What is risk washing? Risk washing as an idea that a company states that they have an effective risk management program or compliance policies and procedures in place yet there’s suspect evidence to support the claim. The company statements are for the record yet there’s little evidence to support the statement. The notion of risk washing comes from the general concept of whitewashing, which is the attempt to prevent people from finding out about the true facts of a situation. Whitewashing can also be about making something that is bad seem acceptable by hiding the truth. In another example, environmentalists have coined the term green washing. Environmentalists have uncovered numerous instances were companies have declared there is a robust environmental policy is in place that they are following. Yet, this is not the case. The company is promoting a green environmental policy but is not abiding by it. Hence greenwashing their environmental record.
Turning to the financial services industry, risk managers and compliance officers are required to promote a culture of compliance and have an appropriate risk management program in place, including compliance policies and procedures. While many firms will make statements that they are managing their risk appropriately, is there risk washing going on? Based on the findings of environmentalists, having a risk management and/or policies and procedures in pace, does not mean that they are being followed. For example, in my experience, there are risk managers who really don’t want any information or analysis created that may be used against the firm by the regulators. The analysis may highlight a risk that needs to be addressed, the attitude though is if it’s not identified it doesn’t have to be addressed. This type of risk manager does not promote a high-quality risk management program.
The obvious question to ask is what statistics or evidence is there could indicate risk washing is going on in the financial services industry? The evidence of risk washing would be those companies who have been identified with risk or compliance deficiencies by the regulators. As we know, all companies will have a policies and procedures manual to follow which states they have compliance programs in place.
Those companies that have a deficiency will be sanctioned through and enforcement process. Companies that have been sanctioned will make the effort to prevent any further sanctions in the future by correcting any deficiencies. Risk washing would be those companies that have been through an enforcement action more than once. These companies may not have made sufficient attempts to prevent any further enforcement actions, they’re promoting a compliance culture but may not be abiding by it.
For this article, the search is limited to only those firms who have two or more enforcement actions. In doing a quick search of the regulator’s websites, only the MFDA provides an easy review of enforcement actions that could identify the companies that have two or more enforcement actions. As of this posting the MFDA lists 20 members out of 91 who meet the criteria. Twenty members of the MFDA may not have made sufficient attempts to prevent any further enforcement actions after the first sanctions, they’re promoting a compliance culture but may not be abiding by it.
Although there is evidence that there could be risk washing going on in the MFDA registration category, we really can’t make that conclusion. There is evidence that can indicate risk washing could be happening, however it is circumstantial at this point however, proper and appropriate research needs to be conducted. The proper research could identify a link between repeat offenders and risk washing, which should also include the other remaining registration categories.
Given your experience as a risk manager or compliance officer, is there risk washing going on in your industry?