Risk Management & Human Behaviour

What decides whether an organisation operates within risk frameworks? Is it the policies in place, the business strategies that push up against those policies, what’s the deciding factor?

In 2016 more and more people are accepting something which even though it’s very simple, has long been a difficult concept for many risk and compliance professionals to grasp – it’s human behaviour. The personalities and psychology of the people making decisions will always be the single most important factor in whether your company can successfully operate in a tightly regulated environment or whether you will face insurmountable challenges.

Psychology and character have always played a role in risk, with Finance Professionals often complaining about nervous, paranoid Risk Managers who aren’t willing to allow the type of risk-taking  – -behaviour needed to achieve the biggest possible profits. I’m hopeful that the rise of Behavioural Risk Management will help to break down these stereotypes and enable the different business areas to communicate and collaborate more efficiently.
Behavioural Risk Management applies a psychological framework to the decision-making process of every individual within an organisation. Every decision made by an employee has an impact on the level of risk that an organisation is currently managing. More popularly this process is housed under Conduct Risk – which takes into account inherent behavioural aspects as they relate to increasing or decreasing risk exposure.

A Conduct Risk strategy that relies entirely on projecting future risk breaches based on past incidents, will most likely not be as powerful a preventative as a Behavioural approach that considers the distinct personalities of your personnel, especially the most exposed individuals. Over recent years, organisations have started to move away from Psychological Profiling (regardless of seniority) and adopted more of an Informal, Conversational structure to assess team-fit and culture-fit – should we be looking to Psychometric Testing when appointing new people into risk-exposed roles?

Talk to Kind Consultancy if you’re interested in a review of your interview and hiring process, or your wider risk resource needs. Contact us on info@kindconsultancy.com or call 0121 643 2100.

[Header image from Health Blog.]

Read more from Kind on Culture & Conduct Risk

Conduct Risk: Who is Responsible?

“Conduct risk” has been a top priority for the FCA ever since their formation in 2013, but to many it’s still a confusing and vague concept.  The FCA have defined it as “the risk that firm behaviours will result in poor outcomes for customers”, one suggested explanation from Thomson Reuters 13/14 Conduct Risk survey is that it is “the risk that detriment is caused to our customers, clients, counterparties and their employees because of inappropriate judgement in the execution of our business activities”.

So who is responsible for something so wide ranging? When discussing conduct risk we tend to talk a lot about company “culture” and the need to have the right kind of culture and failings of a company’s culture.  The Institute of Risk Management (in their 2012 paper ‘Risk Culture: Under the Microscope Guidance for Boards’)  say that “the culture of a group arises from the repeated behaviour of its members. The behaviour of the group and its constituent individuals is shaped by their underlying attitudes. Both behaviour and attitudes are influenced by the prevailing culture of the group.”

At a recent event held in association with our business partners Crowe Global Risk Consulting, John Thirlwell spoke about ‘culture’ not being something that your compliance management team can quickly fix, it’s a question of how everyone in your organisation behaves on a day to day basis, especially the people at the top. If your senior management team, with all their power and influence, are behaving unethically, they can’t expect any better from the staff beneath them. Thirlwell went on to say that conduct risk shouldn’t be monitored and managed purely for regulation’s sake, good conduct should be something that we do regardless because it’s the right thing to do.

Compliance management obviously play an important role in monitoring but if we’re talking about people’s personal conduct on a day to day basis, who does that fall to?  If we’re talking about people’s everyday behaviour and moral standing, are HR responsible? Or is it the line managers that people are reporting to? Or should the board be held accountable for embedding the right kind of culture and modelling good conduct? You can’t expect a company with 5000 employees to have a board member sat in every single interview, or to have an HR representative in every meeting, or to have a compliance officer tracking everyone’s behaviour all day.  It falls then to every person within an organisation to make sure they individually are doing the right thing and enacting a positive culture.

The question you need to ask then is not ‘how can we make sure we’re compliant?’ but instead ‘who controls the culture in our company?’ and ‘am I making positive contributions to that culture?

Lynsey Moore

[This post originally appeared on Lynsey’s LinkedIn]

For more risk-related reading why not try – “The Modern CRO: It’s All About Risk”

Or click here to see all of our blog posts on Culture & Conduct Risk.

Get in touch