Editor’s note: David Murray was CEO of the Commonwealth Bank between 1992 and 2005, and later inaugural chairman of the Australian government’s Future Fund. He also led the landmark Financial System Inquiry which reported in 2014. This article was written in September in Murray’s capacity as a senior advisor at global management consultancy Oliver Wyman, and is republished with permission.
Having watched the growing politicisation of banking, aggressive media handling of the issues, and the continuing inability of the banks to push back, I am keen to offer a personal view of what banks might do to handle these problems. I am doing this partly out of frustration: I spent 13 years as CEO of a major domestic bank in Australia and since witnessed a deterioration in public trust and the seeming inability of bank boards and their executives to respond.
In particular, banks appear to have adopted ever more sophisticated systems of risk management, but still suffer from “own goals” – mistakes that reverse any progress they might have made in restoring their reputations.
Some specific experiences have led me to believe that the solution is more about good systems, good controls, and consistent behaviour by top executives than more-complex governance and micro-management by boards. For example, risk committees and their detailed agendas, combined with the heavy workload of statutory reporting and external audit, appear to have distracted attention from internal audit and control systems.
This leads to more work and more anxiety over the next potential risk, yet greater exposure to past errors that could be avoided through a good system of internal control.
In 2014, six years after the onset of the global financial crisis, the Australian government conducted the first full review of the national financial system in 15 years.
While chairing that review, I noticed that the regulatory and academic communities had views grounded in theory, yet the banking industry was unable to address issues in the same language.
This left the industry unable to push back on the theory and less able to push back against regulatory excesses after the crisis.
It seemed to me that bank boards did not have a set of beliefs against which they could judge the quality of their responses.
The starting point for such beliefs is best described in Charles Goodhart’s summary of the rationale for bank regulation, “The Future of Finance” – LSE 2010. This highlighted the importance for bank boards of establishing a process to agree their own beliefs and ensure the alignment of these beliefs with community expectations.
Another observation was that some CEO appointments turned out to be seriously flawed.
My guess is that the boards concerned must have lacked a context for the appointment process. In setting up the Australian Government’s sovereign wealth fund, I initiated a process to give the board a common set of beliefs about investment and portfolio management to give insights into policy and the capacity of the executives doing the work.
This allowed the board to step back from unnecessary detail and be more effective.
Moreover, the shared beliefs provide a far better framework for the Chief Executive appointment process.
Lastly, my learnings from moving a government-owned bank through privatisation to public listing and market leadership helped me appreciate the links between leader behaviour, human and technical systems, and the culture and reputation of an organisation.
I was particularly grateful for the support of my advisor and friend Ian MacDonald, from whom much of the inspiration came. His approach to human systems and leadership is documented in “Systems Leadership” (MacDonald, Burke and Stewart – Gower 2006).
Essentially this article is about a back-to-basics approach to systems design, internal controls to assure quality and asset protection, and leadership to make the work more engaging and productive.
But, without a set of beliefs to anchor the work, boards will be far less effective in dealing with their ongoing reputational challenges. Community frustrations with the current slow pace of change will then entrench the mistaken belief that more regulation will solve the problem.
Regulation alone cannot drive cultural change
After the global financial crisis, banks and financial organisations were subject to regulatory reproach, followed by increasing scrutiny through changes in supervisory frameworks and surveillance approaches.
These were intended to restore consumer trust and market integrity by enforcing a common understanding of minimum requirements, expected behaviour, and the consequences of failure.
However, regulation alone cannot drive a change in behaviour and may in some cases reduce competition and be counterproductive.
Organisational behaviour is an intangible asset that is cultivated uniquely by each institution. This makes it hard to set prescriptive guidance and comprehensive minimum standards for all organisations.
External regulation can result in a convergence of leadership models and organisational structures, and thus limit diversity and competition.
To regain trust, banks and financial institutions need institutional leadership from the top – that is, board level.
While some steps are being made, and risk culture and organisational behaviour have been firmly established as board-level topics at many banks, the industry has yet to convince the public that change has taken place. This will require more than just root-cause analysis of specific scandals and reactive fixes to parts of organisations.
Consistent with any effective change process, the starting point should be a recognition that boards could be inhibiting cultural reform.
Some common features of contemporary governance point to this. For example, directors are treated unrealistically and unfairly under corporate law, leading to a defensive board culture.
One-size-fits-all corporate governance guidelines with expected common structures for boards and committees prevent the development of systems tailored to individual institutions.
Regulatory arrangements move accountability from executives to the board, a process that leads to the development of direct working relationships between directors and individual executives.
And board and committee members are given hundreds of pages of documents to consult at every meeting, producing the perverse effect of delegation up to the board.
In short, boards have been drawn into management, compromising their ability to supervise and hold the CEO accountable, and influencing organisational culture in ways more likely to be negative than positive.
A systems-based approach to culture
To deal with these challenges and take some pressure off themselves, boards should take a systems-based approach in order to understand how beliefs translate into actions and outcomes.
This can be divided into three fundamental elements: beliefs-based behaviour from the leader and executives, the technical systems employees work in, and the human systems they work in.
These three components determine how work is organised and the behaviour that results.
Figure 1 shows how the board’s sponsorship of effective leadership by the CEO and sound organisational systems together demonstrate behaviour and send signals that engender confidence and trust among employees.
The role of board beliefs
Two core obligations of the board are appointing of the CEO and setting corporate objectives. Many seasoned directors regard the CEO appointment as their most important decision, and they expend significant effort during the search process to understand candidates’ track records and personal attributes, as well as their suitability given the circumstances of the company. But the combination of market disclosure, executive rivalry, and media excitement can complicate the process.
If boards develop shared beliefs about their institution and the industry, they will be able to determine how well a potential CEO is aligned with their beliefs, something that will substantially improve the quality of the appointment decision.
To set corporate objectives, boards – in particular of banks, but also of all companies in general – need to be able to understand the special nature of their industry.
For example, some objectives may have the unintended consequence of driving growth or acquisition at the expense of longer-term solvency. Others may lead to agency risk when combined with more aggressive forms of compensation.
For banks, a growth target inconsistent with economic growth and credit demand – or one that embeds significant gains in market share – will contribute to procyclical risk and raise the probability of insolvency.
Where such a target is driven by fear of takeover, bank boards need a better understanding of the dynamics and risks of market momentum. They will then be able to articulate to the bidder’s shareholders the size of the risk involved.
Typically, banks which have grown through aggressive acquisition are more likely to incur relatively larger losses for their shareholders in a systemic downturn.
Agency risk rises when compensation models incentivise procyclical behaviour. This can arise through high growth targets, remuneration benchmarks linked to market capitalisation, and accounting standards that understate loan-loss provisioning – and deliver higher bonuses – when times are good.
These examples demonstrate the need for boards to judge strategy in the light of beliefs about the industry and their own institution.
The importance of shared beliefs in driving trust
Boards can do more to mitigate the risks linked to the choice of the corporate objective by developing and applying their own shared beliefs about their industry and institution.
These can concern the characteristics, expectations, and supervision of the CEO, as well as interactions with them. The single corporate objective can be separated from various quality constraints that are each the subject of specific policies, reporting, and performance assessment.
The board can develop plans to improve its effectiveness without doing the work of the executive.
The board can also draw up a complete framework of authority and delegation that informs the system of internal controls, and sets up exemptions for reporting to the board.
It can develop a deeper understanding of the cultural consequences of the CEO’s behaviour and its consistency or otherwise with the human and technical systems, as well as with the internal controls embedded in them.
To take these steps, there needs to be a shared belief about corporate culture. A common view of ethics and written values, whilst necessary, is not sufficient to foster mutual trust and drive continuous improvement leading to competitive advantage.
This approach strengthens the commonly applied lines of defence in risk management. By understanding the consequences of systems, the approach can anticipate types of behaviour that are likely to be illegal, unauthorised, disreputable, or unproductive.
To understand why these kinds of behaviour, excluding deliberately criminal acts, occur among well-intentioned employees, we need a definition of culture.
Culture and shared beliefs
Corporate culture consists of the beliefs of those working in or with the organisation over which kinds of behaviour are acceptable and which are not. To be effective, an organisation’s culture must reflect shared beliefs under a moral code that forbids the manipulation or coercion of people.
Symbols and signals are constantly transmitted from the board and the leader’s own behaviour, language, and disposition, as well as the technical and human organisational systems.
These symbols and signals define and constantly redefine the organisational culture.
To develop an effective culture, the leadership – the board and the CEO – must identify instances where employees have beliefs about systems and types of behaviour that cause them innocently to work around established procedures.
In most cases they will not understand the legal consequences or impact on productivity. Whether these kinds of behaviour are authorised will depend on how clearly employee roles and authorities have been established. Issues that may have an impact on reputation may have more to do with trust and employees’ preparedness to speak up – both of which are fostered by shared beliefs.
Leaders must turn intention into reality through timely, high-quality decisions and the speed at which resources are reallocated. As shown in Figure 1, CEOs must not only achieve this through the the strategic plan but also put in place the organisational design to implement it.
Together with their delegated authorities and periodic reviews of major policies and internal controls, the board’s beliefs and objectives for the organisation provide the context for its supervision of the CEO and engagement with the management team. They will also indicate what the board expects to see on a regular basis. Such measures send clear and consistent signals of intent throughout the organisation, and focus the attention of senior staff on setting up effective systems to deliver.
Interaction between technical and human systems
Organisational systems include technical and human elements, of which the technical systems are generally given the more intensive design. It is common for the interaction between the two not to be carefully considered.
Technical systems define the environment and structure that employees work in, and allow management to set boundaries through policies, procedures, processes, and controls. They include, for example, IT systems, the layout of premises, back-office processes, credit (lending) systems, management information, and accounting systems. All of these have authorities, delegations, and internal controls.
Poorly designed technical systems reduce employee engagement, and encourage efforts to bypass or deviate from the desired approach. This in turn can cause divergence between the tone set by top management and staff behaviour.
The danger of this is most acute when technical systems are seen as low-value, inaccurate, or unnecessarily cumbersome to use. Often however, beliefs about the systems do not accord with their design.
Inaccurate data sources can reduce confidence in risk management systems, management accounts, and associated bonus pools. They can also generate suspicion of uneven treatment in the human system.
Human systems define the roles of individual employees in the organisation. There are three main aspects of an organisation’s human systems that influence behaviour:
- Organisational structures and delegations. These determine employee accountability and authority. Poorly designed organisational structures and delegations can diminish individual responsibility for outcomes and encourage groupthink. Systems should be designed for clarity and decision making that avoids favouritism and cronyism.
- Performance management and compensation framework. These determine what employees prioritise in their daily work. For example, perceived favouritism in promotion processes erodes employee trust. In its least severe form; this encourages periodic actions to win personal favour that are misaligned with the tone from the top. In its most severe form, it can make employees disenchanted, and lead them to disregard their responsibilities and act in an unauthorised, disreputable, or illegal manner.
- Fair treatment and escalation mechanisms. A robust culture relies on employees who feel empowered to speak up without fear of reproach. Reviewing employees’ awareness and usage of mechanisms is important for understanding how likely issues are to be highlighted in practice.
These systems taken together drive the behaviour of employees in large organisations. They send signals to employees, customers, and external parties on what an organisation values and how it serves its clients.
These signals provide important clues as to whether the underlying patterns of behaviour are legal and within external rules and guidelines; authorised by the organisation’s internal rules and guidelines; reputable, so that public knowledge of the behaviour would not diminish the organisation’s reputation; and productive in terms of their contribution to profitability and financial value.
Almost all organisations aspire to employee behaviour at the positive end of these dimensions. However, failure in systems design can lead organisations to fall short.
For example, compensation frameworks that place excessive weight on productivity and put little emphasis on controls for other behavioural dimensions might encourage suboptimal behaviour.
Similarly, employees work around organisational systems that they do not trust, increasing the likelihood of behaviour that is unauthorised and potentially illegal or disreputable.
Incentive arrangements that work on an enterprise model share an actual or assumed proportion of measures such as profit, contribution, and margin. For these arrangements to be credible and free from gaming, denominators such as profit have to be clearly defined, as do their calculation and presentation in management accounts. In addition, the audit system has to identify other forms of gaming, for example through misselling.
One important design element is the reporting of sales, originations, fee income, and insurance claims – by location, work unit, and individual – that appear abnormally high relative to trend or the whole system.
Trust in organisational systems will break down if employees can’t rely on them to do their work or they have beliefs about the systems that are at odds with management’s intent.
Bank IT systems commonly foster employee scepticism and result in efforts to fix procedures at the local, customer service level. In credit origination, employees may believe the bank is less interested in some loan products than others because margins appear lower.
Employees, however, do not see the difference in the costs of default through the credit cycle, nor do they know the capital allocation to different loans. This example can be taken further.
Assume that the hundreds of pages of board papers contain an assumption or target in the annual budget that home or secured commercial lending will grow faster than expected market growth.
This could be read in two ways. One is to regard the management intent as robust, competitive, and productive – the ambition for the institution that might be expected from them.
Another is to regard the assumption as potentially reckless because asset bubbles created by self-amplifying price spirals in financial systems can bring down banks and the domestic economies in which they operate.
The process of identifying shared beliefs among board members is more likely to lead to questioning and healthy debate, without which the issue might not even be noticed. Furthermore, the board, may not be aware of the CEO’s lack of understanding of fundamental systemic issues in setting such a target.
Interestingly, the human system attracts most attention from the outside world, in the form of criticism of banks and accusations of failure in their cultures.
Yet within banks it seems that the human system gets little attention from boards. For example, boards are putting significant effort into their credit, market, and operational risk systems; IT systems; and back- and front-office systems for functions such as service and marketing.
But boards often limit their attention to human-resources systems to arrangements for higher-level compensation. They are less likely to question the philosophical underpinning of the human resources model or how the internal control and audit system applies to human resources policies and practices.
The consequence is that they cannot foresee the possible outcomes of bonus- or commission-based plans that are poorly designed – or those that, even if well designed, can be gamed if not properly audited.
Put another way, if the human system is ultimately the most important, why should efforts to design and control it take second place to those for technical systems?
Revisit and challenge practices to rebuild trust
Organisations, particularly in the banking and financial sector, need to revisit and challenge practices that have been developed over the years if they are to increase trust and improve the functioning of human and technical systems.
This is a necessary process to reduce bureaucracy, allow faster responses to emerging issues, and drive continuous improvement in system design.
It is also a necessary process to rebuild the trust of the community and customers, who place banks and financial institutions at the negative end of the organisational values and behaviours listed above.
Boards should consider the following steps as starting points. First, they should review and develop their set of shared beliefs about their industry and institution.
Using these shared beliefs, they should then redefine their governance systems, their relationship with the CEO and executives, and their own ongoing education and development. Third, they should initiate a set of cultural assessments, policy reviews, delegation changes, and exceptions in reporting systems and internal control procedures.
Communities, through their governments, regulate banks for special reasons, associated with monopolistic tendencies, information asymmetry, and self-amplifying price cycles that can lead to systemic failures and major economic hardship.
If they believe that banks do not take these issues seriously they will not trust them. Nor will they trust banks if they appear to act in their own interests or conduct their operations without standards of control that limit accidents, which are considered essential for critical service utilities.
The fundamental issue for banks is public confidence.
The starting point to address this problem is for boards to set down their beliefs and translate them – through the CEO – into the design and control of human and technical systems in their banks.
This will do more than a fresh public debate about culture. It has become fashionable to blame an inadequate culture for reputational incidents and to argue that these can be eliminated through regulation, penalties, and refocused ethics.
It is more likely the other way round – that weak systems and controls allow the culture to deteriorate. The best way to address such weak systems is through a businesslike, systems-based approach.