Ross Marrazzo is Managing Partner of Treliant. He is also responsible for the firm’s Corporate & Regulatory Compliance and Global Financial Crimes Compliance services areas. Ross has over 34 years of domestic and international experience in the design, oversight, and assessment of corporate and regulatory compliance, Anti-Money Laundering/Bank Secrecy Act,…
Having a corporate culture that supports high ethical standards and appropriate conduct is always important. Ensuring that culture is fully embedded throughout a financial institution in times of crisis is undoubtedly even more critical. It is a necessary bulwark to ensure resilience as stress and risk rise.
In the normal course of business, a solid culture leads to better decision-making and more satisfied and loyal clients. Also, by helping support recruitment and staff retention, it leads to a higher quality workforce. Because it enables a stronger enterprise, a positive culture is an essential ingredient for financial institutions to perform well over the long run.
In times of crisis, culture plays an even more important role. Stress levels increase on management, staff and customers. People are more harried and have to deal with more competing pressures. In such circumstances, a good culture supports crucial decision-making and performance.
What financial institutions do during a crisis will define them well beyond it. During the current COVID-19 pandemic, legal, regulatory and reputational risks are surging internally and externally. Financial institutions are exposed to more and different potential breakdowns in controls, damage to client relationships, cybersecurity threats, fraudulent practices and other issues that could have a persistent impact long after the crisis ends.
Financial institutions need to reengage appropriately and effectively with their employees, partners, customers and regulators on several levels—human, operational and compliance. This is where a good culture provides invaluable support, since it should, in and of itself, drive employees to do the right thing—thereby mitigating short- and long-term risks. The key is to come out of this crisis as one of the financial institutions that people trust.
Mitigating the risk of social distancing
The social distancing required in response to the COVID-19 pandemic has added new risk dimensions. With staff now working from home whenever feasible, oversight is weaker, controls are less robust, and the more scattered nature of the firm can impair communications. This decentralization of work requires a deliberate focus on a company’s culture. Otherwise, inattention threatens to compound the vulnerabilities inherent in teleworking, resulting in weakened adherence to appropriate policies and procedures.
As a first principle, managers need to be especially sensitive to their employees’ needs and concerns and be supportive in helping to ensure they do not fail. People, as they say, are a company’s most valuable asset. Employees need to be kept close in this crisis, which requires overcoming the shortcomings of telework with ongoing communications, focus on the company’s culture and reinforcement of expectations for ethical behavior.
But it takes more: Shoring up a financial institution’s controls remotely also requires continuous monitoring of employee and third-party activities. If certain on-site monitoring processes have to be suspended, off-site risk mitigation options must be found to replace them. Otherwise, it sends a message to those who present the most risk that they have a window of opportunity to shortcut or even violate policies and procedures that protect the bank, its employees and its customers.
Defending against cyber-risk
Telework arrangements often leave unintended gaps and more opportunity for cyberattacks. Security professionals have already documented thousands of exploits designed to break into corporate networks with scam coronavirus emails, hacks into web-based videoconferences and other tactics.
In such circumstances, a financial institution becomes even more dependent on the premise that its employees will make good decisions as they necessarily operate with greater independence and less oversight. When employees are unsure how to proceed, it is essential that they seek guidance by speaking up and asking for help. When they encounter difficult choices, it is crucial that they make the right ones. This will happen only if a good culture is in place and kept fully activated in times of crisis.
In parallel, network security measures should be adapted to telework. And the risks of fraud (internal and external), money laundering and terrorist financing should be given particular attention during the crisis.
Culture in good times and bad
So, what does a good culture look like? What can management do to encourage and support a culture that makes the enterprise fit for crisis-level stress? And how does management reinforce that culture now, during the COVID-19 crisis? Below is a breakdown of what it takes.
Values and incentives
A financial institution’s values lay the essential foundations of culture. To instill those values, managers need to understand that incentives drive behavior. Incentive and promotion decisions should be tied to performance—but performance broadly defined. Compensation decisions should be based not only on revenue and profits but also on aspects such as stewardship and willingness to encourage debate, speak up and consider multiple stakeholders in decision-making. Performance should be sustainable, supportive of customers’ needs and always guided by the highest degree of ethics.
Expectations placed on any employee should be right-sized to what is possible. If you ask more than people can reasonably do, they will be forced to cut corners. Quality will surely suffer, and risk considerations will be given short shrift.
These dynamics have become more acute during the COVID-19 crisis. Particularly when colleagues and their families are stricken by the coronavirus, employees take on additional work and responsibility. As the heavier load increases the stress on them, shortcuts and other violations of the cultural norm could proliferate. Managers need to identify potential overloads, recognize signs of personal stress and help their employees succeed.
Most important in times of crisis is to encourage people to be responsible for the consequences of their actions. When people are empowered to raise concerns, small problems stay small because they are addressed more quickly. Whether in good times or bad, it is not acceptable to say that “it’s not illegal, so it is acceptable”. It is not appropriate to keep one’s head down when bad behaviors are observed elsewhere—whether it is by colleagues, customers or competitors. Speaking up must be encouraged, even when working from home.
Ownership and control
At all times, it is critical that the first line of defense for risk—that is, the business unit that faces the customer and generates the revenue—owns the risk of its commercial activities. Ownership cannot be outsourced to the compliance department, risk officer or audit function. This means identifying and rectifying weaknesses at an early stage while soliciting and encouraging the support of risk professionals. It means thinking proactively about what might go wrong, putting in compensating controls or adjusting processes and procedures before problems arise.
First-line management must fully support and advocate for the bank’s culture—and this includes supporting a culture of compliance. During times of crisis, managers cannot lose sight of their accountability, both for and to their teams, in maintaining a control environment and treating bank customers fairly.
Actions and conflicts
Actions speak louder than words. Employees always look to management to see how people behave when there are tough choices to be made. Is the high-revenue producer with a poor compliance record rewarded financially and promoted, or is that person held back or even dismissed for behavior that is inconsistent with the company’s professed values? What choices are made when there are conflicts between the short run and long run or between the bank’s near-term profitability and a customer’s long-term interests?
One mantra surrounding the issue of culture is that “the tone at the top” matters. That’s true but insufficient.
What matters now more than ever is how tone cascades down throughout an organization and how tone translates into conduct and behavior. In a time of crisis, how does my boss behave and react when faced with difficult choices? How are the board and management reacting and engaging with employees, customers and the public amid the COVID-19 pandemic and its economic fallout?
Backup in crisis
It almost goes without saying that financial institutions should have a backup plan to manage risk in times of crisis. During the COVID-19 response, even financial institutions with the strongest culture can be stressed as they adapt to the new norms of teleworking, coronavirus-related staffing issues and the additional burden placed on staff to implement speedily new government-sponsored lending programs. Managers need to adjust their backup plans to this crisis, to anticipate the various ways it may impact operations—including bringing in crisis-management expertise as needed.
Companies need to prevent their own crises, those that might be brought on by lapses in upholding culture. Investing in culture needs to be an ongoing and continual exercise at all times. The full benefits of such investment may not always be visible when times are good. But when the waters turn turbulent, the returns on a good culture are likely to be especially high.