Reviewing behavioural risk and understanding how it can impact performance and integrity
Mirea Raaijmakers, former Global Head, Behavioural Risk Management, ING
Below is an insight into what can be expected from Mirea’s session at Risk EMEA 2023.
The views and opinions expressed in this article are those of he thought leader as an individual, and are not attributed to CeFPro or any particular organization.
Why is it important to create the correct behavior within a financial institution?
Human behavior can lead us to ‘above and beyond’ performance, ground-breaking innovations and deeply felt connections between people. But it can also get us into trouble. With the recent developments in the banking landscape – the fall of Credit Suisse and Silicon Vally Bank – we see that leadership behavior impacts financial performance, reputation & integrity and its licence to operate. It impacts the stability of the financial system and many stakeholders, such as employees, clients, investors and regulators. Of course, culture isn’t the sole root cause or explanation for what happened, but deciding to run a bank without a Chief Risk Officer for a considerable amount of time (SVB) and a culture of “the bank seems to have remained firmly rooted in traditional (and outdated) concepts of Swiss bank secrecy that prioritize wealth concealment, anonymity and tax avoidance.”[1] (CS) tell us leadership behavior is part of the problem.
Why is it important to understand the relationship between behavioral and people risk?
Let me first elaborate on behavioral risk. Behavior is everything people do that can be perceived by others: it is about what you can see and hear, what you observe and what you express. Behaviors that seem to be effective in a certain situation are used more often, which eventually results in patterns of behavior. Behavioral patterns are everyday habits that are performed automatically and unconsciously. These automatic, unconscious, implicit behavioral patterns can become a pitfall or even harmful to the performance of groups. Consider, for example, a CEO who is always very dominant in team meetings and does not listen to ideas or examples coming from others, while board members do not intervene but accept the leader’s behavior and thereby enable his dominance – time after time. This behavioral pattern stands in the way of making well-considered, weighted decision. When behavioral patterns contribute to the root causes of financial and non-financial risks in the organization, this is referred to as ‘behavioral risk’[2].
The Basel Committee refers to ‘People Risk’ as one of the key operational risk categories of events in the context of operational risk being ‘the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events’. Including for example human error, fraud and malice, failures of information systems, problems related to personnel management, commercial disputes, accidents, fires, floods, etc…
In my view people risk is often defined in terms of talent practices, Diversity & inclusion, Health & Safety, retention and engagement and digitization.
From a risk management perspective I would say that behavioral risk is usually defined as a risk driver of all kinds of risk outcomes, such as financial risk, operational risks or compliance risks. People risk is in my view often defined as a risk outcome such as turnover, absenteeism, errors or criminal activity.
What are the best practices to apply behavioral risk management?
The behavioral risk management practices vary across banks:
- Methods being applied range from seeking patterns amid troves of data from past internal investigations, to pinpointing trouble spots through employee surveys and observations of management and staff interactions[3].
- The professionals involved range from existing staff with traditional banking professions such as auditors, compliance officers or first line risk officers to subject matter experts and professionals with less traditional banking backgrounds such as behavioral science, organizational psychology, data science and change management.
- They differ in how these capabilities are positioned across the three lines of defence. There are capabilities in Audit and Compliance but also in the business.
In my view there is one condition that is key for a behavioral risk capability which is impartiality. During my years at ING the BRM was set up as an independent risk function, reporting directly to ING’s Chief Risk Officer. This strategic and neutral positioning emphasizes the importance the company attaches to behavioral risk but it also:
- Safeguards that the practice can act independently, not limited to the regulatory agenda;
- Provides direct access to management board to maximize impact;
- Avoids conflicts of interest when assessing departments in the same line of defence;
- Ensures neutrality of BRM work: both during behavioral risk assessments as well as in designing behavioral interventions;
- Makes it possible to provide expertise as a ‘specialist’ in behavioral risk, and advise and collaborate with relevant stakeholders in the organization such as Human Resources and Compliance;
How can financial institutions effectively identify behavioral risk?
The first important step to effectively implement behavioral risk management is to lay the foundation by establishing a model that defines the behaviors in scope and that describes the key drivers of these behaviors. Examples of behavioral drivers are, for instance, organizational structures and incentive schemes but also collective beliefs and group dynamics. These behavioral drivers are usually a blind spot in the industry as these are less tangible, hard to translate into a spreadsheet and hidden underneath the waterline. Being specific about this helps to bring focus, as the pitfall of these kind of assessments can easily be the need to ‘cover everything’. Behavior and their drivers make concepts like ‘risk culture’ much more actionable.
Identification of behavioral risks is usually done in two different ways:
- a bank wide approach that scans the horizon and identifies areas that are prone to behavioral risks and/or:
- a deep-dive approach that systematically assesses the behaviors and underlying drivers of behavioral patterns that can contribute to the root causes of financial and non-financial risks in the organization. Usually different research methods are applied to support a conclusion based on different sources such as surveys, interviews, and behavioral observations.
What are the key actions firms can take to mitigate behavioral risk?
Based on thorough diagnosis, targeted interventions can be designed together with the business. The goal of the interventions is to change undesired behaviors and mitigate behavioral risks. Regardless of the behavioral risks that are identified the first step is to discuss the insights and findings with senior management and staff. This raises awareness and stimulates open discussion and reflection.
In the design phase of behavioral interventions the desired and undesired behaviors need to be defined. But specifically, interventions need to address the root cause for the undesired behaviors. Often these root causes are related to the social system or group dynamics, such as lack of trust or status differences between commercial staff and compliance staff. These type of root causes are easily overlooked in the financial sector. Going back to the example of the dominant CEO for instance, replacing this leader may not be a solution if the social system (in this case: the board) itself carries risks through the – probably implicit – pattern of not speaking up, and in turn allowing leaders to be dominant. Tackling this group dynamic (informal driver), and in turn leadership behavior, would require, for instance, an intervention with not just the CEO, but with the entire social system (s)he is part of.
It is most powerful to have smaller and larger interventions run synergistically, so that they consolidate and create a so-called snowball effect; individually starting from a state of relatively small significance but building on each other to drive systematic change. Which interventions are deployed is decided upon after the deep dive. This can range from implementing simple nudges to Large Scale Intervention methodologies focused on understanding and incorporating different perspectives to work towards solutions.
[1] See for example https://www.omfif.org/2023/03/credit-suisse-a-failure-of-regulatory-culture and https://www.reuters.com/business/finance/spies-lies-chairmans-exit-credit-suisses-scandals-2022-01-17
[2] Raaijmakers, M. et al (2022). Using a behavioural lens to manage risk in the financial industry, The Behavioural Economics Guide 2022 (p.38-45).
[3] https://www.reuters.com/article/bc-finreg-behavioral-risk-management-evo-idUSKBN2GO237