The truth is that all men having power ought to be mistrusted. – James Madison
Who should own conduct risk? It’s the biggest question in banking right now. No organisation can begin to manage culture change or employee behaviours without first identifying who should lead that change.
But as James Madison suggests, it’s not easy to know who to hand that kind of power to.
The contenders
1. Most people’s first instinct is to say compliance should own conduct risk.
It’s true, there are a lot of legal and regulatory aspects to conduct risk. However, the FCA has made it very clear that it is looking for firms to dig deeper and address company culture as a route to managing conduct risk.
2. So if it’s a people management question, HR should own conduct risk.
Again that’s a logical suggestion – incentives, training and talent management are all central to implementing culture change and affecting behaviours. Plus HR can represent the views of employees back to the organisation. But HR often lacks the clout and authority to make a real impact.
3. In which case we are left with the Board and CEO.
Organisation leaders own the company culture – they founded it after all. And new initiatives have to be led by example if they are to have any chance of success. That said, many outsiders would argue that handing conduct risk over to the Board is like giving the keys to the prison to, well, the people who shouldn’t have them.
So where does that leave us? The answer lies in – of all places – the US government.
Checks and balances in conduct risk
Many people have heard of checks and balances and the separation of powers within the US government. For those who haven’t, this is a useful introduction:
In essence, the US government has three branches: the legislative, the executive and the judiciary. Each has a parallel in the three contenders for who should own conduct risk and they are most effective when they work together.
The legislative branch: HR and employees
The legislature is the most powerful branch of the US government. The US Constitution gives it the authority to limit the powers of both the executive and the judiciary. It is also responsible for making laws.
To suggest HR and employees are the most powerful part of a financial organisation might seem counterintuitive. But when it comes to conduct risk they are the people on the front line, interacting with clients and making judgements every day.
Your people, and those that decide how to motivate and reward them, are the most powerful group in any organisation. Why? Because ultimately they have the power to stall progress or realise a vision for progressive change.
The executive branch: the board and CEO
While not the most powerful in constitutional terms, the executive branch is the most visible branch of the US government. It is the president’s responsibility to make sure laws are enacted and to manage the various bureaus that keep the country running.
The president also sets the tone for the government and the country. This isn’t a legal responsibility but one that has naturally evolved with the office.
Similarly in a company, the CEO sets the tone for his or her employees. Their behaviour is an example that others will follow and their vision can either inspire or infuriate depending on how closely and how well they work with the legislature (employees).
The judicial branch: compliance
Seemingly the weakest of the three branches, the judiciary has the crucial role of ensuring neither the legislature nor the executive pass laws that contradict the US Constitution.
It is the job of the Supreme Court to hold impeached members of the government to account and to monitor the behaviour and powers exerted by the other two branches.
In parallel, compliance are crucial to managing conduct risk. They are the final arbiters of what is legal and what is not; what meets regulatory requirement and what falls foul. They are the dose of cold, hard reality that every organisation needs.
everyone should own conduct risk
There is no single answer to the question: who should own conduct risk? The responsibility is too broad and too important to be left in the hands of a single department.
Instead, organisations need to work collaboratively with each branch keeping the other in check and working together to build a better firm that treats its citizens (customers) fairly and with integrity.
Don’t avoid taking responsibility for conduct risk. Participate and do your part to keep your company running profitably, productively and progressively.