Rethinking Conduct Risk
Updated: Feb 5
Risk is not knowing what you are doing. ~ Warren Buffett
Risk is also not knowing what your culture is doing. ~ John R Childress
Corporate culture is one of the most written and talked about topics in business today. And rightly so. Culture is more than just vision, values or employee satisfaction. Culture has another side: RISK.
The Volkswagen “Diesel Gate” emissions fraud showed a culture out of alignment with its espoused values of customer focus. The insurance miss-selling fraud at Barclays and Lloyds Bank revealed a culture of greed and excessive risk taking. The BP Deepwater Horizon oil rig explosion with 11 deaths exposed a safety culture in name only. The fraudulent culture at Volkswagen cost more than $ 30 billion in fines, not to mention loss of consumer and market trust. Meanwhile the bill for fraud at Barclays and Lloyds has grown to over £ 50 billion.
While the impact of a poor culture may be clear, the understanding of corporate culture is anything but clear, nor standard for that matter. There are over 70 different culture assessments on the market, each with their own version of “what culture is”. And definitions of corporate culture are equally broad and vague.
No wonder there is a growing discussion among risk professionals about how to define, understand and manage corporate culture, and cultural risk in particular.
Culture as a Business System
My 40 years of experience in researching, writing and consulting on corporate culture goes beyond the traditional HR and behaviourist views. While employee engagement surveys give some insight into corporate culture, equating culture with employee engagement is far too narrow and misses many of the causal factors that build and sustain corporate culture.
To be useful for running an effective and safe business, culture needs to be seen as a systemic business issue, and not just an HR issue. A business understanding of risk culture refers to the network of factors (culture drivers) inside a company that influence and reinforce how employees at all levels behave when confronted with a potential business risk situation.
Therefore, risk culture is a systemic, organizational issue and cannot be fully understood through employee engagement surveys, or even risk or compliance audits.
Employee behaviour, whether in relation to business risk, customer service or safety is an outcome of the company culture, not the culture itself. Company culture is an ecosystem of casual factors while employee behaviour is the output. Inside the company, numerous culture causal factors interact at a network to influence and reinforce habitual employee behaviours towards risk. And many of these causal factors never show up in traditional risk assessments or culture surveys.
Consider peer pressure, which we have found to be a very strong influencer of employee behaviour. When your peer group strongly urges you not to speak up, or to short-cut the procedure in order to “get the job done”, few employees have the courage to “go against the tide” and risk being considered an outsider to their work group. Management pressure on schedule and costs is another powerful culture driver which influences employees to ignore potential risks. These also rarely show up on surveys or assessments. There are numerous other causal factors that determine a strong or weak culture when it comes to risk attitudes and behaviours.
Culture Mapping Using Analytics and Expertise
If we view culture as a systemic, organization-wide issue, then we must work to develop new tools to understand and identify the many culture causal factors inside the company, understand how they interact as a culture “ecosystem” and, more importantly, learn how to proactively manage and improve conduct and compliance.
Using a unique Culture Management Platform™, PYXIS Culture Technologies has developed an innovative approach to identifying and mitigating conduct risk. This approach focuses on those elements inside an organisation that act as influencers and reinforcers of attitudes and conduct towards risk.
Imagine a conduct risk culture map of your organization, showing strong and weak drivers. By identifying those elements that most impact employee conduct, management can implement specific improvement actions.
Here is an example of a color-coded culture system map, showing multiple drivers as an interrelated operating system that not only impacts the overall culture, but important business metrics as well.
With such a visual “digital twin” of your risk culture, it is easy to identify the areas of potential risk and those causal factors that are positive enablers of good risk behavior imbedded in the software system is a list of Best Practices for each causal factor which allow for specific improvement actions.
Conduct risk can be managed and improved.
A Few Important Questions
What are the causal factors of risk conduct in your organization?
Which are enablers?
Which act as barriers, putting your organization at risk?
For more information or to request a demo on how mapping culture drivers can improve business results, contact us here.
Learn more from our recent article: Reducing Bank Fraud