Applying consequences, leadership, controls, incentives and monitoring to your structure can have a dramatic effect on risk management and compliance
The past decade has seen a huge increase in compliance-driven spending, first in response to the corporate scandals of the early 2000s, and more recently in the aftermath of the global financial crisis. Billions of
pounds have been invested on new regulatory controls, systems and processes.
But, for all the effort involved, these changes have rarely achieved a transformation in corporate behaviour. Many organisations have found it difficult to change their culture – ‘the way we do things’. And it is these intangible factors or ‘soft controls’ that dictate how effectively an organisation’s ‘hard controls’ operate.
As a result, many companies find that the effectiveness of their compliance investments is persistently undermined by cultural failings. This is a phenomenon that KPMG describes as ‘culture eats compliance’.
It is not hard to see how the vital role of soft controls can be overlooked. Culture is hard to define, measure, monitor and control. Until recently it received only limited attention from investors and regulators.
Many organisations suffer from compliance fatigue - a sense that ‘box ticking’ is failing to achieve genuine improvements in risk management. And, ironically, initiatives intended to improve individual accountability can sometimes have the effect of encouraging silo behaviour and weakening collective responsibility.
Fortunately, things are changing. In part, this reflects growing supervisory focus. Financial institutions –especially banks – face the introduction of formal cultural supervision, such as the UK’s Senior Managers and Certification Regime and the ECB’s growing focus on organisational culture. More importantly, we see growing understanding of the role that culture and behaviour play in getting value from compliance spending.
KPMG’s experience of conducting culture audits across the public and private sectors allows us to model five factors that we see as the most important drivers of effective compliance and risk management. They are:
Tone at the top, with effective embedding of clear cultural goals throughout the organisation.
Business units own and feel committed to controls and effectiveness, with metrics reported upwards to the Board.
Effective monitoring on culture and transparent conduct, including predictive analysis of potential risks.
A culture that encourages dilemmas to be discussed, but which also ensures clear disciplinary consequences for breaches of risk appetite.
A risk-adjusted framework that clearly links risk performance and individual rewards.
One such technique is to use verbatim text analytics and sentiment tools to analyse internal documents such as performance reviews. This enables organisations to develop an objective, quantitative measure of culture.
The power of this technique lies in measuring data that would otherwise be impossible to analyse, helping organisations to develop a 360° view of their culture and identify areas for improvement.
Behavioural science techniques, sometimes known as ‘nudging’, can also give companies a practical tool proven to improve the application of formal rules and processes. These techniques work by using a framework of messages and incentives that help to strengthen soft controls.
Techniques like these can have a significant impact on risk management and compliance. One KPMG client, a bank, made a major cultural shift by deciding to address historic mis-selling scandals via a brand new centre of excellence for remediation. We provided a variety of support to this programme, including helping to re-write the bank’s Conduct Statement and supporting the streamlining of customer remediation processes.
We have also seen an ‘insurgent’ high street bank differentiate itself through a unique customer service culture. This bank aims to deliver exceptional experiences and enjoys net promoter scores of over 75%. Specific cultural initiatives include using customer service auditions during recruitment; training new joiners in culture and values; and linking employee incentives to customer opinions.
There is growing realisation that cultural failings can erode the value of regulatory investments. Our experience shows that a structured focus on culture can maximise the value of investment and achieve a transformation in risk management.
Erik Van Bekkum
Senior Manager, Advisory, KPMG Netherlands