Address by Director of Insurance Supervision, Sylvia Cronin, at Life Conference 2015

18 November 2015 Speech

'Culture and Governance: Acting Together for a Happy Marriage'


Good evening ladies and Gentlemen and a warm welcome to Dublin. It is a pleasure to join everyone here this evening on the Institute and Faculty of Actuaries 30th Life Insurance event.

What happened?

We have been through a remarkably turbulent time in financial services over the past number of years and we have faced a plethora of challenges. It is difficult to believe that it has been over seven years since Lehman Brothers filed for bankruptcy protection, the catalyst in a chain of events that cost the world economy trillions of dollars and rocked consumer and investor confidence.

Around the world stock markets fell and large financial institutions collapsed or were bought out. There was a collective response by governments and central banks throughout the world: major liquidity injections, unprecedented bailout packages, historic reductions of interest rates and public capitalisations of banks. Even the wealthiest nations had to bail out their financial systems. In an interconnected world, a seeming liquidity crisis can very quickly turn into a solvency crisis for financial institutions, a balance of payment crisis for sovereign countries and a full-blown crisis of confidence for the entire world.

Yes, a lot has happened during those seven or eight years. Together we have faced many challenges during a period like no other for financial services. Questions were raised, such as, how did the crisis happen? Why did companies not understand the level and interconnectedness of risk they were exposed to? And underneath it all, what were the root causes? When something bad happens, it doesn't take long before blame starts to be assigned. Commentators attributed the blame to a mix of factors and participants, ineffective Boards, over-dominant CEOs, conflicted credit agencies, hungry investors and a ‘light touch’ regulatory regime.

It is clear a lot of work has been done in an effort to rebuild and restore confidence. However, the financial crisis has left a sense of unease within the general public towards the financial sector. It is vital that confidence is repaired, as a core element of a stable economy and sustainable business model is confidence in the financial system.

We profess to have a good understanding of the causes of the crisis. We have taken action to address many of the perceived causes; the regulatory agenda has never been busier. I would like to take a moment to ask you to stop and reflect on the work we have done and the elements that remain to be worked on. We had a busy agenda over the past number of years; we should take some time to consider, are the measures we have put in place achieving the desired effect?

Naturally one would expect to see regulatory enforcement cases after the crisis and over time we would also expect to see a slowdown in the pipeline of such cases. However, it seems that we continue to see scandals emerge, internationally and locally. Locally with companies such as Quinn, and international cases such as LIBOR and FX.

Despite a huge cost to the taxpayer, enforcement actions coupled with heavy fines from regulators, the implementation of regulatory changes, and much restructuring of companies, the underlying fundamental drivers of bad behaviour in financial services appear to remain unchanged in some quarters and the continuation of scandals in our sector continues to prevent us from rebuilding that confidence.

This leads me to question, why are our collective actions not delivering the desired results and. Are we really doing enough to achieve our end goal? The end goal being: restoring confidence with employees, consumers and investors.

Today we have an opportunity to take stock and reflect on how we can drive and deliver change more successfully. It is important that we do this because as a collective our actions can drive changes in behaviour.

Today I would like us to consider why confidence has been lost, how have we responded to this and question, are we doing enough to restore it and if not, what do we need to do more of? The two issues I have identified, that I wish to explore: governance and culture and how we can get these to work together to deliver the end goal. To my mind we have made advancements in the area of governance structures, but have we done enough on tackling culture and behaviours?

The financial sector is facing a major challenge of restoring confidence. This will be a difficult task and the challenge is amplified by a dynamic operating environment for insurance with a range of more interconnected risks. It will be a test for firms to manage consumer, shareholder, employee and regulatory interests in a sustainable manner.

We all have a role in delivering on this challenge. The mechanism through which we can restore confidence is through our people ‘doing the right thing’. This is a significant cultural shift and will not be achieved overnight. According to Warren Buffet “It takes 20 years to build a reputation and five minutes to ruin it”. This will take time and tenacity on our part. We have invested too much effort for us to fail. In order for us to avoid failure we need to be honest and hold a mirror up to ourselves in identifying the true underlying causes of the difficulties and challenges we have experienced to date. Put simply we must ‘do the right thing’, not just the easy thing. We need to not only address the structural weaknesses in our governance arrangements but we also need to persist and remain steadfast in our endeavours to address the underlying behaviours and drive cultural change.

Why did the crisis happen?

Companies have had to respond to the increasing demands of the dynamic environment in which they function. The global financial crisis exposed a number of governance weaknesses that resulted in companies’ failure to understand the risks they were taking.

Global surveys highlighted that many Boards had directors with little financial industry experience and limited understanding of the rapidly increasing complexity of the institutions they were leading.

Too often directors were unable to dedicate sufficient time to understand their company’s business model and were therefore too deferential to senior management as they did not constructively challenge management’s proposals and decisions.

Evidence from the financial crisis suggests that overconfident and domineering Chief Executive Officers (‘CEO’s) have a negative impact on decision making. This is particularly relevant around risk taking, as the dominant CEO will tend to overestimate their ability and underestimate possible risks.

Many Boards did not have effective governance structures in place and did not pay sufficient attention to risk management, as risk management functions lacked the authority, stature and independence to rein in the company’s risk-taking.

But from this list, which of these issues were the root cause of the crisis?

  • Was it inappropriate membership of Boards, a lack of knowledge on the Board?
  • Was it over dominant CEOs?
  • Was it poor governance and risk management structures? OR
  • Is it something else?

There have been many regulatory changes over the past number of years since the peak of the financial crisis. There has been an increase in legislation and regulatory requirements at the global, European and national level. For example:

  • ‘Guidelines: corporate governance principles for banks’ were published by the Basel Committee on Banking supervision in October 2014.
  • The European Banking Authority has issued guidelines on internal governance, which cover topics such as ‘corporate structure and organisation’, ‘duties and responsibilities of the management body’ and ‘risk management’, including risk culture and the risk management frameworks.
  • Solvency II is raising the bar for risk management for insurance and is putting the responsibility for identifying and owning the management of the risks that their entities face, firmly at the doorstep of the Board.
  • Of course there is an ever increasing focus on putting the consumer at the centre of business, with MiFID 2, PRIIPS and IMD 2 coming down the tracks.

The Central Bank also has many legislative powers and codes to drive industry in the right direction locally and we will use the fullest extent our enforcement powers to hold financial services providers and individuals to account. Local changes have included the introductions of:

the Corporate Governance Code which focuses on governance structures;
the Central Bank’s Fitness and Probity regime, focused on the experience, skills and competence of individuals on Boards and in senior management positions; and
the consumer protection code, to name but a few.

Yet this all sounds very familiar. Have we not been here before?

We appear to be caught in a perpetual cycle of: a crisis in financial services, followed by a regulatory response of increasing supervision and regulation, followed by another financial crisis emerging.

The collapse of Enron in 2001 was the first in a string of major bankruptcies and scandals around the globe. The regulatory response was the introduction of the Sarbanes-Oxley Act in 2002 – ‘SOX’.

In 2008 after the fall of Lehman Brothers, the sale of Bear Stearns and the near collapse of giants such as AIG, governments around the world spent a period putting out the fires of the crisis through bail out and guarantee programmes.

Following this, regulators took on the task of modernising the regulatory framework and putting powerful consumer financial protections in place. These included legislation such as the Dodd-Frank Wall Street Reform and Consumer Protection Act. This put in place a dedicated consumer financial protection watchdog and provided the government with more tools to monitor risk, and resolve firms whose failure could threaten the entire financial system.

Since the crisis, companies have been working hard to institute visible and verifiable changes to their governance and risk management frameworks.

For the most part, appropriate governance structures have been designed and put in place from the top down, such as the Board, Board Sub-Committees, and the risk and control functions.

Companies have endeavoured to appoint people to their Boards and key management roles with the necessary mix of skills and experience and have focused on Board composition and structure: requiring that a certain proportion of directors be independent; requiring independent membership on board audit, risk and remuneration committees.

Yet, it seems as though we are caught in a cycle. It appears that as soon as regulators have prescribed regulation for specific issues that arise, the ‘bad behaviours’ of financial services emerge in some other form.

We continue to hear of financial scandals since the height of the financial crisis, take the FX and LIBOR scandals of 2013. Action was taken and regulators imposed heavy fines.

Then, only in recent months, have we seen again headlines in the New York Times, such as “The Problems at Volkswagen start in the Boardroom“?

Why? What is the underlying driver of the stories that we see emerge time and time again?

Have we done enough? And if it’s not working, what has to change?

I ask myself, and I ask you:

Were the changes in the governance structures that regulators have introduced and companies have implemented necessary? Yes, I believe they were.

Are companies’ governance and risk management frameworks improved as a result? Yes, I believe they are.

Have these changes been sufficient to address the root cause of what continues to lead to financial crisis after crisis? Blow after blow to shareholder and consumer confidence? Certainly not.

We know from previous crises that an increase in regulation and governance requirements has limitations and seemingly does not reach unequivocally to the core of the underlying causes of these scandals.

The financial crisis and more recent scandals have caused a reassessment of the role that culture plays in financial failures. The corporate scandals of recent years have clearly shown that behaviours trump rules every time and legislation cannot eliminate the unsavoury side of human behaviour. Rules cannot substitute for character.

Root Cause - Culture

While aggressive accounting policies and earnings management, were undoubtedly part of the financial scandals in the early nineties, this was combined with the existence of an overly dominant CEO in many of the cases. Tanzi at Parmalat, Kozlowski at Tyco among others, whose own greed, hubris and personal ambition brought about the failure of these companies. 

We saw these symptoms emerge again during the financial crisis of 2008. The culture of short-term profit maximisation, excessive bonuses for CEOs and senior managers, and banks routinely exploiting their customers and believing in a ‘too-big-to-fail’ world were still there. AIG for example was led by a chief executive, Hank Greenberg, who was renowned for being adept at squashing critics. 

To date the focus has been on controls and governance structures rather than culture and people relationships. An organisation can have the world’s best governance in terms of structure and documentation, yet the board and the organisation’s culture can be utterly dysfunctional in how it operates.

The Enron Corporation board met the most rigorous independence criteria and represented a wealth of financial acumen; its audit committee head was an accounting professor and a former dean at Stanford’s business school. 

Tyco International Ltd. was a case study in governance best practices. CEO Dennis Kozlowski was the only ‘insider’ on its board; directors ran for election annually; and an independent director ran board meetings, set the agenda, ran executive sessions without Mr. Kozlowski, and conducted annual evaluations of individual board members.

Yet, their culture propelled the demise of the company.

But, what is culture and what does ‘good’ culture look like?

Culture is based in the morals, values and ethics of your organisation. This drives the behaviours and standards, but not only within your business but in how you ‘do business’ with your customers, your treatment of staff and how you manage your third party relationships. 

Culture is ‘the way we do things around here’ and what someone in your company would do if they thought that nobody was looking.

‘Good’ culture is rooted in old fashioned values of ‘doing the right thing’ and a good culture will create an environment where people can ‘speak up’ and are comfortable in expressing their views without the fear of reprimand.

Who is responsible for setting the culture and where does it start?

  • Culture begins in the Boardroom and
  • Responsibility lies with the members of the Board. 

There is an old saying that “the fish rots from the head”, and so it is with companies. The prime function of the board is to provide oversight and guidance, to monitor the CEO’s and senior management’s actions and to protect the interests of the employees, shareholders and their customers.

It is the responsibility of the Board to set the ‘Tone at the top’, by clearly articulating the core values and desired culture of the company.

That in itself however, is not enough, the Board has to be effective and live and breathe its culture. The behaviours ‘at the top’ must reflect the values being espoused. After all, actions speak louder than words.

The Board and Boardroom dynamics

Getting the Boardroom dynamics right is key for ensuring effective Boards are in place, function appropriately and strike out the right tone across your organisation.

Take a recent example of where a globally successful company, the world’s largest automaker by sales — 202.5 billion euros last year - a household name, has fallen victim of its Boardroom dynamics.


Professor Elson of the University of Delaware, was quoted in the New York Times as stating that Volkswagen was “An accident waiting to happen”.

It is now emerging that Volkswagen had all the hallmarks of an ineffective Board:

  • The structures were wrong: an unusual mix of family control, government ownership and labor representatives.
  • The membership was questionable: the fourth wife of one of the ‘family’ members, a former kindergarten teacher was a member of the company’s supervisory board. Although many shareholders protested to her lack of qualifications and independence upon appointment, they had little or no influence. This has echoes of the Parmalat scandal of 2003 to it, Board members made up of family and friends.
  • Independent views were not welcome and professor Elson describes the Board as “an echo chamber”.
  • One German newspaper, Süddeutsche Zeitung stated that the Boards behaviours of autocratic leadership have been long out of date and “functioning corporate governance is missing.”

Finally the attitude was wrong. Rather than working towards, and wanting to ‘do the right thing’ by customers and the environment, the company instead set about determining a methodology as to how to work around the environmental laws and rules.

It is apparent that the Board had no interest in the environment, as the company has been very slow in moving towards electric cars and advancements in this area. Rather newspaper reports suggest that the Board was more aligned to a political agenda to keep local employment high and to be No. 1 in sales around the world.

But what price will the Board now pay as a consequence of poor Boardroom culture and behaviours?

Well the damage is still-unfolding. Volkswagen faces a staggering number of investigations and lawsuits. The company is said to have set aside $7.3 billion, which doesn’t seem nearly enough;

  • Legal fees are likely to run into the billions.
  • The Environmental Protection Agency alone could fine the company up to $18 billion.
  • They have to recall the 11 million affected cars.
  • It isn’t clear how the company can remove the software and meet emissions standards without compromising automotive performance.

Given the serious financial and reputational damage, the long-term survival of Volkswagen is a real question. Investor and consumer confidence has been lost and will take a long time to rebuild.

What can we learn from this in financial services and insurance?

Boardroom dynamics are key in building a sound and robust business. Boardroom dynamics can be viewed as the interplay between three aspects of governance:

  • Structure.
  • Culture.
  • Behaviours.

Structure is concerned primarily with the process and task of the board – the system of direction and control of the organisation. As mentioned earlier, a lot of focus has been placed on governance reform by both regulators and companies. A good governance structure is a necessary foundation for excellence in the boardroom.

Culture deals with the context of the boardroom power structures. Every board has a set of unspoken and unwritten norms – and this cultural context is critical.

Behaviours, including director competence, is the third governance dynamic at play in the boardroom. This has to do with:

  • Who is on the board.
  • The skills and experience sets of the directors as a collective, and individually.
  • The character and personal behavioural style of directors, particularly the chairman.
  • The character and competence match of those directors with the strategic direction of the organisation.

Strong behavioural governance can make a fundamental difference. Having the right people on the Board should help create an honest environment with people of character that have the courage to act.

When a CEO and Board Chair have a high level of trust and mutual confidence, they are more likely to share “clouds on the horizon” with each other sooner and more openly.

When individual board members are able to speak out forthrightly and constructively, yet in a healthy sceptical and challenging way without fear of being chastised or emotional reactions, better decisions are made in the long-term interests of the organisation.

A Board which does not get their behavioural governance right or take the responsibility for setting the right tone at the top, will more than likely be ineffective. Volkswagen is a case in point.

An ineffective Board increases the likelihood of poor strategic thinking and decision making. The board is there to “stress test” strategic proposals, and ensure, through considered challenge, that they are based on proper research, analysis and commercial sense. The board should also make sure that proper risk assessments have been carried out.

A weak board will often effectively abdicate power to a CEO whose drive, charisma and ruthlessness have contributed to the company’s success. Board’s become reluctant to challenge the CEO's judgement and fall into the habit of rubber-stamping his/her decisions. It stops scrutinising detailed performance indicators, may allow executive compensation to spin out of control, and be content to accept management figures and explanation without serious question.

An independent board, led by a strong chairman must assesses the CEO's performance and be prepared to challenge and hold accountable the CEO and remove him/her if they fail to discharge their duties adequately.

An essential characteristic of a non-executive director must be independence of mind, which needs to be coupled with a willingness to walk away if dissatisfied. Few companies enjoy explaining to the outside world why a non-executive director has resigned.

An effective board must act as a brake on poor decision-making and set the tone and culture for the entire company. If such scrutiny and morality is not in place, then there is a danger that the company will embark on a downward spiral and send the wrong message to all within the company.

Getting your Boardroom dynamics, your governance structures, culture and behaviours right is key to your success and can help to create a sustainable business.

Although there is an increasing awareness in financial services of the importance of culture, and some progress has been made in the last few years, significant gaps remain.

Many of you may believe that your risk culture is aligned to your risk management frameworks. In reality what we are seeing is that many companies still have a long way to go in building effective, risk aware cultures and embedding robust risk management.

Many of you lay claim to ‘customer centric’ strategies, how much of this is lip service and how much is translated into your culture of conduct? Is the customer really at the heart of your business model and if not, what is the price that you will pay for this in today’s consumer led society?

To be successful in today’s world, minimum compliance with regulatory requirements will not be enough to prosper. Relying on the regulator to be the conscience for industry will not be enough to ensure you have a sustainable business.

Once you get tone at the top right, how do you permeate this through your business?

Behaviour and culture are integral parts of the bigger organisational picture of a financial institution. Organisations need to develop an integrated and institution-wide view on the behaviour and culture within the organisation, as well as effective processes to identify and manage behaviour and culture risks.

Building the right culture is one of the best ways to avoid regulatory censure. However, the culture needs to operate in practice rather than just be formally managed in a hierarchical sense.

Your culture needs to be permeated to all corners of your business, your subsidiaries, branches and business units. Doing the right thing should resonate with every facet of your business.

As part of the leadership of your companies, Boards and senior management have collective responsibility to:

  • Ensure formal processes exist to assess the propriety of your governance and risk management frameworks.
  • As importantly, to develop, monitor, and assess the culture of the company. You need to understand if everyone has embraced the culture you desire or does your company suffer from ‘Chinese whispers’? Is your culture ‘on the ground’ at odds with what you have espoused in the Boardroom? and How do you know?

The Board may aspire to a culture of ‘doing the right thing’, but underlying the overarching culture is often a number of sub-cultures, which exist. Two ‘sub-cultures’ which are vital in today’s environment to set and embed are:

  • The Risk culture.
  • The Conduct culture.

Everyone in your company has a role in ensuring that you live and breathe the cultures that you aspire to day to day. Pivotal to the communication will be the strength and character of your Chief Risk Officer and your Head of Actuarial function.


In a world of increasingly connected risks, risk governance and risk culture have never been more important.

Risk needs to be considered from the outset of your business strategy. It cannot just be considered at the end of a process and be seen as a ‘hygiene factor’.

Risk management structures need to examine and monitor the interactions across types of risks and across your company.

Your risk culture needs to be aligned to your risk management framework to ensure that business leaders make the right risk/reward decisions.

Risk governance collectively refers to the role and responsibilities of the Board, the Chief Risk Officer (‘CRO’) and the risk management function. However, the risk culture needs to be more far-reaching and deeper than this. Every person in the business has a role in managing risk.

Risk governance

The risk management function is responsible for a number of specific tasks, including:

  • Assisting the Board in the effective operation of the risk management system.
  • Monitoring the system and general risk profile of the undertaking as a whole.
  • Identifying emerging risks.

The failure to have a strong, independent risk management function can lead to ill-informed boards and senior management teams as well as imprudent decisions.

Within this, the CRO has many responsibilities, in particular maintaining and monitoring the effectiveness of the institutions risk management system.

Risk culture

Risk culture is reflected in the attitudes within your organisation towards independence, challenge, identifying issues and how risk management is integrated.

We would expect that the role of the CRO is clearly distinct and independent from other executive functions, but yet equal in stature.

The role of the CRO and the risk function will be to challenge the status quo from a risk management perspective, while maintaining independence of mind.

  • Does this happen in practice in your company?
  • What is your experience when you do fulfil this role of challenge? Is this welcomed and supported or otherwise?

A sound risk culture should promote an environment of effective challenge in which decision-making processes promote a range of views, allow for testing of current practices, and stimulate a positive, critical attitude among employees and an environment of open and constructive engagement.

An organisation’s culture must encourage transparency and open dialogue between, management and the Board, and management and staff at all levels.

At all points in the process of development, marketing, implementation and maintenance of a product, service or transaction, companies need a culture which makes it easy for staff to “raise their hand and speak up”. Staff need to feel that they work in an environment where speaking honestly is appreciated, not frowned upon or punished. Evidence of a culture that is open to dissent is often reflected in decision-making processes and quite often leads to better decision making.

The culture and attitudes towards identifying and addressing issues within your organisation is an important element of ensuring effective risk management. The risk culture should rely on integrity and transparency in decision-making and openness for mistakes, and this culture should be championed by senior leaders.

Do the actions of the staff within your organisation support a culture of avoidance or pro-active risk management? For example how are risk issues, policy breaches, near miss events etc. dealt with within your organisation? Are they downplayed? Excused? Not reported? Or are they dealt with in an open and transparent manner? Are there clear reporting lines for such events? Is responsibility delegated to specific people to lead this initiative? A culture of avoidance can be detrimental to the risk management governance systems and culture.

Most importantly, Companies need to move away from the attitude of viewing risk as the primary domain of the CRO and the risk function.

The role of the CRO and the risk function is evolving to become a valued business partner across the business, and leaders across the ‘business’ are evolving into risk managers, as the accountabilities of risk management are reinforced across organisations more broadly.

The risk function should be actively involved in the development of long-term value creation by ensuring well informed risk/reward decisions are taken by the organisation in pursuit of its business plan objectives and to ensure capital is delivered to the areas where most value can be created from the risks taken. Capital is a scarce resource and needs to be used effectively as well as meeting regulatory requirements. This will become increasingly important under Solvency II.

In companies with more mature risk management, we have seen evidence of the risk function involving the wider business functions in the ORSA process and preparation of the ORSA reports. This is to be encouraged and expanded upon.

However, these examples are few and far between and many companies appear to continue to view the risk function as the ‘owners’ of risk management. There needs to be a change and we believe that the CRO and Head of Actuarial function are key in influencing, facilitating and delivering this change.

The actuarial function is a key part of the risk management system from the perspective of the Board and the supervisor. After-all, the actuarial profession has a long history and tradition of measuring and managing risk and uncertainty.

The mathematics needed to scientifically measure and mitigate risks dates back to the 17th century. The actuary of today requires a much broader skill set to tackle both financial and non-financial risks:

  • Analytical skills.
  • Business knowledge.
  • An understanding of human behavior.
  • An understanding of information systems to design and manage programs that control risk.

The human intelligence, expert knowledge, judgement and ethics required in risk management cannot be replaced by actuarial models.

The role of CRO can be a very lonely one at times. It can be very difficult to stand up and be the naysayer when required in a gatekeeper role. The Head of Actuarial Function should help ensure there is now a natural partner for the CRO both in interactions with the Board and the wider organisation. Both the CRO and the Head of Actuarial function are now more meaningfully empowered to support one another where appropriate to do so.

Boards, CEOs and risk governance committees need to actively involve leadership across the business in managing risk and should not underestimate the power of their CRO and Head of Actuarial function in driving this change.

The culture and mind-set that everyone in the business has a role to play in risk management needs to be developed, if the risk governance structures put in place will truly be effective in practice.


The second ‘sub-culture’ I referred to was the conduct culture.

In particular I believe that the area of product oversight and governance is worth exploring from a prudential supervisory perspective.

By product oversight and governance, I mean to what extent the firm has sufficient oversight of the product and distribution strategy, irrespective of how the product is intermediated.

Product oversight and distribution strategy is a growing topic across Europe and is particularly relevant for Cross Border firms. This is also a hot topic in our internal deliberations in the Central Bank, on how we enhance our supervision framework, PRISM.

To some extent, this is drawing a distinction between wholesale conduct risk and micro conduct risk.

Wholesale conduct risk is something that the local boards need to play a more active and visible role in, and is something the Central Bank intends to be more active in from a prudential supervisory perspective.

Wholesale conduct risk refers to:

  • How the product is sold.
  • What is the target market.
  • How is the board satisfied that the product is only sold to that target market.
  • What initial and on-going due diligence is carried out on the intermediary.
  • What actions are taken when there are deviations and is there a structure in place to be able to identify deviations.

Micro conduct risk is at the individual policy level and the responsibility for this is clearly within the remit of the host supervisory authority. For instance, all companies selling in Ireland are subject to the Consumer Protection Code and my colleagues within the Consumer Protection Directorate have primary responsibility for the area of ‘conduct’.

I put it to you, what is your conduct culture? Is your business really customer centric? What does your end to end sales process look like and what are the touch points with the consumer?

In a crisis what would your people do? Meet their sales target selling inappropriate products or ‘do the right thing’? Not only the right thing for your customers but for your business?

Minimum compliance with regulation in this area will not be enough to build a sustainable, truly customer centric business.

Actually ‘doing the right thing’, identifying core consumer needs and delivering better quality consumer outcomes will drive a different relationship with the consumer and deliver a more sustainable level of return to the shareholder.

This will require driving a much more customer centric model than has been the case to date, which will include in many cases a change in approach to conduct culture.

Now is the time to seize the opportunity to successfully reframe your approach to risk management and your conduct culture.

Develop the culture of your organisation towards one of trust and ‘risk intelligence’ where everyone understands the firm’s approach to risk, takes personal responsibility to manage risk and encourages others to follow their example.

Collective responsibility and individual accountability should go hand in hand.

You may say that this is easier said than done. Changes to customer and employee engagement models take much longer to embed and are much more complex to put in place. As a result, perseverance and consistent reinforcement will be required from the leaders within your organisation.

To implement cultural change effectively, you need clarity on what your desired culture is, communicate it clearly to everyone in your company and support this with the right incentives to drive the right behaviours.

Just take a moment to consider, could you succinctly articulate your desired culture here and now if I asked you to? And if you can, have you won over both the ‘hearts and minds’ of those in your organisation in this regard?

Have you communicated your values and desired culture with your staff? Do they know what your expectations of them are? Has this been followed through in the actions of your leaders throughout your organisation?

Have you designed your risk management programmes to include a focus on people in addition to rules and controls? Do your compensation, reward and performance management programmes reflect your risk management and conduct tenets?

Key levers and enablers of change are compensation, rewards and disciplinary measures. Individual responsibility for behaviour was notably lacking during the financial crisis and in the scandals of late.

Misaligned performance incentives, inadequate board oversight and poor governance were all found to contribute to cultural problems. Recent research on risk culture has shown that financial services leaders recognise the need for long-term leadership and culture changes, including restructuring performance and compensation structures in order to begin addressing the existing negative market perception of financial services.

It appears as though, these are slow to change. The practice of formally integrating risk considerations during performance conversations as well as delivering performance feedback is on the rise, along with discussions regarding adherence to risk management policies, processes and procedures.

This is positive, however, a number of other performance management and compensation practices have been very slow to change or have not changed.

For example the use of:

  • Financial rewards to encourage effective risk management.
  • Use of penalties for employees taking unacceptable risk.
  • Limits on executive bonuses and compensation etc.
  • Remuneration systems which reward servicing the greater, long-term interests of the undertaking, including sustained profitability, as opposed to short-term revenue generation.

These changes are critical in influencing the desired behaviours and compliance, as this indicates to employees what is truly valued by the company.

The Board is ultimately responsible for the compensation system’s design and operation of your company. It should establish the general principles of the remuneration policy which will drive and support their desired culture.

What are we as the regulator doing in the area of culture?

Behaviour and culture is becoming increasingly important as a part of the supervisory agenda worldwide. The financial crisis showed that its root causes were not solely attributable to governance structures being inadequate, but rather that the Board and management behaviour within those structures were below standard.

Pre-crisis supervision was mainly backward looking, focusing on financial risks, systems and controls. Supervision is now making a shift towards a more forward-looking approach and overall, a more complete assessment of risks, not only financial but non-financial risks, including an assessment of culture and behaviours.

This work has already begun and has begun in earnest in the Netherlands with the Dutch regulator the DNB leading the way in the supervision of behaviour and culture.

Our own supervisory engagement locally at the Central Bank has also:

  • Held Boards more accountable for behaviour and culture within their organisations.
  • Have addressed sensitive Board issues more directly and intervened where it is perceived that Board dynamics appear ineffective.
  • Reinforced the importance of the role of the Independent non-executive Directors on the Board.
  • Increased focus on the role and expectations of senior management positions such as CROs and newly appointed Heads of Actuarial function.

The future of supervision in this area will look in particular at assessing:

  • Board patterns in Decision making.
  • Maturity of risk management frameworks and the embeddedness of risk management throughout organisations.
  • Building our cultural awareness of your company, outside of the Boardroom, through our on-site inspections team.

Notwithstanding the regulatory and supervisory agenda in the area of behaviour and culture, don’t wait for us to check if you have complied with regulations. One of the core principles of ‘good culture’ is ‘what people do when nobody else is looking?’ What is the right thing to do? Not just what do the regulations require us to do? We all saw how taking the latter approach has caught up with companies such as Volkswagen. Finding a way to comply with the rules but not buying into the spirit of the regulation.

Developing and embedding a culture of ‘doing the right thing’ and delivering results and profits to your shareholder do not have to be mutually exclusive. If we look at some of the examples of companies which appear to have been synonymous with ‘good’ cultures in the world, these often tend to be technology companies.

Yes, Google has a reputation for a fun environment of restaurants, gyms, medical care, employee trips, parties and being dog-friendly. Ask yourself, what is at the core of this? Attracting the brightest and best talent to enable them to deliver services to customers which customers want and need and which are the best on the market. All elements of their culture are aligned to ‘customer centricity’, keeping the customer satisfied, because in their industry this is how they build resilience against competitors and prosper. 

Having a culture of ‘doing the right thing’ by employees and customers in companies like this, enables them to attract and retain talent, provide customers with services they value and deliver positive returns to their shareholder. So, why is it that it seems to be engrained in the psyche of financial services providers that having a culture of ‘doing the right thing’ and making profits is too often considered to be impossible.

Embedding appropriate cultures in the Boardroom and sub-cultures of risk and conduct within your company could be the key differentiator and enabler of success and longevity for you in the marketplace. Truly embedding a culture of ‘customer centricity’ will lead to better products, more suitable products for consumers while reducing conduct risks.

As a leader in your company, you have a choice. You can choose to take the minimum compliance approach, ‘tick all the boxes’ on paper and not tackle the issue of culture. You can put in place what on the face of it appear to be good governance frameworks and structures, processes and procedures, and that in itself is not a task to be underestimated. But what are the potential consequences of not developing the moral compass of your people? Are you by default choosing to rely on the Central Bank to be the conscience of your company?

Although having the appropriate structures and legislation in place will strengthen governance, these will do little to prevent future failures as they cannot address the underlying causes. Governance structures and legislative requirements will not prevent companies pursuing flawed strategies or making poor acquisitions. Nor will they reign in overly ambitious or dominant CEOs quickly enough. Only a successful marriage of governance and culture working together, with a strong and challenging board at the top can prevent the crises of the future.

How, as a Board member, or CEO, or Chief Risk Officer, or Head of Actuarial function, or whatever executive position you hold in the company, can you provide oversight of all of your employees? This number may range from a few to hundreds or thousands of people. In ‘Swimming with Sharks’ we read “Quite often the ones building the bombs are far away from the top”, so wouldn’t you want to know that the culture you have created will make your people want to do the right thing as well as operate within your governance frameworks.

The overriding responsibility for improving the behaviour of your company lies within your leadership teams and the Board, operating within a framework set out by regulators. It is for you, the leaders and Board members to define the values and purpose of the companies which you lead, to appoint and promote people who are aligned to your values, to decide which types of business you are happy to accept and which to turn away, and to do everything in your power to make sure that the tone set at the top reaches all the way down through your organisation.

According to Ronald Regan “The greatest leader is not necessarily the one who does the greatest things. He/she is the one that gets people to do the greatest things”.

This will not happen overnight. Embedding culture is a slow process, one that requires persistence and constant reinforcement with the right behaviours. This journey may be longer for some more than others but nevertheless it is a journey worth making as the potential opportunities and prize is too great not to pursue.

The prize is twofold, internally having the right culture will give the Board and the senior leadership team confidence that the governance and risk management frameworks you have designed are more likely to be effective in practice; and externally it will regain the confidence of consumers and shareholders over time, and ultimately underpin the long-term sustainability of the sector.

Culture and Governance – Acting together for a happy marriage. So what is a happy marriage? The greatest marriages are built on teamwork. A mutual respect and a healthy dose of admiration.