A former professor of mine, and former CIO at Lehman Brothers before their fall in 2008, shared some good advice during my MBA program that has stuck with me. He said ‘People respect what you inspect, not what you expect’. Fail to inspect people for bad behavior and you can fully expect to find risk.
Financial services firms have been overwhelmed by the bad behavior of their capital markets divisions during the past 8 years. The two most vivid examples of recent greed have been the LIBOR Rate Rigging Scandal, and the FX Fixing Order Rate Rigging scandal. The misconduct exhibited by small trading communities in the FICC (Fixed Income, Commodities and Currencies) divisions of the major global banking firms is unprecedented and has resulted in billions of dollars in fines from the Financial Conduct Authority in London and the New York Department of Financial Services with other global regulators pursuing new investigations on an almost weekly basis.
The lesson here is that the conduct of a small group of employees, or of even a single employee, can reflect badly on all of us, and have significant ramifications for the entire firm, said J.P. Morgan Chief Executive Officer James Dimon.
Given these examples of misconduct, as a financial services risk professional, how can these risks be prevented? How can they be mitigated? How can greed be eradicated before it damages the firm’s reputation, violates customer trust, and exposes the firm to regulatory fines and legal proceedings?
“Human” risk management must be a priority in any enterprise risk management strategy. There are certain key steps to insulating a firm from human risk.
First, establish Legal Policy and Procedures that provide the basis for enforcing a code of conduct. A robust, detailed and transparent set of expectations for financial professionals must be defined. A well-defined framework for fraud prevention can help risk and compliance staff defend the firm’s efforts toward risk management with regulators. The fact that there is an established policy is often enough to reduce the risk of fines.
Second, operational processes need to be changed and streamlined to ensure employees fully grasp the impact of the code of conduct on their daily work.
Many new technologies are available from experienced firms to provide capabilities such as:
- Monitoring – Inspecting behavior and implementing diagnostics to collect data in the platforms in your organization. This includes e-mail, messaging, chat rooms, financial transaction data, and activity from any relevant platform in the firm.
- Big Data and Enterprise Data Management – Consolidate and manage the firm’s data in a single place. Data must be collected, stored, and made available easily to internal customers and external and regulators. Technology solutions like Hadoop, Data Lakes, and Meta Data Management tools can make your efforts more efficient and transparent.
- Analytics – Mining the data allows the firm to seek out relationships in events that compliance people could never pick up without technology. Through use of analytics, the firm can take a proactive approach and define areas of concern for fraud. Develop rules to detect fraud where it has occurred in the past, and anticipate where it may occur in the future.
Regulators will be looking to the financial services industry to learn from past experience. The next bad behavior is out there. By establishing proactive processes and implementing strong technological solutions, firms can better assess and quantify risk. By planning for the downstream impact to your organization of stronger human risk management, you can better answer that difficult question that comes along with evaluating a line of business; does the reputational exposure far outweigh the regulatory cost?
Fines alone do not seem to deter bad behavior by individuals. Regulators are looking to hold someone accountable. How do you want to answer their inquiries?