About Me

This blog carries a series of posts and articles, mostly written by Anthony Fitzsimmons under the aegis of Reputability LLP, a business that is no longer trading as such. Anthony is a thought leader in reputational risk and its root causes, behavioural, organisational and leadership risk. His book 'Rethinking Reputational Risk' was widely acclaimed. Led by Anthony, Reputability helped business leaders to find, understand and deal with these widespread but hidden risks that regularly cause reputational disasters. You can contact Anthony via anthony.fitzsimmons At cranfield dot ac dot uk

Thursday, 28 May 2015

Board Risks in Financial Institutions

Once upon a time, it was widely thought that banks and insurers basically failed because they ran out of money.

The UK's Prudential Regulation Authority has decisively rejected the notion that financial failure is, fundamentally speaking, a money problem.  Its Chief Executive Andrew Bailey, and others, now seem convinced that whilst financially focused regulation remains essential, much more attention needs to be paid to boards.  As he put it in recent speech:
"[it] is uncommon and rare to find a problem in the capital or funding or business model of a firm which cannot be traced back to a failure of governance."
We agree.  In 'Deconstructing failure' we focused on the role of leaders in failure.  We discovered that of the nine prominent categories of board weaknesses investigated, six were influential in the majority of corporate failures.  Three were present in more than 70% of failures.  Even the least frequent factors were present in almost 40% of failures.

The role of leaders in failure, taken from 'Deconstructing failure' © Reputability LLP

This does not mean that board members are 'bad'.  What matters is their influence.  Boards are, or should be, the most influential people in any company.  This means that their activities, whether good or not, are likely to have big consequences. 

Our work confirmed earlier findings by William McDonnell and Paul Sharma, in two much-neglected pieces of research published in 2002 by the Financial Services Authority and the European Conference of Insurance Supervisors.  As McDonnell put it in the former:
"Management problems appear to be the root cause of every failure or near failure, so more focus on underlying internal causes is needed."

The conversion of the PRA to the view that management matters is corroborated by their recent Consultation Paper  CP18/15 on board responsibilities and corporate governance.  Whilst these proposals need refinement to meet best practice, they make it clear that the PRA is putting greater emphasis on individual and collective human behaviour as the 'underlying' cause of failure, with boards seen as an important source, arguably the most important source, of such risks.

The message for boards and risk professionals in the financial sector is clear.  Behavioural and organisational risks matter to your regulators.  Risks emanating from boards are top of the list, which should include risks from all layers of management.  For insurers, the ORSA will develop into the tool through which you will have to confirm to regulators that these risks are under analysis and management.

Boards across the sector need to understand and find these risks before working out their potential consequences and how to mitigate them.  Since they too are run and led by people, that includes the boards of central banks and financial regulators.

Anthony Fitzsimmons
Reputability LLP

Anthony Fitzsimmons is Chairman of Reputability LLP and author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You

Wednesday, 6 May 2015

Reputational risk

Reputations are universally seen as valuable, but reputation risk is poorly understood.  As a result, reputations are left unnecessarily at risk.

Historically, risk managers and internal auditors struggled to define reputational risk. Some saw it as the ultimate result of the failure of the organisation to manage other risks properly. Others saw reputational risk as being a separate category of risk in its own right.  What united both groups, and business leaders, was the view that reputational risk was the most serious risk facing their organisation; and that they had to avoid the kinds of outcomes that had regularly plagued and destroyed reputations in the past.

As an example, experience has shown that if a clothing company sources stock from a company that uses child labour, pays what consumers see as exploitative rates of pay or provides dangerous working conditions, the company's reputation will be at risk when consumers and their proxies the media find out.  Companies that might face this or analogous problems regularly recognise this kind of source of reputational risk.

'Roads to Ruin' the Cass Business School report for Airmic shows that this approach is fundamentally inadequate.  Reputational damage does indeed happen when an organisation fails to manage other risks properly. But when root causes are considered, the deeper insight is that reputations are usually lost when stakeholders come to believe that the organisation is not as “good” as they previously thought.

So what is reputational risk?  To arrive at a sound answer, we need first to ask what reputation is.  A useful working definition is:

"Your reputation is the sum total of how your stakeholders perceive you"
This definition emphasises four points.
  • Your reputation is about how you are perceived, which is not necessarily the same as how you really are;
  • Your reputation is not about how you perceive yourself; it is about how your stakeholders perceive you;
  • As it is your stakeholders who hold that critical perception, if your stakeholders come to perceive you in another way, your reputation changes; and
  • That 'sum total' may vary depending on which stakeholders are most influential at any particular time.
The definition does not help as to what perceptions matter; but the research clearly illustrates that reputations are lost when stakeholders come to think that you are not as 'good' as they thought you were.  When it comes to organisations and their leaders, what matters most is characteristics such as ethos, culture, trustworthiness, honesty, humanity and competence as well as whether the organisation itself is coherent or dysfunctional.

In our experience, a good working definition of reputational risk is therefore:
“Reputational risk is the risk of failure to fulfil the expectations of all of your stakeholders in terms of performance and behaviour”
This definition emphasises the root causes of reputational damage, which are all to do with performance and behaviour.

Thus the damage in the clothing company example may, superficially, be due to child labour, exploitative rates of pay or dangerous working conditions.  But looking through those immediate causes to root causes, the use of very cheap labour may emerge from the strategy of the company (e.g. buy as cheaply as we can) the ethos of the company (e.g. source cheaply -I won’t ask questions about/don't want to know how you achieved it), internal incentives (prioritising cost saving above ethicality), a leadership which doesn’t think about ethicality at all or other individual or collective behaviours or features of the way the organisation is put together.  Understanding those root causes, and dealing with them, will not just prevent a recurrence of the same problem but will prevent new problems with similar root causes.  That is how aviators have made commercial aviation so safe that the most dangerous leg of a long overseas trip is the journey to the airport.  Unfortunately these risks are difficult to find and regularly lie unrecognised for years before giving the board an unpleasant suprise.

This insight is now widely recognised.  It lies at the root of the latest Financial Reporting Council Guidance on Risk; and at the root of the growing emphasis by financial regulators on human behaviour as the origin of all financial failures.

The challenge is for organisations to find these often deep-rooted risks before they cause harm.

Our experience is that most business leaders are unaware of these risks and their implications.  So too are many in risk teams.  This is because behavioural and organisational risks are recent additions to the risk lexicon and not all risk professionals yet understand them.

That is why the latest FRC risk guidance explicitly sets out to ensure that boards and risk teams learn about these risks as a prelude to finding and dealing with them.  With the right kind of education and evaluation, these lethal but under-recognised vulnerabilities can be understood, found and fixed  before they cause harm.

Anthony Fitzsimmons
Reputability LLP

 Anthony Fitzsimmons is author of “Rethinking Reputational Risk: How to Manage the Risks that can Ruin Your Business, Your Reputation and You