Towards a New Age of Responsibility in Banking and Finance: Getting the Culture and the Ethics Right
Speech by Danièle Nouy, Chair of the Supervisory Board of the Single Supervisory Mechanism,
at Goethe Universität in Frankfurt, 23 November 2015
Ladies and gentlemen,
First of all I would like to thank the Institute for Law and Finance for their kind invitation and for organising this symposium. I very much welcome this opportunity to elaborate on what I think are, currently, some of the most important questions in banking and finance, namely:
- What ideas come to mind when we talk about “getting the culture and ethics right”?
- Who is responsible and what role do supervisors play?
I will start with an update on where we currently stand, before briefly introducing the tools at the disposal of the Single Supervisory Mechanism (SSM) to assess and address risk culture issues. I will then share with you our expectations as to what good practice entails. Finally, I will conclude with some thoughts about the way forward.
As we all know, in recent years, misconduct has had a profound effect on credit institutions across Europe and elsewhere, giving rise to numerous concerns.
Litigation costs can have a significant impact on an institution’s capital base; they can reduce a bank’s profitability, shareholder returns and confidence among fixed income investors; they also affect an institution’s reputation – sometimes irreversibly so; and finally, they can erode trust in the banking and financial system overall.
We are out of the 2007-08 crisis, but far from where we need to be in terms of risk culture. This means that we continue to place a great degree of importance on the role of ethics and culture in risk management practices.
New evidence of credit institutions’ misconduct is arising every day . Over recent years, we have seen how the non-binding nature of a substantial part of the corporate governance framework, based essentially on codes of conduct, has not led institutions to effectively implement sound corporate governance practices.
Culture and ethics are at the heart of banks’ decisions in terms of risk-taking and safe and sound management practices. This means that understanding culture – what one does “when nobody is watching”  – and ethics – the line between acceptable and unacceptable decisions – can help us to recognise, and even predict, some behaviours.
Focusing on this, as the title of the symposium suggests, marks the beginning of a new era of responsibility in banking and finance.
It is broadly recognised that the systemic implications  of misconduct are relevant for the banking and finance sector as a whole.
Misconduct has a direct impact in terms of losses. We can speak of the systemic nature of these risks taking into account not only the size of litigation costs and fines , but also possible externalities. According to the European Systemic Risk Board (ESRB), these could even lead to market impairment.  Nobody questions the contagion effects in terms of trust and the fact that banks might have lost part of their “social licence”  or the necessary trust to perform their function. In this regard, I consider the recent trend of including governance considerations when describing the functions of “financial institutions”  to be very telling.
Looking back to the first tremors of the crisis eight years ago, we have definitely made progress in terms of strengthening the resilience of markets and institutions.
Regarding markets, different initiatives, such as the United Kingdom’s Fair and Effective Markets Review, have been set up to address risks which might be inherent in some structures, such as obstacles to competition. In the European context, the establishment of the banking union and, in particular, the SSM, aims to rebuild trust in the banking system and promote higher standards in terms of risk culture.
You will recall that, under the Capital Requirements Directive (CRD IV), institutions are required to have robust governance arrangements; in other words, Member States should introduce principles and standards to ensure effective oversight by the management body, promote a sound risk culture at all levels of credit institutions and enable competent authorities to monitor the adequacy of internal governance arrangements.
Putting this into action is a key mission for supervisors. In 2009, when I was chairing the Basel Committee’s Working Group on Corporate Governance, I witnessed the influence governance issues had previously had in terms of defining and shaping international best practices. These issues continue to be at the forefront of the supervisory agenda, as we promote good practices in our dialogue with the credit institutions.
Let me now turn to the SSM, more specifically.
Although the SSM is not directly responsible for consumer protection, our role does encompass some elements of conduct risk, core corporate values and risk culture.
To fulfil this aspect of our role, we make use of our three main tools:
- first, our authorisation function, i.e. the process we run at the appointment stage;
- then, the assessment as part of the annual Supervisory Review and Evaluation Process (SREP), and, related to this, the ongoing thematic review of internal governance and risk management;
- and finally, if necessary, our enforcement and sanctions function.
Culture and ethics issues are people-specific. When significant banks make appointments to their management bodies, the ECB, together with the national competent authorities, assesses whether the candidates are of good repute, possess sufficient knowledge, skills and experience, have the ability to perform their duties without undue influence from others and the ability to commit sufficient time to performing their functions. Past behaviour is also taken into account, since experience has shown that past performance is a reliable indicator of future results.
After this initial assessment, the approved candidate’s behaviour is assessed as part of ongoing supervision. To this end, we incorporate information from different reporting tools. I will only mention two:
- Institutions are obliged to report “any new facts or any other issue which could impact the suitability of a manager” without undue delay.
- All citizens are encouraged to report any suspected breach of relevant Union law directly to the ECB through the breach reporting mechanism.
Corporate governance, values and culture are at the heart of the SREP, which makes use of specialised on-site missions, among other things.
This means, in particular, that risk culture is assessed from various interlinked perspectives:
- Starting at the top, board members must set the tone by defining an adequate Risk Appetite Framework, the so-called “RAF”, and governance arrangements, and they must promote an appropriate risk culture throughout their organisation. They must also promote individual accountability and transparency and align remuneration schemes to reflect these issues.
- In this context, we also assess the functioning and contribution of ethics committees in promoting core corporate values, ethics and behaviours.
- Regarding transparency and best practices, what we expect to see is internal, traceable records not only referring to the decisions taken, but also giving a flavour of the dynamics of the debate that led to each decision.
- Turning to accountability, we assess whether the institutions have fostered efficient communication at different levels, and whether they have adopted appropriate internal “alert procedures” so that staff can, in full confidence, draw attention to significant and legitimate concerns, including also matters related to internal governance. There is much literature on the convenience of having appropriate whistleblowing systems. 
- In addition to the tone from the top, the actions from the middle are equally important. As some episodes from the past have shown, a number of senior managers have become increasingly remote and not accountable for maintaining standards in day-to-day operations.
- Regarding the role of internal controls, we also expect an active and effective internal audit and compliance function to identify and prevent misconduct within the organisation and protect sound risk culture. We would certainly like to see the three lines of defence and internal control functions become part of the culture and corporate values.
- We are convinced that however good the RAF is, it will not be as effective as it could be unless there is also an appropriate risk culture. This means it must be cascaded down to the business lines and genuinely embraced and lived on a day-to-day basis.
- In terms of operational risk, we understand that it includes, but is not limited to, compliance, conduct, legal and reputational risk. We therefore assess whether the nature of the activities may increase the risk of future reputational damage and to what extent.
I would now like to draw your attention to some of our recent initiatives.
We are currently carrying out a thematic review on risk governance and appetite across the SSM. This review covers many aspects, such as the risk culture, composition and organisation of management bodies, decision-making, and how the RAF is implemented and possibly linked to the institution’s strategy and compensation system. This in-depth analysis, which is linked to the wider SREP framework, enables us to assess, among other things, the functioning of the boards and their capacity to include financial and non-financial risks in the RAF. It also enables us to develop an intensive dialogue with the banks under our supervision to understand their risk perspectives.
Furthermore, we are strengthening the way in which we assess remuneration policies and implementing the European Banking Authority’s rules on “identified risk-takers” and the impact of variable remuneration and discretionary dividend distribution on the sound capital base. We see incentives – both financial and non-financial – as having a critical role, since their misalignment with business and risk culture objectives is at the heart of misconduct.
With regard to material risk-takers, we are considering making use of less conventional tools and techniques to improve our understanding of the behavioural and personality aspects of the risk-taking activities and of the dynamics of specific boards.
Regarding misconduct in general, we understand the importance of having accurate information about open cases which could pose a credible threat to the profitability and viability of banks supervised under the SSM. For this reason, the ECB has recently sent out a questionnaire to the largest banks it supervises with a view to obtaining more information about large conduct risk cases.
Regarding the role of the enforcement and sanctions function, on the basis of pre-emptive, not reactive, supervision, we prefer to take into account risk culture and ethics as part of the ongoing supervisory cycle and not as one-off issues. The fact that the ECB’s supervisory toolkit is complemented by dissuasive pecuniary sanctions which, as a general rule, will be published on the ECB’s website, conveys a clear message to the banks regarding our expectations in terms of compliance with regulatory standards. Financial sanctions imposed on firms to address unethical behaviour are therefore unlikely to be seen as merely part of the cost of doing business, because they also have a significant reputational impact. Finally, in banking supervision, we move far beyond a passive assessment of compliance with the rules. As Federal Reserve Board member Daniel K. Tarullo said in October 2014, “what we want to see is good compliance, not mere compliance” .
Let me now try to draw some conclusions. Taking this forward is not an easy task. This “soft” topic is definitely a “hard-to-get-to” one. Following IMF Managing Director, Christine Lagarde , all good principles and intentions on ethics and culture will only be effective if there is buy-in at the top. Another key element of a healthy risk culture is for staff at all levels to be familiar with, and understand, their bank’s core values and its approach to risk. Furthermore, the bank must ensure that staff are capable of performing their roles and are fully aware of their individual accountability with regard to the bank’s risk profile.
Culture and ethics are no longer an afterthought. We have indeed seen some encouraging signs of changes in terms of culture and ethics, but we are still a long way from the end of this journey. As the G30 document shows, some firms are further along this path, whereas others have barely set off, or are trying to change but are so far failing.
We remain committed to enhancing the dialogue and taking an active role in supporting the development of guidelines, best practices and more standardised codes of conduct and ethics.
We will maintain an open and frank relationship with the boards of the banks under our supervision, helping them to live up to the highest international standards. In particular, a board should be in a position to assess its role through regular self-assessments, evaluating on the basis of traceable facts the extent to which “the tone is walked”.
There is no “one-size-fits-all” approach and firms should define what culture and ethics mean in the context of their own business. As the IMF clearly states in its October 2014 Financial Stability Report , financial and non-financial incentives should support and be consistent with the firm’s core values. Achieving this alignment is about firms understanding the positive impact of good culture and ethics on their risk profile and the sustainability of their business model. Finally, one should bear in mind that accepting responsibility for high standards is not the same as mere compliance in the sense of box-ticking.
Having said that, SREP assessments will continue to take into account the impact of potential misconduct, which, in turn, may lead to enforceable measures. We also consider that misconduct costs, if relevant, should be included in future stress tests.
All in all, much progress has already been made. But we still have a long way to go and there are many issues on which we can exchange views – as I am sure we will in our subsequent discussion.
Thank you very much for your attention.
See 2014: the year of banks behaving badly, The Banker, December 2014.
See BANKING CONDUCT and CULTURE: A Call for Sustained and Comprehensive Reform, Group of Thirty, Washington D.C., July 2015, p. 17.
See Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, Financial Stability Board, 7 April 2014, p. 3.
The cost of litigations for EU banks amounted to €50 billion, representing 0.3% of the EU economy in 2014. The data are taken from the Report on misconduct risk in the banking sector, ESRB, June 2015, p. 12.
ibid. pp. 6-7
See Building real markets for the good of the people, Bank of England, 10 June 2015.
See Levine, R., (2005), “Finance and growth: theory and evidence”, Handbook of Economic Growth, Vol. 1A, Chapter 12, pp. 865-934.
In accordance with Article 71(3) of the CRD IV, institutions must also have in place appropriate procedures for their employees to report breaches internally (i.e. “whistleblowing”) through a specific, independent and autonomous channel.
Speech given by Daniel K. Tarullo, Board of Governors of the Federal Reserve System, at the Federal Reserve Bank of New York Conference, “Reforming Culture and Behavior in the Financial Services Industry”, New York, 20 October 2014.
Speech given by Christine Lagarde, Managing Director at the IMF,’ The Role of Personal Accountability in Reforming Culture and Behaviour in the Financial Services Industry”, NY Fed, 5 November 2015.
See IMF Global Financial Stability Report: Risk, liquidity and shadow banking, page 115, IMF, Oct 2014