0 10 20 30 40 50 60
2015 Edelman Trust Barometer: “How much do you trust your bank to do
what is right?”
Misconduct severely affects the financial industry
Trust in the financial sector remains low Increasing fines are hitting profitability, and do not
improve the reputation of the industry
-15,000 5,000 25,000 45,000 65,000 85,000
Bank of Tokyo
Bank of America
US mortgages UK mis-selling
LIBOR/IR Tax avoidance
Twenty of the
world’s largest banks
have paid more than
$235bn in fines since
2008, many of them
related to mis-selling
Banking misconduct bill – Thomson Reuters ($ mln), May 2015
Banks face some specific industry-wide challenges…
Taking calculated risks is at the core of our business model, leading to the delegation of risk-taking
to less senior employees compared to other industries.
Complexity of the business model leads to challenges in retaining a clear overview of all risks
present as well as on effective monitoring of risk-taking staff.
Potential failure of market discipline due to information asymmetry and the lack of incentive for
small depositors to monitor bank actions as they are protected by a DGS, resulting in large banks
being liable for the risks taken at smaller institutions.
Compensation practices not always properly adjusted for risk/reward and historically linked to
short-term results, while successful banking requires long-term considerations and vision.
Banks have a large influence on the lives of their clients:
• Most banking products are based on long-term relationships and contracts.
• Banking products often amount to a significant portion of disposable income of our clients.
• Banking products are often “must-haves” instead of a “nice-to-haves”.
Products are complex:
• Due to complexity of banking products, bankers are responsible for ensuring product-client suitability.
Clients often do not have a clear understanding of the products themselves.
• Client fees and fines are often misunderstood: clients do not understand the underlying mechanisms in
place to fund and hedge the client proposition.
…as well as more scrutiny from society and clients
Typical causes of misconduct
Fraud Triangle by Donald R. Cressey
Insufficient monitoring and control
and limited accountability:
no clear ownership of risks, as well as
breaches being inadequately noticed
and escalated. Without adequate risk
data and systems, accountability for
risk is undermined which can damage
Unclear vision and values:
short-term vision and uncertainty
on what the bank is trying to
achieve, as well as uncertainty on
what is acceptable behaviour and
what is not.
Improper incentives and sales-driven culture:
performance management and incentives which focus
on short-term gains not incorporating risk/return.
Addressing causes for misconductRationalisationMotive/PressureOpportunity
What are our long term objectives?
What values do we live by?
How should we behave?
How are we measuring compliance?
culture What is good performance?
incentives How are we rewarding people?
• Clear strategy and sense of purpose: every employee
should be familiar with the bank’s long-term objectives.
• Strong ethical culture: organisational commitment to
purpose, values and desired behaviours.
• Strong risk culture: organisational commitment that risk is
• Strong 3LoD: primary responsibility for risk is on the risk
takers: 1st line of defense, with every line adding value.
• Clear governance: defined vision is consistently supported
within a risk governance framework.
• Proper control mechanisms: ensure all risk types are
measured and managed properly, by means of
quantitative methods as well as by soft controls.
• Open culture: people should be encouraged to admit and
correct mistakes as well as challenge each other.
• Proper performance management: incorporating the risk
appetite as well as soft metrics related to the strategy,
values and preferred behaviour of the bank.
• Proper incentives: remuneration should be rewarded on a
risk-adjusted basis and linked to long-term objectives.
Defining a common purpose : placing the customer central to
everything we do
Our Purpose Our promise to the customer
Values and desired behaviour are clearly defined: the Orange Code
• Senior management must lead by example.
• Tone from the top: top of organisation has to promote, as well as be willing to educate.
• Acceptance necessary at various level of the organisation (including middle management) that risk
culture is key.
• Establishing a culture takes time and requires regular, clear and consistent communication.
• Primary responsibility for risk has to lie with risk-takers: they are far more informed and involved than
the second line.
• Proper escalation processes and clear consequences need to be in place.
• Collaboration and interaction between the 3 LoD is a key success factor: risk managers who are
structurally independent and have the right incentive and evaluation structures can be more hands-on
and proactive, yet retain objectivity. Risk is not supposed to be an extension of internal audit.
• Open culture needed with willingness to admit and address mistakes quickly.
• Individual assessment on KPIs set by the CRO MT for staff marked as having a material impact on the
risk profile of the bank, performance on which is translated into a modifier on variable remuneration.
• Risk and Front office exchanges strongly encouraged for talent development and succession planning.
• Desired behaviours will be incorporated in performance management for all employees by means of a
common set of KPIs.
Proper embedding of culture: key elements
• As a ground rule, culture should be a board-wide responsibility and the importance of the culture needs to be
acknowledged at every level of the organisation.
• However, CROs do have the responsibility for deciding on what is acceptable:
• Business lines and product owners sometimes lack vision on the bigger picture and might struggle with
balancing local market practices with the bank’s global view.
• CROs are responsible for challenging and forcing decisions on the continuation of a product or business line,
a bank does not function optimally as a democracy.
• Example at ING: revising the sale of Structured Notes in retail units.
• It is important to invest in talent management:
• A long-term sustainable institution is established by investing in talents.
• It is important to pass on knowledge to the next generation. Example at ING: CRO sponsors the International
Traineeship, over past few years there has been a clear shift to more content in the programme.
• Instilling clear values and standards should be initiated at the very start of a career.
• For promotion and succession planning experience in Risk Management should be deemed important.
The role of the CRO
“We tackle every crisis by imposing more rules, but we are often unable to make
those rules universally binding. We resolve the problem by identifying exceptions. The
result is an accumulation of rules of conduct and exceptions to those rules. However,
this mechanism only creates more confusion. Certainty is possible only if one follows
the letter of the rule, and this encourages, even forces, people to disconnect their
moral compass. Moral judgments are made on automatic pilot. In other words, too
many rules discourage rather than promote good behaviour.”
George Möller, Banking on Ethics, Euromoney Institutional Investor, 2012.
Food for thought
“With hindsight we can now see that the risk management
catastrophes of the past 3 years were (…) due to (…) the failure to
bring collective human judgment to bear on critical decisions. In
fact, companies current focus on compliance process – in reaction
to regulatory zeal – is likely to give Boards and shareholders false
confidence about their risk defenses”.
T. Monahan, CEO of The Corporate Executive Board Company