Parliamentary Commission on Banking StandardsWritten evidence submitted by Reputability

Reputability Partners LLP ("Reputability") is a consultancy that understands what drives the large scale destruction of reputations and shareholder value. Such events are regularly driven by behavioural and organisational risks.

Two of us were involved in researching "Roads to Ruin", the report of the Cass Business School for Airmic.1 We have spoken to many NEDs and Chairmen of companies and of risk/audit committees, as well as to risk professionals including CROs.

Introduction

Behavioural and organisational risks regularly tip crises into reputational catastrophes. They also cause crises. Yet these risks are not within the scope of classic risk analysis.2 Unidentified, they remain unmanaged and therefore unnecessarily dangerous.

The Research Background

We classify organisational and behavioural risks into nine main groups3 representing risks from:

A.Inadequate board skills.

B.Inability of NEDs to exercise influence or control.

C.Inadequate leadership on ethos and culture.

D.Defective internal communication and information flow.

E.Inappropriate incentives, both implicit and explicit.

F.Organisational complexity and change.

G.Blindness to inherent risks, such as risks to the business model or reputation.

H.Groupthink.

I."Glass Ceiling" effects that prevent risk professionals (including internal audit) from addressing risks emanating from top echelons.

Subsequent case studies by Reputability in the banking sector and elsewhere have confirmed just how frequently these risks lie at the root of organisational failure and reputational crises.

"Roads to Ruin" concluded:4

"The underlying risks we have highlighted are potentially inherent in any organisation. If they are unrecognised and unmanaged, these risks can pose a lethal threat to the future of the largest and most successful business. Firms lose an important opportunity to deal with potentially existential threats if risks such as these are not sought out, identified and addressed.

Boards, and particularly Chairmen and NEDs, can have a large blind spot in this dangerous area. Without board leadership, these risks will remain hidden because only boards have the power to ensure that enough light is shed on these hard-to-see risks."

These conclusions appear to be fully understood by the Financial Reporting Council,5 Tomorrow"s Company6 and at least some leaders within the City Values Forum. There are signs that it is understood by the FSA both as regards insurance and banking supervision.

Real World Practicalities

We have observed that Chief Risk Officers, NEDs, Chairs of Risk/Audit Committees and even Board

Chairmen hesitate before delving systematically into behavioural or organisational risks. There seem to be two problems:

1.The way in which individuals and organisations behave falls into the "soft skill" category. The term "soft skills" is somewhat disparaging and reputedly under-emphasised in business schools.7 They seem to be seen by some leaders as relatively unimportant when compared to "hard" skills. This is a dangerous misconception.

2.There is a lack of language and concepts. Not having been taught about "soft skills", many leaders have neither systematic knowledge of these "soft" areas nor the vocabulary to describe risks in the area. It is only once a shared vocabulary and know-how has been established that real conversations are possible.

Once the concepts are understood, it is a small step to understand why much of this risk area is intrinsically hidden because it is:

invisible to insiders (eg risks from mis-perceptions, groupthink, culture, incentives, blocked information flows, complexity, gradual changes, charismatic leaders);

difficult to raise (eg risks from culture, elephants-in-the-room, questions that go to the root of "how-we-do-things-here, fundamental assumptions, "back-me-or-sack-me situations); or

personally dangerous to raise (eg risks emanating from higher echelons or peers, his strategy, her behaviour, bad news generally, running against embedded incentives, risking non-promotion)

That understood, few have difficulty in recognizing that insiders are at a severe disadvantage in systematically identifying and evaluating these potentially catastrophic risk areas.

Board Risk Evaluation

Most risk categories identified by "Roads to Ruin" ultimately emanate from boards. Classic Board Evaluations8 look at board characteristics and assess whether the performance is good. If not, the aim is to address the inadequacies.

There is arguably a benefit from another perspective on board effectiveness to complement the current Board Evaluation:9

we call it the "Board Risk Review". There is a significant difference between striving for good performance as a desideratum and striving to eliminate sub-optimal performance because it is a risk that puts the organisation in jeopardy. A FTSE100 Chairman with whom we floated the concept was enthusiastic about it—though we do not know whether that will be translated into action.

Conclusions

1. Behavioural and organisational risks are dangerous but classic risk analysis does not systematically find them. Unmanaged, they remain unnecessarily dangerous.

2. Because of their intrinsically hidden nature, boards will struggle to become confident that their internal risk teams have systematically identified, let alone managed, these risks.

3. Because many of the risks ultimately emanate from the Board itself, it is essential that those delving in these areas operate under the highest authority possible. We consider this means the Chairman, preferably with the CEO"s active support.

4. Once the risks are in the open, it has to be made safe for internal risk professionals to discuss these subjects. In practice that probably means using structures at least to the level recommended by Sir David Walker10 though we think it should be for discussion whether Heads of Internal Audit and Risk should owe their primary allegiance to the Chairman or the Chair of the Audit/Risk Committee.

5. Adding a Board Risk Review to the Board Evaluation cycle would provide a powerful tool to help boards to focus better on behavioural and organisational risks.

20 November 2012

1 http://tinyurl.com/6g4akap . Its authors are Professor Derek Atkins, Anthony Fitzsimmons, Professor Chris Parsons and Professor Alan Punter. All three Professors are at the Cass Business School. Professor Derek Atkins and Anthony Fitzsimmons are partners in Reputability Partners LLP. Anthony Fitzsimmons is Chairman of Reputability Partners LLP.

2 This is because the classic methodology of risk analysis has not evolved so far. See [Geneva Association] article for history.

3 These are based on "Roads to Ruin" at page 5.

4 "Roads to Ruin" page 19.

5 For evidence of this, see "Boards and Risk" http://tinyurl.com/c8cwthv

6 See "Tomorrow"s Corporate governance: Improving the quality of boardroom conversations", March 2012.

7 Eg Prof P Guptara, Wolfsberg Foundation, (2005) Private Communication.

8 Mandatory for certain companies under the Combined Code http://tinyurl.com/bln5kg5 at Principle B6.

9 Recommended by the FRC"s "Guidance on Board Effectiveness", http://tinyurl.com/dxu9h9v at paragraphs 5.1 to 5.5.

10 See also Sir David Walker"s Review of corporate governance http://tinyurl.com/64a2ovq at Chapter 6 and Recommendation 24.

Prepared 24th June 2013