behavioural risk
TRANSCRIPT
BEHAVIOURAL RISK INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS
IRMSA – THE RIPPLE EFFECT 20 November 2012
Volker von Widdern
MD Risk Consulting
Marsh Sandton
MARSH 1 22 November 2012
Frameworks, processes and standards for risk management, although essential, are not sufficient to ensure that organisations reliably manage their risks and meet their strategic objectives.
What is missing is the behavioural element: why do individuals, groups and organisations behave the way they do, and how does this affect all aspects of the management of risk.
Richard Anderson Chairman of the Institute of Risk Management
MARSH 2 22 November 2012
Context: • Behavioural Risk is a fairly new frontier in risk management despite a long
history in the health care sector.
• Behavioural Risk Management should enhance the effectiveness and sustainability of Operational Risk Management.
• Behavioural Risk exists regardless of behavioural intent, i.e. it is not a result of ill will or intentional sabotage.
• Certain standard human behaviours by their very nature create certain behavioural risks.
• Human behaviours in emergency situations, situations of stress or prolonged monotony also create certain risks.
• Some of these behaviours are influenced by unknown and unknowable spheres of influence unique to each individual.
• An accumulation of a variety of behaviours, attitudes and actions create a certain Risk Culture within an organisation.
Caveats:
Not a clinical psychologist’s view
In no way related to the psychological procedure of Behaviour Modification
Section 1
BEHAVIOURAL RISK - INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS
UNDERSTANDING BEHAVIOURAL RISK
What is Behavioural Risk?
What are the Consequences of Behavioural Risk Exposures?
Human Elements of Top Risks
Linking Business Risks to Compensation Plans
The Behavioural Risk Cycle
MARSH 4 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk?
Standard Human Behaviours That Create Risks:
– Denial & Wilful Blindness
When people ignore painful/ frightening truths, believing that denial can protect
them.
Markopolos campaigned for 10 years for a review of Madoff’s Ponzi Scheme.
– Following Orders/ ‘Follow My Leader’
Battleships turning in to each other – largest peacetime loss of life.
Milgram Experiment – highest rate for full obedience was SA and Austria, lowest
Australia and Spain.
– Pack/Group Behaviour
Bystander Phenomenon: the more people who witness an event, the less likely
that anyone will respond.
– ‘Birds Of A Feather Flocking Together’
People naturally gravitate to others like themselves…creates self propagation
and a lack of diversity, a cause of behavioural risk.
MARSH 5 22 November 2012
More Standard Human Behaviours That Create Risks:
– Emotive Decision Making
Tiger Woods: “I convinced myself that normal rules didn’t apply.”
– Fear Of Failure/ Being Singled Out/ Being Wrong/ Ridicule, Etc.
Not reporting suspicions or possible issues, ignoring warning signs.
– Victimisation Of Those Who Are Different
Psychology shows us that one of the ways of dealing with one’s own perceived
inadequacies is to discriminate against the ‘other’, thus placing oneself into a
group that is acceptable.
– Fear Of Change/ Disruption
Not implementing a better system/legal requirements
Unwilling to examine current status quo
– Aggregation Of Behaviours
A culture arises from repeated behaviours, resulting in either virtuous or vicious
cycles (always done it like this…)
UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk? (continued)
MARSH 6 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk? (continued)
More Standard Human Behaviours That Create Risks:
– Behaviour Change at Home vs. Work
At work, the ethic of obedience rises and the ethic of care reduces – leads to
“unquestioning behaviour”.
– Behaviour Change under Stress
Studies show that judgement is affected, decisions have a greater emotional
component, ethical concerns may not rate as high under stress.
“overloaded people become morally blind”
– Behaviour Change in Routines & Under Prolonged Stress
BP Texas refinery explosion – overstretched plant management, excessive cost
cuts.
– Emergency Situation Behaviour/Panic
Fight or flight impulse.
Illogical or unexpected responses that may cause further risk exposures.
MARSH 7 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK What is Behavioural Risk? (continued)
More Standard Human Behaviours That Create Risks:
– Aversion to conflict
Consequently don’t develop tools to manage conflict.
Avoid conflict situations that ultimately causes issues to escalate.
– Ideology
Often thus unable to see/ consider other points of view.
Weights respect/ value for others with dissimilar or contrasting ideology.
– ‘Once Bitten Twice Shy’/ Disengagement
Risks not reported because they were not addressed before, or are perceived
not to be addressed in general.
– Structural blindness
People and companies believe people can work as machines and that machines
can do the work of people.
MARSH 8 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK What are the Consequences of Behavioural Risk Exposures?
A Sample of Potential Consequences:
– Inadequate Risk Responses
– Physical Disasters/Losses
– Loss Of Market Share
– Failure To Achieve Intended Benefits Of Business Decisions
– Governance & Compliance Issues
– Ethical Issues
– Loss Of Efficiency & Project Success
– Grudge Efforts
– Complacence & Sleepwalking
– Negligence
– Unexpected Outcomes & Problems
– Patterns/ Cycles Of Undesirable Behaviour
MARSH 9 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK Human Elements of Top Risks
Sample of Top Risks Related Human Elements (drivers)
Loss Of Market Share Salesperson effectives; inconsistent application
of incentives; poor design of marketing
strategy.
Counterparty / Credit
Risk
Dominant sales / growth culture, alternatively
excessively strict financial control culture.
Product & Project
Success / Efficacy
Tyranny of excellence; key person
dependencies.
M&A Failure To Achieve
Intended Benefits
Transactions are initiated by top executives (C
suites); operational integration is expected of
under-integrated management teams.
MARSH 10 22 November 2012
• Challenge of allocating accountability for top (business) risks.
• Top risks influences and dependencies:
– Policy design – are committees jointly and severally liable?
– Market factors – which are controllable for executives?
– Judgement – directly influenced by decisions of executives
– Systems & infrastructure – mainly a dependency, but excessive tolerance
of poor systems was viewed as an executive accountability
• To calibrate impact on incentives, “controllable” risk components /
measurements were allocated across the above factors, resulting in
significant challenges to accountability interpretations.
Conclusion: Unwillingness at executive level to have direct / measurable links between top risks and incentive compensation.
UNDERSTANDING BEHAVIOURAL RISK Linking Business Risks to Compensation Plans
MARSH 11 22 November 2012
UNDERSTANDING BEHAVIOURAL RISK The Behavioural Risk Cycle
Risk Culture
Of Company
Operational Procedures, Incidents &
Investigations
Behaviour
Of Individuals
Risk Culture is a term describing the values, beliefs, knowledge and understanding about risk shared by a group.
As with all cycles, a single issue is easily perpetuated and amplified by the interactions of the various parts of the cycle. To change one part, all parts will have to be aligned towards that change.
Section 2
BEHAVIOURAL RISK - INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS
ANALYSIS OF BEHAVIOURAL RISK
Causes of Behaviour & Behavioural Risk
Behaviour or Personality Types
Pressure or Stress
Adversarial Working Relationships
Company Policy
Perceptions & weighting
MARSH 13 22 November 2012
ANALYSING BEHAVIOURAL RISK Causes of Behaviour & Behavioural Risk
What Causes Behaviour & Behavioural Risk?
– Morals, Ethics, Judgement & Prejudice
Some of these are entrenched by the individual’s
experiences outside the work place, some of these are
fostered by the groups an individual has contact with within
the workplace.
– Fear & Victimisation
Often irrational, almost never vocalised and may be
psychological or physical.
– Psychological Influences
– Logical Vs. Emotional Reasoning (see Perception & Weighting
slide)
– Self Interest or what is perceived to be in the individual’s own
interest.
MARSH 14 22 November 2012
ANALYSING BEHAVIOURAL RISK Causes of Behaviour & Behavioural Risk (continued)
What Causes Behaviour & Behavioural Risk?
– Social & Spatial Influences
The human animal is hugely influenced by its social and physical
environment. As much as 45% of human learning is from
observing others in our environment.
– Systems & Infrastructure
The skeleton on which behavioural flesh grows.
– Behaviour or Personality Types (see related slide)
– Pressure or Stress (see related slide)
– Adversarial Working Relationships (see related slide)
– Company Policy & Perceived Company Policy (see slide)
– Risks & Perceived Risks vs. Opportunities & Perceived
Opportunities (see Perception & Weighting slide)
MARSH 15 22 November 2012
CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Behaviour or Personality Types
Some risk management intuitively seeks out the explicit elements, whereas it
seems that the “passive” staff can have the higher risk profiles:
– Passive disagreements can lead to undermining behaviour, high levels of tolerance
of non conformance with policy, poor alignment with values, etc.
– Passive supporters are not necessarily “meek sheep”, being poorly engaged their
allegiances are easily swayed.
– Passive staff are less likely to use safeguarding tools (tip off’s).
– Passive staff cultures are created by:
Unethical / inconsistent executive value systems
Tolerance of “mercenary” team leadership styles
Explicit
Contrarian
Explicit
Supporter
Passive
Contrarian
Passive
Supporter
MARSH 16 22 November 2012
CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Pressure or Stress
Not all levels of management and employees respond the same to stress and
stimulus, to risk opportunities vs. exposures.
Contrast Non Exec requirement for legal certainty, compliance and governance vs Executives’ focus on security and sustainability?
Strategy Components Fear Factor vs. Risk Appetite
Executives Non Executives
Business as Usual Low Fear, Medium Appetite
Low Fear, High Appetite
Organic Growth (Market Share)
Medium Fear, High Appetite
Low Fear, High Appetite
Product Expansion / Innovation
Medium Fear, Medium Appetite
High Fear, Medium
Appetite
Business expansion / Acquisition
High Fear, Low Appetite Medium Fear, High
Appetite
MARSH 17 22 November 2012
CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Adversarial Working Relationships
• Definitions
– Behaviour which erodes trust
– Overly “transactional” workplace relationships, not in line with communal
support objectives
• Mindsets
– Feeling out of control , exposed, unsafe
– Being let down, used by a colleague
– Vulnerable
• Consequences
– Blocks progress, obstructs debate, wastes effort
– Escalated conflicts, demoralising effect
– Impeding decision making & problem solving processes
MARSH 18 22 November 2012
CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Company Policies
• Certain policy mixes (or perceived policy) encourage behavioural risk
exposures
Strategic Risks
High tolerance of top risks as “non
insurable & non controllable”,
abdication of business risk
consequences to silo’s
Strategic Opportunities
ERM Integration based on a common
set of risk understandings and
calibrations at the C Suite
Operational Risks
Tick box compliance & risk register
updates – grudge efforts
Operational Opportunities
Strong investments in understanding
rationality and cognitive perception of
risk officers
MARSH 19 22 November 2012
CAUSES OF BEHAVIOUR & BEHAVIOURAL RISK Perception & Weighting
Perception
One of the critical factors in communication and other human related endeavours is the issue of
perception. A person or group’s perception may be influenced by the characteristics of the
perceiver, attitudes, moods, motives, expectations, etc.
Perception of a situation, an order, an object, an imperative or even a fact may differ hugely
from the reality of said situation – however to the individual in question there is no difference
between their perception of something and the reality.
Thus Perception = Reality.
Weighting
Individuals give different weighting to different reasons/influencers.
Hence an emotional reason could outweigh a logical reason and even scientific fact
as an influencer of behaviour. Things that commonly receive heavier weighting are
ease of action, benefit to self, social acceptability or desirability,
Section 3
BEHAVIOURAL RISK - INFLUENCES AND IMPACTS FOR STRATEGIC AND OPERATIONAL RISKS
MANAGING BEHAVIOURAL RISK
Case Study: Financial Services Operations Risk Study
Measuring the Current Risk Exposures
Aligning All the Aspects
Managing & Monitoring
MARSH 21 22 November 2012
MANAGING BEHAVIOURAL RISK Case Study: Financial Services Operations Risk Study
Recent Corven Study suggests that banks and FI’s are well behind industry in
measuring and changing behaviours in response to major operational risk.
The findings come as banks reputations are at a low point, after a steady drip of
compliance breaches – from money-laundering allegations at HSBC, to a computer
systems failure at the Royal Bank of Scotland, to attempted manipulation of a key
interbank lending rate at Barclays . . .
Governance and management of operational risk
• A general trend towards centralisation of the risk management function
Measures of operational risk
• Almost no measuring of the cultural and behavioural elements.
• Most risk measures are reactive and based on incident reporting.
• All are trying to link compensation to operational risk performance
“’Flawed culture’ behind Barclays’ Libor rate fixing” - Parliamentary Report, quoted in Business Day, 20 August 2012
MARSH 22 22 November 2012
MANAGING BEHAVIOURAL RISK Case Study: Financial Services Operations Risk Study (continued)
Drivers for improving operational risk management
• Two thirds listed regulations (only) as drivers.
• Just over one-third report that full root cause analysis was systematically
undertaken to identify the underlying causes of major risk failures.
The role of leadership and risk culture in managing operational risk
• The majority of respondents reported a strong correlation between the
business leaders understanding of risk and the adoption of good risk
management practices.
• Only one fifth is taking steps to specifically improve risk culture and
behaviour.
• Although 62% of major risk incidents relate to peoples behaviours or
capabilities, in almost all the cases (91%) the organisational response has
been focussed on process and system change (not behaviours!)
MARSH 23 22 November 2012
MANAGING BEHAVIOURAL RISK Measuring the Current Risk Exposures
What is the current status quo? What is the companies risk culture?
What is the management risk culture vs. the company risk culture?
Is there a strong set of published values that are regularly referenced? *
Is there a common set of terms or language used within the organisation? *
What do all the above say about the culture of the organisation? *
*IRM White Paper on Risk Culture
Critical in managing any risk is measuring what the current exposures are.
“If you can’t measure it, you can’t manage it.” Peter F. Drucker
MARSH 24 22 November 2012
MANAGING BEHAVIOURAL RISK Measuring the Current Risk Exposures (continued)
Does the entire team have the same understanding of the key risks of the
operation?
Is there a blame culture operating on any level of the operation? *
Does the organisation/operation’s structure support or detract from the
management of risk? *
Do we really acknowledge and live the values we publish at every level in the
operation in everything we do? *
A communal culture requires time and investment. Do we invest consistently
and wisely to develop and maintain an effective risk culture? * *IRM White Paper on Risk Culture
Management Teams need to asses themselves too.
MARSH 25 22 November 2012
MANAGING BEHAVIOURAL RISK Aligning All the Aspects
Contrary Messages or Expectations Create Behavioural Risks
– Management structures, policy, desired outcomes for all levels of
people involved, spoken and unspoken communications need to be
aligned to avoid these risk exposures, e.g. the UK Tax default
recovery strategy
– Often the spoken message is contradicted by unspoken pressure to
do something contrary. This conflict needs to be sorted out at
management level, not in the mind of an employee when they need
to behave in a certain way. For example, the official message may be
valuing production quality, but the unspoken message is production volume
is more important. E.g. The UBS rogue trader example.
– An individual system may be working, but sometimes the process as
a whole or the way a system interacts with another is not aligned
and creates issues.
MARSH 26 22 November 2012
MANAGING BEHAVIOURAL RISK Managing & Monitoring
Continuous monitoring and re-evaluation will be required
– Identify and be aware of the behavioural component
– Separate the issues from the people who have them
– What are all the different interests involved in an action?
– Invent options for mutual gain
– Have objective criteria
– Design solutions with all the desired outcomes in mind
– Think what behaviour does a decision encourage
• Fisher & Ury; (2001). Getting to Yes: Negotiating Without Giving In. New York: Harvard
Negotiation Project.
• Heffernan; (2011). Wilful Blindness: Why We Ignore the Obvious at Our Peril. England:
Walker & Company.
• Institute for Risk Management; (2012). Risk Culture. White Paper.
• Kyrtsis; (2007). Context Awareness, Emotional Tensions and Operational Risk
Perception. Athens: University of Athens.
• Oade; (2010). Working in Adversarial Relationships: Operating Effectively in
Relationships Characterized by Little Trust or Support. London: Palgrave.
• Rasmussen; (1997). Risk Management in a Dynamic Society: A Modeling Problem.
Great Britain: Elsevier Science Ltd.
• Shigeyuki; (2004). Study on Behavioural Risk Management Systems. Tokyo: Self
Published.
BEHAVIOURAL RISK List of References