CHAPTER 16
Building the Right Culture: Values, Organization, and Culture
Banks lost billions of dollars in operational failures in the last few years. Reducing such losses in the future will come from banks changing the way they think about risk. Too often, people think of risk management that takes place in an obscure and arcane part of the firm. Firms that build a culture where all employees see risk management as part of their job responsibility and make that an integral part of the firm's culture can seize an important source of competitive advantage.
Seeing the Value of Your Contribution
The work of Adam Grant, the youngest tenured professor at Wharton School of Business, was profiled in the Sunday Times Magazine. The profile can be summarized in the following sentence: “The greatest untapped source of motivation is service to others; focusing on the contribution of our work to other peoples' lives has the potential to make us more productive than thinking about helping ourselves.”1 It may seem counterintuitive to argue that this is part of future success for investment banks, where as long as anyone can remember, “Greed is good”2 has been the path to success. However, in its broadest sense, what the statement is talking about rings true: Employees want meaning in their lives, so why not give it to them in the workplace?
Grant's research shows that when workers understand how their work can benefit others, they become more effective. An early piece of Grant's research focused on a university call center raising funds for, amongst other things, university scholarships. Grant brought in a student who had benefited from that fund raising to speak for 10 minutes to the call center workforce about the impact that the scholarship has had on his life. A month after the testimonial, the workers spent 142 percent more time on the phone and bringing in 171 percent more revenue. These results were repeated in subsequent studies obviously tapping into a desire people have to help others.
The steps that many firms have already taken to encourage their employees to give back to society is strong evidence that they recognize this source of employee motivation. It is now part of the normative culture of investment banks to ask employees to give a certain number of work hours to community projects and then keep a table of hours given by line of business/function to tap into the competitive spirit of bank employees. However, giving time and money is still only at the margins of employee activity. There is more that can be done to make employees change the way they perform their core functions. Here are some examples.
Example 1: The Rogue Trader
For this first example, let's think about the chain of events caused by a trader taking risks beyond the trading mandate he has been given by his firm. Let's say he exceeds his risk limits once. Trading firms generally foresee such events occurring and allow for exceptions to mandates or limits to be granted on a temporary basis. So the trader in this case requests a temporary increase in his limit until he can exit the position. The limit is exceeded once again, however, and this leads ultimately to a significant loss for the firm. But because this is a trader has been very successful in the past, the loss, then, may be chalked up to bad luck, unlikely to be repeated. No action is taken against the trader though risk managers at a more junior level have pointed out their concerns to senior management. Six months later, the same trader swings the bat on another trade, again only informing risk managers after the event. This time he manages to make a large profit. Again, no action is taken and the trader reduces the position back within the limit after a three‐day period. Three months later, however, the same trader is in action again, and this time makes a huge loss for the firm. As a result, the firm makes a loss for the quarter and the year. As a result people lose their jobs, including folks in operations and risk, who had not been making decisions about these trades.
Example 2: Money Laundering
For the second example, let's think about the chain of events caused by a failure to enforce anti‐money‐laundering controls. As a result of these failures, drug gangs are able to launder money through the Mexican branch of your bank. With the money they now have, they are able to increase the size of the operation and buy arms for their internal security division. The increasing effectiveness of their operations enables the gang to reduce its price to the middlemen selling the drugs in Manhattan. As a result of the price decrease, drugs become more affordable to a wider range of consumers in the United States, and so usage increases, and with it the problem that it causes.
Fixing the Organization
Taking the lead from Grant's research highlighted in the two previous examples, by educating employees about the implications of their actions, firms can tap into employees' desire to do the right thing, and in these cases to manage risk more effectively. In the case of the risky trades, if colleagues become familiar with the home lives of their colleagues, if traders can become aware that more than just the size of their bonuses is riding on the success of their trades, that there is a whole inter‐connectedness between traders and the lives of the people who support and manage the control functions, maybe traders would think harder about the risks they take on. Similarly, in the case of money laundering, perhaps by teaching bank employees about the effects of drugs on home life, crime, and the breaking of family and community bonds, they would bring more passion and focus to the task.
Well, that sounds simple enough. Just tell people that what they do will help other people in specific ways—that the people who support the traders day to day in control functions have real lives that are connected to theirs, or that failing to address money laundering can have a real impacts on peoples' lives in the community, and they will do their jobs more effectively. It is not quite that simple, unfortunately. People might be educated into wanting to do the right thing, but still be stymied from doing so unless the organization enables them to do so by creating the communication flows across and up and down the firm.
Effective risk management must also be concerned with organizational design. The next section addresses the organizational barriers that impede the efforts to reduce losses and create a more effective culture.
Breaking Down Organizational Barriers to Change
Remove Silos
The first problem a person with good intentions will be confronted with is the inability to get an accurate picture of current risks across the firm. Management consultants and leaders of firms often talk about the problem of silos, by which they mean business units or information systems narrowly focused and incapable of or unwilling to exchange information with other parts of the business. This is a particularly important issue when one is attempting to confront enterprise risk issues since, by nature, they require an ability to pull information from different parts of the firm.
Example 1: Information sharing across Silos
One example of how important this would be is when a fat‐finger trade error occurs in one part of the firm—say, institutional equities trading.3 The equities leadership team and equities risk management, then, do an excellent job of analyzing the system controls that could have prevented such an event from occurring and then puts them in place. Problem solved, and no reoccurrence likely. Unfortunately, the equities group does not share this analysis or mitigating actions with other lines of business. A year later, an incident occurs in wealth management that could have been prevented by putting in place the same controls enacted on the institutional side of the business. So a known flaw was allowed to persist elsewhere in the firm. This type of problem illustrates the difficulties in getting the information that would be helpful to a risk manager or just an employee trying to do the right thing.
So at its most basic it is a problem of people in different lines of business not sharing information with one another. It is also, however, information systems not being designed in ways that can facilitate information sharing. Folks tend to create local information systems to serve their own needs because it is generally quicker and easier to do so. Attempting to build connections between these parochial systems later on is then inherently difficult.
Example 2: Valuation Pricing
Let's consider the valuation of one security traded by different lines of business.4 Equities may hedge positions with bonds and credit default swaps, as well as interest rate products, yet they may price the security differently than their colleagues in fixed income if they use different systems. Ensuring a common valuation platform and single price is important because of the efficiency benefits and because it reduces the scope for gaming the system. However, despite multiyear projects and major investment to create single pricing contexts across the investment banks, challenges remain. The London Whale incident illustrated this since the CIO and the investment bank at JPMC were pricing the same CDX series IG9 on a different basis at different points in time. This price differential is something that no doubt JPMorgan's counterparties were aware of at the time. Had a system been in place that enforced a single price for every product across the bank, then the change in valuation procedures from midspreads, reported by both the internal and the Senate report, would have been kicked out as an exception.
This type of problem illustrates the difficulties in getting the information that would be helpful to a risk manager or just an employee trying to do the right thing.
Management from a Distance
The second way that organizational structure can stymie effective risk‐management activities is the distance of leadership from those they are leading. The challenge for any leader in a globally distributed organization is maintaining a real‐time view of activities going on in the group for which you have responsibility. The challenge for the employee is maintaining a relationship that facilitates sharing of information in an open and honest way. The requirement for intercontinental reporting relationships is often unavoidable but there is nothing natural about such relationships and they do not come without risks.
Former JPMorgan CIO Ina Drew was responsible for managing such a global group. Obviously, there were some extremely strong individuals and networks in the London office under her oversight, and in her testimony before the Senate she acknowledged that a number of things were going on that she was not aware of at the time.5 This illustrates the distance that can exist between a manager on one continent and the team on another. This creates additional risk potentially when a volatile trading portfolio is at stake. There is no silver bullet here. It is simply the case that organizations and managers with global responsibilities must be aware of the issue and build in strong management processes and other compensating mechanisms to address the inherent limitations of the situation.
A Shared Language/No Jargon
The third issue is one of language. The language employed by traders can be hard for folks in control and leadership functions to understand. One of the conclusions of the Senate report into the London Whale incident commenting on a proposal by the London trading team in January 2012 to the JPMorgan Chief Investment Office Risk Committee was that the proposal contained “jargon that even the relevant actors and regulators could not understand.” Many times, such jargon simply reflects the way traders speak to one another, similar to the medical terminology that doctors use with one another, or used by other technical professions when communicating with each other. When listening to such a presentation, members of the audience may limit their desire for clarification by a competing desire not to show ignorance. The higher up a person is in the chain of command, the more protective he will tend to be of his all‐knowing status. That is a problem, since reticence to ask questions is likely to limit understanding. Limited understanding prevents real involvement in the decision‐making process and a greater likelihood to simply let things go, which in turn allows the risk to grow. The language problem is fairly common across all banks—for instance, in new product approval committees6 and risk committees. Unless a concerted effort is made to avoid it, the language contained in the product proposal and the language and terms that get batted around can quickly reduce the number of people able to take part effectively in the conversation. Firms following best practices try to combat the use of jargon by, for instance, mandating the use of commonly understood terms and language in new product approval or large trade approval meetings. This can save blushes of those who would rather not ask. Such an approach could likely prevent proposals from moving forward without proper discussion and limit setting.
An Open Society
The barriers I've discussed so far—silos, distant reporting relationships, and use of jargon—can all subvert the best of intentions. But unless an organization is committed to open and honest discussion of its flaws and risks up and down the organization, it is to be expected that those barriers will remain in place.
The tone from the top plays a huge part in enabling open and honest discussion to take place. Bridgewater Associates is one example of a firm that takes pride in analysis of things that have gone wrong. Employees in fact are asked, even required, to reflect on mistakes that they make, often in front of a group of other employees. This very much reflects the views of the CEO and founder, Ray Dallio. While it can sound very intense (and often is), the process seems to be very effective in identifying potential weaknesses and fixing them before they can reoccur.7
Additionally, a chain of errors can take place, each error magnifying the impact of the prior ones. Imagine, if you will, at the quarterly risk briefing of the CFO wherein the various significant incidents of the quarter are discussed. When asked about one particular incident, the risk manager says, “Oh yes, there must have been about 10 things that went wrong with that one.” In response to the CFO's question of whether the problem has been fixed, the risk manager continues, “Well, to be honest, we have not yet had the chance to do a deep dive into all chain of errors and so I can't say for sure.” Well, nothing is more likely to alarm the CFO than the idea of 10 things going wrong again, and so naturally he asks for immediate action to address the issue. Traditionally, organizations and risk managers on Wall Street have shied away from holding the candle to such events too closely out of concern that people, particularly leaders, might get the wrong impression and set off unnecessary alarm bells. However, firm leaders—CEOs and CFOs—want to know what is going on because they don't want to end up in the next day's headlines. It stands to reason that organizations open to discussing their flaws are generally much better equipped to deal with operational risk. Imagine the harm where the fact pattern and scenario of a rogue trading incident in one division and region are not shared with other divisions' and regions' risk managers. Could it not more easily reoccur elsewhere within the bank? Effective operational risk management cannot flourish in the closed societies that are so often the case on Wall Street.
A willingness to create an open society, one that takes seriously the flaws and incidents that occur, and discuss them up, down, and across the organization, has to come from the top, the very top. Without the CEO's and CFO's involvement and interest, what happens is inconsistency and differentiation between functions and business units as to the extent they are willing to question and discuss errors and incidents. For example, the head of operations may want every incident documented and discussed in an open forum, while the head of finance may take a very different view. Similarly, one might find similar inconsistency between, say, equities and fixed income. What is needed is a consistently open approach across the entire firm.
An Ethical Culture
Even with an open society and a well‐designed organization, it is all for naught if it is not an ethical one. Educating employees about the negative consequences of risk failures, and fixing the organization when they do occur, are a good start but must be underpinned by an ethical culture. An ethical culture is one that demonstrates a clear sense of right and wrong, clearly identifies what is acceptable and what is unacceptable, and that rewards employees for doing the right thing and punishes employees when they fail to do so. Employees must know, for example, that the consequences of bad behaviors will be applied consistently, regardless of seniority and that there are equally, consistently applied rewards for good behavior.
A code of ethics8 is a good start and an effective training program for that code of ethics is the follow‐up needed. The firm's code of ethics should be translated into concrete examples for each employee within the area that he or she works in. What is expected within treasury, equity trading, equity research, and so on is what is expected by every other division. However, it is not just about what is needed to ensure that one stays within the rules; it is also about what employees can do to ensure that colleagues, bosses, and the firm stay within the rules. There should be a pride in ensuring that the firm does the right thing. However, it all starts with employees having a clear sense of what the right thing is. Incentive schemes and employee metrics aligned with risk management should help support this effort.