In a previous article we talked about the need for compliance officers to transform from a passive and reactive function to a strategic and critical one.
As both ASIC and The Commissioner, the Hon Kenneth Hayne QC proved, managing non-financial risk needs a compliance function with a strong voice (and the insight and the courage to help guide and govern their business).
In fact, even despite APRA’s loss against IOOF over directors duties the continued focus on corporate governance practices and risk-management continues to identify significant shortcomings in the corporate governance practices of many large financial services entities.
APRA has already cut ASIC to the chase and observed in their report on industry self-assessments into governance, culture and accountability. In what some may consider to be APRA’s “unpersuasive’ and ‘fundamentally inadequate‘“view, most organisations manage financial risk in a less than optimal fashion; often relying on a compliance function that lacks authority, capability and a strong voice.
To address these deficiencies, Licensees need to embrace compliance as a strategic and critical function. Licensees need to invest in their compliance team with authority and help them to develop or refine strong technical and leadership skills. In addition, they need to build on their experience and be encouraged to:
- Have an active voice and be curious and able to maintain a healthy scepticism
- Be laser focused on the “why” and possess evidenced based problem-solving skills
- Use insights and values driven judgement to provide guidance and approve and accept decisions to business leaders
- Know and understand the business climate and context
- Act as a customer advocate and maintain a focus on the end customer to ensure the business acts in the interest of customers and communities
- Act as a credible partner and build and maintain relationships based on trust
“Curiosity killed the cat
Sometimes I think I’m just a crazy cat,
Running around don’t know where it’s at
Getting confused with my way of life,
That’s when you say now you cut that jive.”
— Little River Band, Curiosity (Killed the Cat)
In the current environment, more accurate lyrics would declare “the lack of curiosity killed the cat”.
It may not have been obvious from the Royal Commission, but a sustainable Licensee needs an effective Risk and Compliance Officer. An effective Risk and Compliance officer, needs to be curious and willing to ask the (difficult) questions, to be willing to look beyond the obvious and be courageous enough to express dissent.
Now I’m not completely naïve, I realise many organisations prefer their risk people to be sedate, content and amiable. They want house cats who understand who feeds them and the importance of staying off the couch. I’ve often wondered whether some organisations purposely hire compliance people that “look the part” but lack the capability, curiosity and experience to do their job. I’ve heard enough horror stories of management replacing effective compliance officers for ‘more commercial’ alternatives.
We have all seen the results of these decisions – disasters brew quickly – and, golden parachutes aside, there’s no real benefit of inadequately managing non-financial risks. The Royal Commission, and the resulting regulatory and ongoing litigious action, shows that even the best PR can’t compensate for poor compliance.
If you’re a real Risk and Compliance expert, how do you develop the essential skill of curiosity?
In my view, it’s all about the relationships we build; the conversations we engage in and facilitate; in knowing ourselves, our strengths and limitations and our keen willingness to ask questions.
It’s also about the people with whom we associate.
Testing, thinking and asking
According to Peter M Senge’s The Fifth Discipline, most of the time we engage in conversations with system 1 type of goals, these confirm what we think we know, and affirm our self-image. This approach protects us from harm, from the fear of being wrong, from looking bad or losing.
To be curious is to engage in system 2 conversations, which is about having a deliberate, non-judgemental, non-defensive, open minded exchange. To do this, you need to agree that beliefs are not fixed, or final and be open to modifications, not to confirm what we believe.
System 2 conversations require trust and mutual respect. It is about seeing wholes, a framework for seeing interrelationships rather than things. When working with or in a business, you need to be able to see the whole ecosystem in which the business operates, the services and products it provides, the jurisdiction it works in, and the alignment to risk appetite and risk tolerance.
It follows that a curious mind, would also fiercely pursue the “why” before moving to the “how” and offering evidenced based solutions to problems, whether it be through the law, regulations and precedents.
Asking the “why” question, equally relies on system 2 capabilities and seeing interrelationships rather than linear cause-effect chains and seeing processes of changes rather than snapshots. It asks you to approach your life creatively rather than reactively.
Simon Sinek suggests that you should become obsessed with the why questions and the role it plays at the centre of every single business activity. As compliance professionals, it might be useful, next time you sit with your business and you are advising on a risk in change event, or otherwise, follow Simon’s approach and find out:
1. What exactly the business is trying to do
2. How they are going to do it
3. Why they want to do it
Once you are clear on the why, this is your chance to shine and use your values (which should align to the organisations values); your learnings from risks issues and root causes; your foresight and extensive knowledge of the business and industry context.
Use insights and values driven judgement to provide guidance and approve and accept decisions to business leaders in a commercial and regulatory environment. To some extent you might revert to autopilot mode and engage in system 1 thinking, where you react and affirm what you think you know. In some cases, this is appropriate, however sometimes slowing down and being more deliberate may be a better course of action when solving complex problems.
In Arie de Gues’s book, The Living Company, organisations like Shell, are shown to engage in scenario planning, where they get their employees to discuss the unthinkable. Through techniques such as telling stories of the future in the context of their own perceptions of the present, people can open their eyes to developments which in the normal course of daily life are unthinkable. Fundamental problems, as Einstein once noted, cannot be solved at the same level of thought that created them. It is particularly important when engaging in scenario planning, that the customer is front and centre.
In the Fifth Discipline, it states that business is bound by invisible fabric of interrelated actions which often take years to fully play out the effects on each other. The Royal Commission show cased several interrelated actions which ended up playing out in a very negative and detrimental way. I wonder if more organisations engaged the “Shell” approach of scenario planning, whether we may have seen a different and more positive result.
Curious, courageous and capable
““The reasonable woman adapts herself to the world: the unreasonable one persists in trying to adapt the world to herself. Therefore all progress depends on the unreasonable woman.””
— George Bernard Shaw (more or less)
Effective compliance people exercise their agency despite the real and ever-present the risk of being labelled ‘dramatic’ or ‘difficult to work with’. To provide insights and judgement, and to build a sustainable business, you need a deep understanding of your business, its strategic objectives, the current climate, anticipated changes and future, products, services processes and customers.
Often the customer is seen as being at the end of the chain of value, when in fact, they should be at the start. Understanding the customer and walking a mile in their shoes was such a seventies and eighties phenomena, where you pretty much did everything to understand, have empathy for and please the customer. We seem to have devolved in 2019, and customers are often considered as an after-thought. In fact, I’ve heard it argued that, in some respects, that once clients became an abstraction to the Licensees that served them the foundation for endemic mismanagement was laid.
Thankfully, there’s a real opportunity and a pressing need to focus on governance and the effective management of non-financial risks. It requires organisations to change but also requires compliance and risk professionals to commit to their own change and development.
It won’t necessarily be easy.
If you would like to develop your non-technical skills and enhance your ability to communicate and question, come and speak to us.