1984 – 1994 – In house lawyer in financial services
Other – Joe Simpson, hang gliding, motorcycling, sailed across Pacific.
Risk management is not about not taking them!
F1 is less risky than angling!
A bit about me
Actually blew whistle twice – first time failed
Second time - Email to Danny Savage BBC News – 16 th Sept 08
“ I think that..the time may now have come when someone who has been there / done it / and wears the T shirt (“I was a Senior Risk & Compliance Officer who was fired for trying to slow down a bank”) speaks out again on what has gone wrong in the financial system and what needs to be done to make sure it does not happen again.”
Motivation was policy change not revenge or celebrity.
I gave initial evidence to UK Treasury Select Committee 10th Feb 09.
Key extracts from my evidence:-
Sales culture markedly out of balance with control systems.
Cultural indisposition to challenge
Sub-prime risks obvious to anyone.
Underlying cause inadequate separation and balance of powers.
Process, framework and structure without the right culture will fail.
Emperor’s new clothes, lemmings and pied pipers!
Key points from my evidence
“ ...I certainly knew that the bank was going too fast (and told them), had a cultural indisposition to challenge (and told them) and was a serious risk to financial stability...(and told them)
“ I told the Board to slow down and ....that their sales culture was significantly out of balance with their systems and controls .”
“ That ...very careful consideration should be given ...as to exactly what level of sales growth is achievable, given current capacity, without putting customers and colleagues at risk.”
I reported that the sales culture was out of balance
“ ..even non-bankers with no “credit risk management” expertise...would have known that there must have been a very high risk if you lend money to people who have no jobs, no provable income and no assets....
You simply don’t need to be an economic rocket scientist or mathematical financial risk management specialist to know this. You just need common sense.
In simple terms this crisis was caused....because there has been a completely inadequate “separation” and “balance of powers” between the executive and all those accountable for overseeing their actions and “reining them in”
i.e. internal control functions such as finance, risk, compliance and internal audit, non-executive Chairmen and Directors, external auditors, The FSA, shareholders and politicians.
Inadequate separation and balance of powers
The most important point I made:-
“ There is no doubt that you can have the best governance processes in the world but if they are carried out in a culture of greed, unethical behaviour and indisposition to challenge, they will fail .
Process without the right culture will fail
To mix a few well known similes / metaphors / stories, the current financial crisis is a bit like the story of the Emperor’s new clothes.
Anyone whose eyes were not blinded by money, power and pride (Hubris) who really looked carefully knew there was something...
But sadly, no-one wanted or felt able to speak up for fear of stepping out of line with the rest of the lemmings who were busy organising themselves to run over the edge of the cliff behind the pied piper CEOs and executive teams that were being paid so much to play that tune and take them in that direction.
Emperor’s new clothes, lemmings & pied pipers!
Head of Risk in Halifax...verbatim:-
"Leadership and focus on risk matters has had no priority....Sales are regarded as more important than anything else“
“ risk management not seen as a core business imperative or competence....and you know they are animals around here..”
“ Whacker” (CF Dick Fuld, Lehman “Gorilla”)
Charles Dunstone - two stories
Reprimands by boss for raising cultural indisposition to challenge
Refusal to record proper minutes of Bd Mtg and tabling full report.
“ Made redundant” by Crosby – on his own with no HR rep.
Replaced by sales manager appointed as Group Risk Director.....and
Some of the key evidence that supported my views
Courage - Never backs away from an opportunity to demonstrate personal courage
Taking courageous decisions even when they may result in criticism or unpopularity
Standing up for beliefs in the face of opposition from colleagues
Saying what needs to be said when others are hold back from expressing real feelings
Putting yourself on the line in taking responsibility for making tough decisions
Meeting colleagues in other work areas to talk openly and honestly about the real issues
HBOS competence framework for top leaders?
10 th Feb – London Evening Standard front page “ sunk?”
Evening Standard 10 th Feb inside
Sir James Crosby resigned as Deputy Chair of FSA.
Crosby and FSA denied my allegations and relied on KPMG report
Brown, Cameron, Osborne, Vincent Cable called for investigation....
I stood firm, confident and calm. I did countless media interviews.
FT story – “They would say that wouldn’t they?”
After vociferous denials by Crosby and FSA....Total silence! But no investigation.
What happened next?
Daily Mail – 14 th Feb 09
Sunday Telegraph main story – 15 th Feb 09 Me with the whistle! Sir James Crosby
Independent on Sunday – front page – 15 Feb 09
Failure of Management
” Bankers have made an astonishing mess of the financial system ....
Banks have failed because those leading and managing them failed .”
Failure of risk management
“ The current crisis has exposed significant shortcomings in the governance and risk management of regulated firms.”
Key conclusions of Treasury Select Committee / FSA
Failure of governance by non-executives
“ [Banks’] corporate governance was often totally ineffective. The evidence shows that many non-executive directors failed to act as an effective check on, and challenge to, executive managers.” “..non-executive directors have operated as members of a ‘cosy club’”
“ ...the necessary challenge was missing from governance structures, in particular boards.... Evidence from the current crisis indicates that some NEDs have struggled to fulfil their role of providing strong independent oversight of the executive management.”
Failure of the supervisory system i.e. The FSA
But the FSA’s regulatory and supervisory approach, before the current crisis ...was not with hindsight aggressive enough...
“ [this] was ...also [a failure] of the supervisory system”
Key conclusions of Treasury Select Committee / FSA
Independently analysed by Cranfield
The responses come from around the globe number as follows:-
Crisis not caused by global circumstances beyond anyone’s control
Big majority held executive accountable; not regulators or governments.
Not surprising as they said they saw the risks and reported them!
Culture (ethics) is most important area for change.
Capability of non-exec, regulators & line managers in risk is very low.
Focus for regulatory change should be:-
Global harmonisation, more prescription on credit and liquidity risk
More specific standards on effective risk management
Supervision of culture and ethics
Rigorous supervision of the effectiveness of internal risk management.
Higher calibre personnel in the regulators
Regulators should be accountable in law for their failures
There should have been a through enquiry to inform policy review.
The culture and values are the key – must be led from THE TOP
Openness, ethics and excellence not fear, blame and excessive pride.
Cultural disposition to challenge “group think” is key.
“ Never confuse honest dissent with disloyal subversion” - Eisenhower
Introduce ethical decision making framework. Train everyone.
Each key document to contain - “Ethical considerations taken into account”
Rigorously & independently check their culture & ethics regularly
Note “Self serving statements without corroboration bear no weight”
Performance management system aligned to cultural requirement.
Key lessons from my story and survey
“ Development is impossible without upright men and women, without financiers and politicians whose consciences are finely attuned to the requirements of the common good.
Both professional competence and moral consistency are necessary.
When technology is allowed to take over, the result is confusion between ends and means, such that the sole criterion for action in business is thought to be the maximization of profit, in politics the consolidation of power, and in science the findings of research.”
An interesting observation on culture
The people dimension is more important than structure and process:-
Much more competence, independence, integrity and diversity of non execs.
Risk management and compliance needs to be professionalised
Its not about forms & technical knowledge; its about ethics and excellence.
Higher calibre personnel advising on risk, compliance and internal audit.
Key non technical competencies are:-
Deep understanding of the business
Relationship management and influencing skills are key
Competencies for risk & compliance professionals Client focus Being passionately client focused in dealings with stakeholders Technical excellence Demonstrates technical excellence at all times in their own area of risk / compliance specialism Outstanding judgement Using a fine-tuned balance of all aspects of knowledge, experience and understanding to solve problems Creativity Exploring all options… thinking ‘out-of-the-box’; breaking new ground in exercising judgement Integrity and courage Demonstrating personal courage, independence and honesty in exercising judgement and giving advice – leading a culture of openness Understanding the business Developing a deep understanding of our clients’ businesses, the risks they face and the needs of their stakeholders Managing relationships Establishing and maintaining relationships with clients so as to become their ‘trusted adviser’ Giving advice and assurance Providing clients with confident and understandable advice and assurance which demonstrates a passionate dedication to technical excellence Functional Profile Functional DNA
Leadership & Competence Framework Facilitates discussions and identifies common ground and differences to arrive at sustainable relationships Uses questioning & clarifying techniques to understand views, attitudes and requirements Es tablishes trust by enabling others to express their emotions and views and respects these Negotiates purposeful agreements that meet the needs of all stakeholders Continuously checks expectations and purpose and encourages ongoing participation to share the responsibility for risk Gains support for ideas from businesses & others by relating the benefits directly to their interests and needs Uses powers of persuasion rather than veto Uses a broad range of risk management knowledge, experience and tools to advise and assure the business Links information, knowledge and experience to form ideas so that an event, problem or issue is fully understood Steps back from a situation to see the ‘bigger picture’ Helps others to develop broader thinking and to consider the wider consequences of their requests or decisions Proposes and evaluates alternative solutions and different ways of solving a problem before making a decision Encourages others to generate and evaluate options and to explore different perspectives others have on these options By comparing options generates new and creative solutions to meet different situations Is visible and credible and demonstrates value; i s clear about own position on issues and can clearly describe the services of the department to its stakeholders Inspires confidence in business colleagues and other stakeholders that risk is being identified and managed effectively Demonstrates broad and deep understanding about general business issues and challenges Digs deep to obtain information and understanding about the business and markets of our clients Identifies and gathers information about the clients’ people and stakeholders; their perspectives, needs and expectations Understands the risks and appropriateness of the control framework within the businesses Gathers information from a variety of internal and external and/or new sources and puts it into context Understands issues and exercises judgement having regard to the businesses’ points of view Understanding the business Managing relationships Giving advice and assurance
Points on structure, process & framework
If you want someone to do “A” pay them to do “A”.
A new lead non-executive accountable for “Oversight, Assurance and Ethics”
Control functions to report formally to this non-exec.
An annual risk based, detailed programme of oversight and assurance.
“ Self serving statements without corroboration bear no weight”
Formal protections for risk, compliance & internal audit managers.
Better whistleblowing procedures for rest of staff see specific slide
Structure, process and framework
And, of course, t he strategy must be aligned
Business models that focused on sales and growth to the exclusion of controls i.e. risk management, governance and compliance will lead to crisis.
And so.......................all elements must be aligned.
Values / ethics
Architecture / framework
Processes and controls
The overall context
Leadership ‘ systems thinking’ – the key elements must align
“ We only grow by taking risks, and the most difficult risk of all is to be honest with ourselves and others. Rick Warren
You get transformed by trouble” Rick Warren
“ Well, If I lose my reputation, at least that will be one less thing for me to worry about” Blessed Mother Theresa
“ The truth will set you free” Jesus
Advice to those who speak up to “group think”
Our leaders are the high priests of Mammon & Me:-
Me, more, now. Lend, lend, lend; buy, buy, buy.
“ Take the waiting out of the wanting”
“ You’re worth it”
In this mess there is a mess age of Hope.
Money itself is not the problem. The love of money is the problem.
Move from GDP (GmeP!) to GQ uality P (GyouP!)
Politics should not about left or right but about right or wrong.
Private funding of political parties gives the rich and powerful too much say.
Some personal observations on the financial crisis