A panel of four specialists convened to discuss various aspects of ethics in risk management in a GARP-sponsored webinar on June 21, 2012. (Click for Part 1 and Part 2 of this summary.) The fourth and final speaker was Roger Miles, Director, NudgeGlobal. He spoke on risk control lessons learned from the banking crisis. In the financial sector, he said, “UK-enforced self-regulation was a good idea in theory.” A bank can realize an ever-increasing profit from a new, complex product, but the regulator has limited resources, therefore, there is an essential asymmetry of information that cannot be overcome.

However, in order for banking self-regulation to work, Miles reminded the audience that certain preconditions must exist. Fundamentally, the banks must recognize that a strong risk culture will ultimately benefit the industry.

Miles was there to tell us about banks that have low ethical ratings. Unfortunately the internal structures ofsuch banks resist anything connected to risk management. These banks may practice “creative compliance,” in which figures are manipulated to calculate regulatory capital.

The financial system had a strong, some might say, overwhelming ethical disincentive: the bonus system. [Note: At this point in Miles’ disquisition, I was reminded of Roger Martin’s new book, Fixing the Game: What Risk Managers Can Learn from the NFL, which is sharply critical of the bonus system and the expectations game it is built upon. Roger Martin’s talk is covered in another posting.]

Risk managers at the low-ethics firms had “no sense of ownership of the assets.” They were constrained to short time horizons. Risk models might be misapplied, and the results of risk models were often “cherry-picked.” As an example of cherry picking, Miles quoted CROs who would say, “We ran the stress test 200 times and then took the three best results.” [Here, “best” means “most favourable to the firm.”] Miles was incredulous at such an open admission of cherry picking; I see it as the hallmark of a board that dismisses their risk management department as only the Bad News Bears.

Did the CRO’s “challenge function” begin to fail in 2007-2008? This was a question that Miles posed indirectly through questions in his study. The answer was mixed, suggesting that the CRO’s ability to “stop the rot” and exercise real power was severely limited from the get-go.

Miles concluded by pointing out a silver lining in the financial crisis thundercloud: at least it helped introduce positive changes, such as greater reporting transparency.

That’s a lesson one could draw from the sinking of The Titanic: it meant ocean liners forever after would carry enough lifeboats for all passengers and crew (providing the regulations are followed). Some learning occurs at a terrible price but it would be a bigger pity if none was to occur at all. ª

The webinar presentation slides can be found at: http://www.garp.org/risk-news-and-resources/webcasts/on-demand-webcasts.aspx?page=1

Be sure to check out the NudgeGlobal Exchange site for other interesting research papers.