk is, similarly, an on-going challenge. Paradigm Risk brings both practical and theoretical insights to bear on these twin problems of performance and of regulatory change and compliance, especially in areas of risk and firm-level governance requirements.

In the corporate sector, we work with boards and senior executives to understand how they can take ‘more risk’ more safely; that is, how they can understand and anticipate risk better and become more responsive and more resilient to risk and uncertainty. Paradigm Risk aims to move the discourse on risk in the firm from assurance routines to a strategic debate that can help the firm to identify and exploit strategic opportunites through better execution and better-focused assurance to discharge governance responsibilities. In the public sector, Paradigm Risk advises on dealing with uncertainty in policy formulation as well as the impact of risk on organisation and delivery – minimising unintended consequences and improving policy effectiveness and efficiency.

We recognise that leading change in firms requires a leadership position in thinking and representation to regulators; we aim to shape the debate. Where others follow, we lead.

About Paradigm Risk

20 Paradigm Risk

www.paradigmrisk.com

. . . building insight about risk & uncertainty and people

into better strategy, tactics and performance

strategic risk & governance consultingrisk leadership & transformation

Regulation, risk & culture: will we never learn?

Documents

Transcript of Regulation, risk & culture: will we never learn?