Change Management, Risk Management, Governance & Policy

3 minute read

Defining Conduct and Culture Risk for Your Organization

Jul 8, 2022

Written by: Holly Higginbotham

 

During the ABA’s recent Regulatory Compliance Conference, Spinnaker’s Cara Williams, our Risk Management and Regulatory Compliance practice lead, moderated a discussion on “Defining Conduct and Culture Risk for Your Organization.” The panel featured Stephanie Bowers, senior regulatory analyst with USAA, and William Walsh, chief compliance officer for First Citizens Bank. In this blog post, Holly Higginbotham offers an analysis of the key issues covered.

How have your conduct and culture risk management programs evolved from the unprecedented changes over the last few years? 

With prolonged work from home, new hybrid workforces, the Great Resignation and now the return-to-office programs, this might be a good time to revise how you account for conduct and culture risk. 

Our ABA Regulatory Compliance Conference session generated a robust discussion on where we are in the evolution of conduct and culture risk, how bankers are aligning conduct and culture risk within their governance framework, and leading practices for strengthening oversight and misconduct controls. 

Here are a few takeaways for organizational leaders: 

1. Recognize that conduct and risk go hand in hand. 

In a mature and proactive risk culture, employees have no fear of raising issues or concerns, but they must trust their leaders if they’re going to point out problems. In turn, leaders must be engaging in regular informal interactions with their teams to maintain the rapport and trust they’ve developed over time (or need to build with new staff). Remember, your culture really drives conduct, which is decision-making and action, and your employees need to understand your governance rules and how to nurture a strong risk culture and mitigate associated conduct risk. In other words, culture is about what your people do every day when no one is watching them.

The “open door” policy that most inspiring leaders promote doesn’t function as originally designed when there’s no physical office. Leaders need to explain to their employees how that policy works virtually. Risk culture has to be part of business as usual (tone should come from the top) and not reactionary. You need to encourage your people to raise their hands when something isn’t right (and not punish them when they do), link conduct to compensation, and clearly demonstrate that the wrong actions carry consequences. When analyzing mistakes in risk culture, always drill down to the root cause. For example: Was there a disregard of controls, or a misunderstanding or lack of awareness of risk appetite? Don’t underestimate the information that can be gleaned from the ethics line and/or customer complaints, as early indicators of areas that need to be addressed related to conduct and risk culture.

2. Communicate. And then communicate even more.

Although some businesses are returning to the office, many team members are continuing their careers or beginning new ones as fully remote employees. With 86% of our industry’s knowledge workers logging in from outside the office at least twice weekly, it’s easy for them to feel left out when they can’t have a water cooler chat with their co-workers.

To keep everyone engaged and working toward the same goals, update them regularly about company news and information, including expectations around conduct and culture risk. Leverage tools used during the pandemic, such as virtual townhalls and coffee chats, as well as skip-level meetings (meetings with team members who aren’t your direct reports) to maintain contact with all employees, including those who work remotely. Send written follow-ups after video meetings to ensure everyone leaves the meeting with the same expectations. Transparency and communication can go a long way in mitigating conduct and culture risk.

3. Keep up best practices that worked during the pandemic. 

One thing that we sharpened during COVID-19 was making personal connections and being empathetic with our colleagues. We no longer see each other in offices or cubicles; we see each other at home with our kids and pets running around behind us. Some organizations even capitalized on that atmosphere by rolling out more casual dress codes or fun competitions to determine who had the best work-from-home setup.

Our approach to working remote shouldn’t be one size fits all. Let’s retain our talent and improve our work-from-home culture by caring for one another and recognizing that we all work differently. The more casual remote work environment actually helped break down communication barriers, as leaders came to be seen as more personable and less intimidating. That led to more open paths for talking about risks and raising concerns.

Everything starts with a risk-aware culture

Back in early 2020, as the pandemic unfolded, many of us expected the overnight transitions to how we worked to be short, temporary solutions. As quarter by quarter passed, those interim operations evolved and became the new normal for how we work and serve our customers.  

But not every organization ensured that its documented conduct practices, which shape the responsibilities your team members must own to manage risk, and cultural shifts aligned to the new realities. After all, the banking industry as a whole never predicted that so many of its operations would turn into broad off-site capabilities.

The challenge can be tough, but a focus on developing a risk-aware culture can ensure your stability and even become a market differentiator for you. Because we have hands-on experience with companies just like yours, Spinnaker experts can guide you in developing the policies and products that can put you on sound footing going forward. Find out how today.