Understanding your employees’ competence, skills, knowledge and experience, as well as how they actually behave on the job and their attitude to risk is paramount for all businesses, but even more so for the banking sector. According to Oracle, Financial crime costs an estimated $20 billion in losses annually, and the operational costs of compliance are growing substantially year after year. Furthermore, there is a higher level of scrutiny in the market today.
Compliance Officers are seeing an increased expectation, both internally and externally, for concise and accurate reporting on compliance while proving the results. However, compliance management is regarded as a critical component of the internal control process for any business and a prerequisite for assessing compliance with corporate performance standards.
Recent regulatory changes have driven the need for organisations to adopt a holistic view of risk management and compliance, and recognise that a focus on processes and controls is not sufficient to drive effective behaviour. There is now a growing realisation that successful risk management outcomes depend on understanding the behaviours of employees and what is influencing or driving those behaviours. In reality, most companies have poor insight into the drivers of employee behaviour in relation to risk management and it is not being effectively embedded into their business operations.
The recent HSBC money laundering case demonstrates what can go wrong if a business fails to have adequate risk management controls in place to understand and change employee behaviour. HSBC has been forced to pay a record £1.2bn by American prosecutors because of its failure to implement anti-money laundering controls that led to at least $881m in drug trafficking money being laundered through the bank’s accounts.
Would this have happened if directors had a good understanding of the competence, skill, behaviour and risk taking attitude of their employees? Probably not and it highlights the worst case scenario of what can happen if the effect of employee behaviour on risk management is not embedded in the day to day operations of the business.
By not having systems in place to gain a companywide view of employee’s knowledge, core competence, skills, confidence and attitude, how can a business ensure their employees are able to do the job? A sound competency/compliance management system aligns organisational needs with the development needs of individuals within the organisation. It will demonstrate that your employees and contractors are competent to carry out the tasks they are required to perform, and that they are continually developing, alongside the introduction of new technology and regulation.
If organisations have not implemented behaviour change programs to manage identified areas of concern or if managers have not received an assessment of the organisation’s risk culture and behaviour then business leaders will not be able to improve business performance through more effective risk management.
In the current climate managing risks is crucial-especially in the banking and financial industry given it has been under close scrutiny because of the behaviour of some of its employees.
Regularly assessing employee behaviour, against the desired criteria for a specific job role is now essential. Employee assessments ensure business owners can not only get an insight into how their employees are performing, but also highlight weaknesses and gaps in knowledge, which means tailored training can then be provided.
If companies deploy situational judgement assessments that measure a combination of employee knowledge and confidence managers will be able to see how a person is likely to respond in common work scenarios, including their likely decision making and behaviours
The results provide employers with an accurate picture of an employee’s strengths and weaknesses – areas where specific interventions are needed to improve performance. This knowledge enables companies to provide specific training to improve individual performance – not a ‘one size fits’ all approach that so many companies take – which is also very expensive.
Perhaps if HSBC had an assessment of the organisation’s risk culture and behaviour, its employees wouldn’t have put the business at risk and further undermined the integrity of the banking sector.
If companies used situational judgement assessments throughout the employee lifecycle – they would not only make better recruitment decisions but ensure an understanding of the behaviours that have the greatest impact on business performance. Improving the risk culture requires an improvement of the organisational footprint of the risk management function. This is more than just rolling out Enterprise Risk Management (ERM) systems but involves expanding the reach of informal risk processes, information sharing and escalation, and representation of employees on key committees.
Finally, an organisation doesn’t have a single risk culture. Indeed it is a myriad of small behaviours and habits aggregated that constitute the risk culture at any one point in time.
Ensuring that the drivers of employee behaviour in relation to risk management are effectively embedded into the operations of the business will go some way to ensuring illegal practices such as money laundering on the scale of what has just happened at HSBC couldn’t happen in the future.