behavioural risk

BEHAVIOURAL RISK INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS

IRMSA – THE RIPPLE EFFECT 20 November 2012

Volker von Widdern

MD Risk Consulting

Marsh Sandton

MARSH 1 22 November 2012

Frameworks, processes and standards for risk management, although essential, are not sufficient to ensure that organisations reliably manage their risks and meet their strategic objectives.

What is missing is the behavioural element: why do individuals, groups and organisations behave the way they do, and how does this affect all aspects of the management of risk.

Richard Anderson Chairman of the Institute of Risk Management


Context: • Behavioural Risk is a fairly new frontier in risk management despite a long

history in the health care sector.

• Behavioural Risk Management should enhance the effectiveness and sustainability of Operational Risk Management.

• Behavioural Risk exists regardless of behavioural intent, i.e. it is not a result of ill will or intentional sabotage.

• Certain standard human behaviours by their very nature create certain behavioural risks.

• Human behaviours in emergency situations, situations of stress or prolonged monotony also create certain risks.

• Some of these behaviours are influenced by unknown and unknowable spheres of influence unique to each individual.

• An accumulation of a variety of behaviours, attitudes and actions create a certain Risk Culture within an organisation.

Caveats:

Not a clinical psychologist’s view

In no way related to the psychological procedure of Behaviour Modification

Section 1

BEHAVIOURAL RISK - INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS

UNDERSTANDING BEHAVIOURAL RISK

What is Behavioural Risk?

What are the Consequences of Behavioural Risk Exposures?

Human Elements of Top Risks

Linking Business Risks to Compensation Plans

The Behavioural Risk Cycle


UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk?

Standard Human Behaviours That Create Risks:

– Denial & Wilful Blindness

When people ignore painful/ frightening truths, believing that denial can protect

them.

Markopolos campaigned for 10 years for a review of Madoff’s Ponzi Scheme.

– Following Orders/ ‘Follow My Leader’

Battleships turning in to each other – largest peacetime loss of life.

Milgram Experiment – highest rate for full obedience was SA and Austria, lowest

Australia and Spain.

– Pack/Group Behaviour

Bystander Phenomenon: the more people who witness an event, the less likely

that anyone will respond.

– ‘Birds Of A Feather Flocking Together’

People naturally gravitate to others like themselves…creates self propagation

and a lack of diversity, a cause of behavioural risk.


More Standard Human Behaviours That Create Risks:

– Emotive Decision Making

Tiger Woods: “I convinced myself that normal rules didn’t apply.”

– Fear Of Failure/ Being Singled Out/ Being Wrong/ Ridicule, Etc.

Not reporting suspicions or possible issues, ignoring warning signs.

– Victimisation Of Those Who Are Different

Psychology shows us that one of the ways of dealing with one’s own perceived

inadequacies is to discriminate against the ‘other’, thus placing oneself into a

group that is acceptable.

– Fear Of Change/ Disruption

Not implementing a better system/legal requirements

Unwilling to examine current status quo

– Aggregation Of Behaviours

A culture arises from repeated behaviours, resulting in either virtuous or vicious

cycles (always done it like this…)

UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk? (continued)




– Behaviour Change at Home vs. Work

At work, the ethic of obedience rises and the ethic of care reduces – leads to

“unquestioning behaviour”.

– Behaviour Change under Stress

Studies show that judgement is affected, decisions have a greater emotional

component, ethical concerns may not rate as high under stress.

“overloaded people become morally blind”

– Behaviour Change in Routines & Under Prolonged Stress

BP Texas refinery explosion – overstretched plant management, excessive cost

cuts.

– Emergency Situation Behaviour/Panic

Fight or flight impulse.

Illogical or unexpected responses that may cause further risk exposures.




– Aversion to conflict

Consequently don’t develop tools to manage conflict.

Avoid conflict situations that ultimately causes issues to escalate.

– Ideology

Often thus unable to see/ consider other points of view.

Weights respect/ value for others with dissimilar or contrasting ideology.

– ‘Once Bitten Twice Shy’/ Disengagement

Risks not reported because they were not addressed before, or are perceived

not to be addressed in general.

– Structural blindness

People and companies believe people can work as machines and that machines

can do the work of people.


UNDERSTANDING BEHAVIOURAL RISK What are the Consequences of Behavioural Risk Exposures?

A Sample of Potential Consequences:

– Inadequate Risk Responses

– Physical Disasters/Losses

– Loss Of Market Share

– Failure To Achieve Intended Benefits Of Business Decisions

– Governance & Compliance Issues

– Ethical Issues

– Loss Of Efficiency & Project Success

– Grudge Efforts

– Complacence & Sleepwalking

– Negligence

– Unexpected Outcomes & Problems

– Patterns/ Cycles Of Undesirable Behaviour


UNDERSTANDING BEHAVIOURAL RISK Human Elements of Top Risks

Sample of Top Risks Related Human Elements (drivers)

Loss Of Market Share Salesperson effectives; inconsistent application

of incentives; poor design of marketing

strategy.

Counterparty / Credit

Risk

Dominant sales / growth culture, alternatively

excessively strict financial control culture.

Product & Project

Success / Efficacy

Tyranny of excellence; key person

dependencies.

M&A Failure To Achieve

Intended Benefits

Transactions are initiated by top executives (C

suites); operational integration is expected of

under-integrated management teams.


• Challenge of allocating accountability for top (business) risks.

• Top risks influences and dependencies:

– Policy design – are committees jointly and severally liable?

– Market factors – which are controllable for executives?

– Judgement – directly influenced by decisions of executives

– Systems & infrastructure – mainly a dependency, but excessive tolerance

of poor systems was viewed as an executive accountability

• To calibrate impact on incentives, “controllable” risk components /

measurements were allocated across the above factors, resulting in

significant challenges to accountability interpretations.

Conclusion: Unwillingness at executive level to have direct / measurable links between top risks and incentive compensation.

UNDERSTANDING BEHAVIOURAL RISK Linking Business Risks to Compensation Plans


UNDERSTANDING BEHAVIOURAL RISK The Behavioural Risk Cycle

Risk Culture

Of Company

Operational Procedures, Incidents &

Investigations

Behaviour

Of Individuals

Risk Culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group.

As with all cycles, a single issue is easily perpetuated and amplified by the interactions of the various parts of the cycle. To change one part, all parts will have to be aligned towards that change.

Section 2


ANALYSIS OF BEHAVIOURAL RISK

Causes of Behaviour & Behavioural Risk

Behaviour or Personality Types

Pressure or Stress

Adversarial Working Relationships

Company Policy

Perceptions & weighting


ANALYSING BEHAVIOURAL RISK Causes of Behaviour & Behavioural Risk

What Causes Behaviour & Behavioural Risk?

– Morals, Ethics, Judgement & Prejudice

Some of these are entrenched by the individual’s

experiences outside the work place, some of these are

fostered by the groups an individual has contact with within

the workplace.

– Fear & Victimisation

Often irrational, almost never vocalised and may be

psychological or physical.

– Psychological Influences

– Logical Vs. Emotional Reasoning (see Perception & Weighting

slide)

– Self Interest or what is perceived to be in the individual’s own

interest.


ANALYSING BEHAVIOURAL RISK Causes of Behaviour & Behavioural Risk (continued)

What Causes Behaviour & Behavioural Risk?

– Social & Spatial Influences

The human animal is hugely influenced by its social and physical

environment. As much as 45% of human learning is from

observing others in our environment.

– Systems & Infrastructure

The skeleton on which behavioural flesh grows.

– Behaviour or Personality Types (see related slide)

– Pressure or Stress (see related slide)

– Adversarial Working Relationships (see related slide)

– Company Policy & Perceived Company Policy (see slide)

– Risks & Perceived Risks vs. Opportunities & Perceived

Opportunities (see Perception & Weighting slide)


CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Behaviour or Personality Types

Some risk management intuitively seeks out the explicit elements, whereas it

seems that the “passive” staff can have the higher risk profiles:

– Passive disagreements can lead to undermining behaviour, high levels of tolerance

of non conformance with policy, poor alignment with values, etc.

– Passive supporters are not necessarily “meek sheep”, being poorly engaged their

allegiances are easily swayed.

– Passive staff are less likely to use safeguarding tools (tip off’s).

– Passive staff cultures are created by:

Unethical / inconsistent executive value systems

Tolerance of “mercenary” team leadership styles

Explicit

Contrarian

Explicit

Supporter

Passive

Contrarian

Passive

Supporter


CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Pressure or Stress

Not all levels of management and employees respond the same to stress and

stimulus, to risk opportunities vs. exposures.

Contrast Non Exec requirement for legal certainty, compliance and governance vs Executives’ focus on security and sustainability?

Strategy Components Fear Factor vs. Risk Appetite

Executives Non Executives

Business as Usual Low Fear, Medium Appetite

Low Fear, High Appetite

Organic Growth (Market Share)

Medium Fear, High Appetite

Low Fear, High Appetite

Product Expansion / Innovation

Medium Fear, Medium Appetite

High Fear, Medium

Appetite

Business expansion / Acquisition

High Fear, Low Appetite Medium Fear, High

Appetite


CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Adversarial Working Relationships

• Definitions

– Behaviour which erodes trust

– Overly “transactional” workplace relationships, not in line with communal

support objectives

• Mindsets

– Feeling out of control , exposed, unsafe

– Being let down, used by a colleague

– Vulnerable

• Consequences

– Blocks progress, obstructs debate, wastes effort

– Escalated conflicts, demoralising effect

– Impeding decision making & problem solving processes


CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Company Policies

• Certain policy mixes (or perceived policy) encourage behavioural risk

exposures

Strategic Risks

High tolerance of top risks as “non

insurable & non controllable”,

abdication of business risk

consequences to silo’s

Strategic Opportunities

ERM Integration based on a common

set of risk understandings and

calibrations at the C Suite

Operational Risks

Tick box compliance & risk register

updates – grudge efforts

Operational Opportunities

Strong investments in understanding

rationality and cognitive perception of

risk officers


CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Perception & Weighting

Perception

One of the critical factors in communication and other human related endeavours is the issue of

perception. A person or group’s perception may be influenced by the characteristics of the

perceiver, attitudes, moods, motives, expectations, etc.

Perception of a situation, an order, an object, an imperative or even a fact may differ hugely

from the reality of said situation – however to the individual in question there is no difference

between their perception of something and the reality.

Thus Perception = Reality.

Weighting

Individuals give different weighting to different reasons/influencers.

Hence an emotional reason could outweigh a logical reason and even scientific fact

as an influencer of behaviour. Things that commonly receive heavier weighting are

ease of action, benefit to self, social acceptability or desirability,

Section 3


MANAGING BEHAVIOURAL RISK

Case Study: Financial Services Operations Risk Study

Measuring the Current Risk Exposures

Aligning All the Aspects

Managing & Monitoring


MANAGING BEHAVIOURAL RISK Case Study: Financial Services Operations Risk Study

Recent Corven Study suggests that banks and FI’s are well behind industry in

measuring and changing behaviours in response to major operational risk.

The findings come as banks reputations are at a low point, after a steady drip of

compliance breaches – from money-laundering allegations at HSBC, to a computer

systems failure at the Royal Bank of Scotland, to attempted manipulation of a key

interbank lending rate at Barclays . . .

Governance and management of operational risk

• A general trend towards centralisation of the risk management function

Measures of operational risk

• Almost no measuring of the cultural and behavioural elements.

• Most risk measures are reactive and based on incident reporting.

• All are trying to link compensation to operational risk performance

“’Flawed culture’ behind Barclays’ Libor rate fixing” - Parliamentary Report, quoted in Business Day, 20 August 2012


MANAGING BEHAVIOURAL RISK Case Study: Financial Services Operations Risk Study (continued)

Drivers for improving operational risk management

• Two thirds listed regulations (only) as drivers.

• Just over one-third report that full root cause analysis was systematically

undertaken to identify the underlying causes of major risk failures.

The role of leadership and risk culture in managing operational risk

• The majority of respondents reported a strong correlation between the

business leaders understanding of risk and the adoption of good risk

management practices.

• Only one fifth is taking steps to specifically improve risk culture and

behaviour.

• Although 62% of major risk incidents relate to peoples behaviours or

capabilities, in almost all the cases (91%) the organisational response has

been focussed on process and system change (not behaviours!)


MANAGING BEHAVIOURAL RISK Measuring the Current Risk Exposures

What is the current status quo? What is the companies risk culture?

What is the management risk culture vs. the company risk culture?

Is there a strong set of published values that are regularly referenced? *

Is there a common set of terms or language used within the organisation? *

What do all the above say about the culture of the organisation? *

*IRM White Paper on Risk Culture

Critical in managing any risk is measuring what the current exposures are.

“If you can’t measure it, you can’t manage it.” Peter F. Drucker


MANAGING BEHAVIOURAL RISK Measuring the Current Risk Exposures (continued)

Does the entire team have the same understanding of the key risks of the

operation?

Is there a blame culture operating on any level of the operation? *

Does the organisation/operation’s structure support or detract from the

management of risk? *

Do we really acknowledge and live the values we publish at every level in the

operation in everything we do? *

A communal culture requires time and investment. Do we invest consistently

and wisely to develop and maintain an effective risk culture? * *IRM White Paper on Risk Culture

Management Teams need to asses themselves too.


MANAGING BEHAVIOURAL RISK Aligning All the Aspects

Contrary Messages or Expectations Create Behavioural Risks

– Management structures, policy, desired outcomes for all levels of

people involved, spoken and unspoken communications need to be

aligned to avoid these risk exposures, e.g. the UK Tax default

recovery strategy

– Often the spoken message is contradicted by unspoken pressure to

do something contrary. This conflict needs to be sorted out at

management level, not in the mind of an employee when they need

to behave in a certain way. For example, the official message may be

valuing production quality, but the unspoken message is production volume

is more important. E.g. The UBS rogue trader example.

– An individual system may be working, but sometimes the process as

a whole or the way a system interacts with another is not aligned

and creates issues.


MANAGING BEHAVIOURAL RISK Managing & Monitoring

Continuous monitoring and re-evaluation will be required

– Identify and be aware of the behavioural component

– Separate the issues from the people who have them

– What are all the different interests involved in an action?

– Invent options for mutual gain

– Have objective criteria

– Design solutions with all the desired outcomes in mind

– Think what behaviour does a decision encourage

• Fisher & Ury; (2001). Getting to Yes: Negotiating Without Giving In. New York: Harvard

Negotiation Project.

• Heffernan; (2011). Wilful Blindness: Why We Ignore the Obvious at Our Peril. England:

Walker & Company.

• Institute for Risk Management; (2012). Risk Culture. White Paper.

• Kyrtsis; (2007). Context Awareness, Emotional Tensions and Operational Risk

Perception. Athens: University of Athens.

• Oade; (2010). Working in Adversarial Relationships: Operating Effectively in

Relationships Characterized by Little Trust or Support. London: Palgrave.

• Rasmussen; (1997). Risk Management in a Dynamic Society: A Modeling Problem.

Great Britain: Elsevier Science Ltd.

• Shigeyuki; (2004). Study on Behavioural Risk Management Systems. Tokyo: Self

Published.

BEHAVIOURAL RISK List of References

behavioural risk

Documents