Risk Managers Identifying Destructive Leaders

I overheard a conversation in a coffee shop the other day that made me ask, how close are the traits of inexperience leaders and destructive leaders.

Two people were talking about the company they work for and the risk management program they were subject to. They did mention the name of the company, so I do know that they work for a highly regulated securities company that is subject to a rigorous risk management regime. The basic gist of the conversation was how they and their coworkers have developed strategies and implemented plans to meet their annual risk management obligations. They have on an annual basis a requirement to prep for and pass a risk management quiz, with prep time being done on their own time, outside of their day jobs.  If one answer is incorrect on the quiz, then they must register and take the quiz again.

The strategy they devised to help their group of coworkers is to get one person to complete the quiz (the department know it all), write down the correct answers and then pass them on to everyone else in the department. All they needed to do is to have the answers when they completed the quiz to get a pass on the first attempt. No need to prepare, just complete the quiz with all the correct answers.

Which brings be back to the question, how close are the traits of inexperience leaders and destructive leaders? Based on the tone of the conversation and not having the opportunity to seek clarification, I would assume that there is inexperience at the leadership level in the risk management department. They understand that there is a need for an annual review which is a good idea, however in the execution, this may not be the best positive way to get a positive buy in by everyone. The risk management department can get some honest feedback and maybe change their approach to make it a better and positive experience.

The inexperienced leader can gain experience. They may be viewed as somewhat incompetent at the start, yet through feedback, soliciting suggestions, or seeking outside guidance, they can move along the sliding scale of inexperienced and incompetence to experienced and accomplished. There is a chance however that an inexperienced leader may not move positively along the leadership experience scale. They may decide that they know best, they know what needs to happen and do not seek feedback, or suggestions. They might resort to destructive tactics such as bullying or command and control to get there way. The near term risk management goals can be met however the long-term destructive attitude will erode the effectiveness of any risk management program.

As an example, I do know of a rare situation were a risk manager who moved from being an inexperience leader to a destructive leader. The risk manager has all the technical skills to be in the C suite position and deserved the opportunity to assume the role. However, upon assuming the C suite role and their inexperience, they started to display destructive leadership tendencies rather quickly. In any role as a risk management executive, there will always be questions about a risk management program, this is part of the position and an expectation of the role. For this individual, they took these questions as a direct challenge to their technical knowledge and experience, rather than what they were at face value, fundamental clarifications. These clarifications were the result of updates to the risk management program rolled out to the company. As with any updates, there is a desire to comply which will prompt questions about how to comply. The risk manager viewed these questions as an unwillingness to implement the changes and then resorted to destructive behaviors to enforce the changes. These behaviors included destructive office politics, abusive communications, and even false allegations of unethical behavior on a fellow co-worker. The result is this individual is no longer in the C suite position and may never be able to be a risk manager again. All that technical experience thrown away simply for not understanding that the fundamental role of the C suite position is to provide leadership, complimented with their technical skills.

An inexperienced leader can gain experience through training, and time on the job. They can move from inexperience to experienced over time. In the first example of the coffee shop conversation, the risk manager can learn about the corporate attitude towards the risk management program and adapt. The second example of a destructive leader, a wall is built between themselves and the rest of the corporation. This wall and the toxic environment that’s created will prevent any opportunities to learn, adapt, or gain positive leadership experience.  

In closing, here’s a question; does anyone look at leadership styles as part of their risk management program? Is there any attempt to identify destructive leaders in their organization?

Is ‘Risk Washing’ going on in the financial services industry?

What is risk washing? Risk washing as an idea that a company states that they have an effective risk management program or compliance policies and procedures in place yet there’s suspect evidence to support the claim. The company statements are for the record yet there’s little evidence to support the statement. The notion of risk washing comes from the general concept of whitewashing, which is the attempt to prevent people from finding out about the true facts of a situation. Whitewashing can also be about making something that is bad seem acceptable by hiding the truth. In another example, environmentalists have coined the term green washing. Environmentalists have uncovered numerous instances were companies have declared there is a robust environmental policy is in place that they are following. Yet, this is not the case. The company is promoting a green environmental policy but is not abiding by it. Hence greenwashing their environmental record.

Turning to the financial services industry, risk managers and compliance officers are required to promote a culture of compliance and have an appropriate risk management program in place, including compliance policies and procedures. While many firms will make statements that they are managing their risk appropriately, is there risk washing going on? Based on the findings of environmentalists, having a risk management and/or policies and procedures in pace, does not mean that they are being followed. For example, in my experience, there are risk managers who really don’t want any information or analysis created that may be used against the firm by the regulators. The analysis may highlight a risk that needs to be addressed, the attitude though is if it’s not identified it doesn’t have to be addressed. This type of risk manager does not promote a high-quality risk management program.

The obvious question to ask is what statistics or evidence is there could indicate risk washing is going on in the financial services industry?  The evidence of risk washing would be those companies who have been identified with risk or compliance deficiencies by the regulators. As we know, all companies will have a policies and procedures manual to follow which states they have compliance programs in place.

Those companies that have a deficiency will be sanctioned through and enforcement process. Companies that have been sanctioned will make the effort to prevent any further sanctions in the future by correcting any deficiencies. Risk washing would be those companies that have been through an enforcement action more than once. These companies may not have made sufficient attempts to prevent any further enforcement actions, they’re promoting a compliance culture but may not be abiding by it.

For this article, the search is limited to only those firms who have two or more enforcement actions. In doing a quick search of the regulator’s websites, only the MFDA provides an easy review of enforcement actions that could identify the companies that have two or more enforcement actions. As of this posting the MFDA lists 20 members out of 91 who meet the criteria. Twenty members of the MFDA may not have made sufficient attempts to prevent any further enforcement actions after the first sanctions, they’re promoting a compliance culture but may not be abiding by it.

Although there is evidence that there could be risk washing going on in the MFDA registration category, we really can’t make that conclusion. There is evidence that can indicate risk washing could be happening, however it is circumstantial at this point however, proper and appropriate research needs to be conducted. The proper research could identify a link between repeat offenders and risk washing, which should also include the other remaining registration categories.

Given your experience as a risk manager or compliance officer, is there risk washing going on in your industry?