Take a Hard Look at How Culture and Governance Affect Your Whole Enterprise
“Like a gentle breeze, culture may be hard to see, but you can feel it.”
That’s William C. Dudley, president and CEO of the Federal Reserve Bank of New York, encapsulating the difficult task of entrenching cultural values within banks. But more importantly, is the culture your staff feels one that actually breeds good governance, i.e., does it help, encourage and motivate everyone to do the right thing? While this may seem like a soft topic, your corporate culture and governance hold the actual keys to improved performance enterprisewide.
Corporate Culture and Governance Are Hot on Today’s Play List
Regulatory agencies and governmental leaders believe there are still important lessons to be learned from the 2008 financial crisis, and they are increasingly turning their attention to the lesson of governance and its connected cousin—corporate culture. Regulatory bodies of all types are declaring this message: corporate governance is crucial to safety and soundness, and corporate culture is the key driver in breeding good governance.
In April via its Special Corporate Governance Edition of Supervisory Insights, the FDIC stressed that “prudent oversight is rooted in the directors sending a clear message to staff that they value a strong risk management culture that includes a strong ethical culture.” The institutional benefits of this oversight, it argues, are greater profitability, competitiveness and resiliency. While the Basel Committee’s perspective focuses on the macroeconomic benefit: “well-governed banks contribute to the maintenance of an efficient and cost-effective supervisory process, as there is less need for supervisory intervention.”
Industry thought leaders are on this same page. Just last year, consulting firm Deloitte ranked governance and risk management as the top regulatory trend, warning that, “in order to meet formal expectations set by the Federal Reserve Board (FRB) and the Office of the Comptroller of the Currency (OCC), banks must elevate their standards for governance and enterprise risk management to meet increased and more formal expectations.”
A Corporate Culture You Can See and Trust to Do the Right Thing
Given the current regulatory mindset, it isn’t enough to just claim to have a strong corporate culture. First, the culture you create must consistently engender ethical behavior and “do the right thing” attitudes. As Federal Reserve Board Governor Daniel Tarullo described it, this culture is the “set of norms that appear to inform the behavior of those within the organization, even in the absence of explicit and specific rules or instructions.” Second, it is not enough for your staff to feel this culture; it needs to be seen and lived every day, by everyone, from the board of directors to the lowest paid staff member.
Take this 10-part questionnaire to see how your corporate culture stacks up.
- How Do You Lead? Regulators are emphasizing that corporate culture starts with the board of directors and senior management and specifically depends on their “tone from the top.” In addition to being independent, informed, and invested in a culture that breeds good governance, the board must also ensure that it fills key leadership positions with experienced and knowledgeable people who will take the time to invest in such a culture. For real-world proof that regulators are serious about this tone from the top, read through these recent regulatory orders that call for improved and increased board oversight: Order Issued Upon Consent from the New York State Department of Financial Services and Order to Pay Civil Money Penalty from the FDIC.
- How Do You Speak? Do you say one thing, yet do another? We’ve all experienced that, but the difference now is that examiners are on the alert for such insincerity. To counteract it, the Basel Committee says “management should develop a written code of ethics or a code of conduct,” either of which “is intended to foster a culture of honesty and accountability to protect the interest of its customers and shareholders.” Once written, that code needs to be infused into all internal and external communications as well as in all documentation of policies and procedures.
- How Do You Hire? The FDIC underscores the importance of the hiring process in integrating corporate culture, specifically the need to prioritize integrity alongside knowledge and experience. The board is expected to vet candidates for leadership positions through this lens, and hiring managers at every level should do the same.
- How Do You Train? Karl Dahlgren of BAI Banking Strategies stresses that training, especially compliance-related instruction, is not a one-time thing. He also suggests it can do more than just educate. “When taught properly and when used appropriately, compliance knowledge and ideals can also help energize a bank’s mission to better serve customers and improve return on investment.”
- How Do You Compensate? Do you reward for good performance, but ignore unethical or overly risky behavior? If so, your compensation program needs to be recalibrated to reward behavior that supports an ethical culture and good governance. According to the Basel Committee, “remuneration systems form a key component of the governance and incentive structure through which the board and senior management promote good performance, convey acceptable risk-taking behavior and reinforce the bank’s operating and risk culture.”
- How Do You Promote? Similar to compensation, whom you promote is critical. Promoting only those who fully buy into the culture and have been dedicated to ethical behavior and good governance is a powerful motivator to everyone else who wants to climb the corporate ladder.
- How Do You Plan? “Strong corporate governance is the foundation for an institution’s safe-and-sound operations,” says the FDIC. Therefore it must inform all strategic and tactical planning. This is particularly important in product development, where Dahlgren notes major benefits to a strong culture of compliance. “A better comprehension of compliance may also encourage the creation of new products and services that bankers may have previously avoided, simply out of lack of understanding what is permissible.”
- How Do You Collaborate? When discussing a new product or service, or how to improve a policy or process, do you solicit a wide range of perspectives? Here again, Dudley of the Federal Reserve Bank of New York weighs in, encouraging boards and senior management to “foster an environment that rewards the free exchange of ideas and views.”
- How Does Your Institution Report on Itself? In the same speech, Dudley points out that “a firm’s employees are its best monitors, but this only works well if they feel a shared responsibility to speak up, expect to be heard, and their efforts supported by management.” The Basel Committee stresses this too: “Employees should be encouraged and able to communicate, confidentially and without the risk of reprisal, legitimate concerns about illegal, unethical or questionable practices.”
- How Do You Address Non-Compliance? When issues are raised by staff or examiners, action must be taken. Dudley notes that “a healthy culture is one where problems are identified early and promptly addressed.” The added benefit is that “early self-reporting sends a powerful message to employees and to regulators about a firm’s respect for law.”
Focusing on Corporate Culture is More Than a Regulatory Exercise
We’ve quoted a lot of regulatory advice, and it’s important to realize that this issue is top of mind for regulators. However, there’s a bigger reason to tackle your corporate culture: it can improve your profit margin, competitive advantage and overall resilience in a continually changing industry. This culture change won’t and isn’t expected to happen overnight, but tools like CSI’s SmartRisk IQ make it easier to get a head start.
As Dudley says, “turning around a firm’s culture is a marathon, not a sprint.” But remember, you must begin the race in order to enjoy its benefits.
Amber Goodrich, Compliance Strategist for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Regulatory Compliance Manager (CRCM) and Certified Bank Secrecy Act (BSA) Professional (CBAP).