Blog

Good People Behaving Badly
25August
Good People Behaving Badly 4866 Comments | By

I have firmly held, for as long back over my 35-year career that I can recall, that the biggest challenges, issues and events in Risk Management come down to People; fear, greed, and ego drive the behavior of traders, transactors, and managers often precisely in those situations where economic rationality and discipline are desired or presumed. There is no such thing as a perfect storm: headline events are simply about total unpreparedness meeting full-blown opportunity to be completely exposed; risk-identification, assessment and measurements fail in the extreme cases and in abnormal markets; the accompanying monitoring, managing, and governance aspects are completely thrown to the mercy of people and their vested interests and behavior.

Bad people – and you should expect to find some in any given grouping of individuals – will and do of course behave badly. Chaos ensues when good people behave badly. Modern behavioral-finance explains the more benign elements of this – for really eye-popping examples of both the naïve and malign kinds, look no further than the historical distributions of large losses.

In the early nineties, Citigroup developed the much-touted Windows On Risktracking 14 distinct risk factors: client credit worthiness; industry; product; obligor (debtor) concentrations; global real estate; country; counterparty trading; price, interest rate, exchange rate and commodity; liquidity; equity and debt; distribution and underwriting; legal; audit; and technology risk. In a 1994 meeting at Bahrain (I was Treasurer) with its architect Bill Rhodes, I argued strongly to include People Risk in there – that was quite summarily dismissed …it was not until the Nick Leeson case at Barings and the advent of Basel II (with the definition and taxonomy of Operational Risk), that “People” became finally codified as a key risk factor in financial services. Look at the High-Severity end of the Operational Risk categorizations – Internal and External Fraud, Unauthorized Activity, Clients, Product & Business Practices … it is all about people. High-frequency events … including processes, systems, execution fails … have never sunk firms or markets in themselves. Bad people – and especiallyGood People behaving badly – have, do, and will. I first coined, in 2004, the phrase Conduct Risk to deal with this end of the OpRisk spectrum

Over the years I have yet to see an institution that does not say “our people are our greatest assets”… but am still searching for the So-What. I asked a firm once to show me its Risk Management strategy across People. There was bemusement. Another said, oh it lies in our Culture …ah, that thingamajig … the ultimate resort for the perpetrators of abstraction and obfuscation … no, no, they said, it is about how we do business, the values we propagate, ethics blah blahblah. Fair enough. How about Trust But Verify, the incentive structures (much pontification and cuteness on this post-crisis), maker-checker mechanisms, two-person occupancy in sensitive areas, access-controls, reconciliations, confirmations, query and challenge, unshakable boundaries defining the unacceptable, mandatory absence periods, training, certifications, zero-tolerance against conduct & ethics violations, formal HR processes (does HR even have a seat at a meaningful table?) …

1989; I am head of Market Risk for North Asia based out of Hong Kong. We hear of the entire trading-room planning a big lunch to celebrate a windfall profit made by a senior trader. One of my people says this trader had doubled up on an already large bet, hidden some exposures, broken his trading limits, bust his stop-loss lines … but all ended well with a huge gain. I walked down to the head of the trading room (big guy, much revered for his toughness, and addiction to the bottom-line), and protested the event, the person, his actions … and the celebration. He said, come to the trading room when we are back. As this big group trooped back in to the room after lunch, the Treasurer turned around to the trader, and said “Thank you for the fantastic profit, you are fired” (no, this was way before ‘Apprentice’!). Shock and awe around the room…and my eternal respect for the senior concerned. No limit was ever broken in the three years after this that I was there.

There are several interesting cases in recent history of course related to Rogue Trading, including the quiver-inducing events at SocieteGenerale (Roger Kerviel) and UBS (KwekuAdoboli) … not to forget Madoff and LIBOR and on and on. I have been directly involved in analytical and remediation efforts in several such situations; Board and Management demand has always included a) tell us it cannot happen here, and b) we need to reiterate zero-appetite for these. My first slide and its opening bullet-points … “this can happen to us, this does happen to us”… has always caused consternation and disapproval. I have argued that to say you have “No Appetite” for such bad behavior is simply living in denial, burying your head in the sand, defaulting to hope and prayer, not accepting the realities of bad and good people in your midst, not realizing that bad behaviors and critical times necessarily have (the otherwise inept) post-hoc ergo propter hoc (“after this, therefore because of this” i.e. if A precedes B, A must have caused B). A non-zero appetite is in face implicit in being open for business with people as a resource. Perfect storms do not happen; they are carefully assembled and implemented … when your unpreparedness meets the right opportunity, and your people are game for it, even as your structures, systems, and governance mechanisms have swiss-cheese elements with the holes neatly lined up to let anything through.

So What? Start with explicitly acknowledging that bad things will sometimes happen, even if your mechanisms are best-practice and robust (or so you think). Prevention is an entirely correct and mandatory goal for the top-down messaging and policy diktat; But… it behooves the operating part of the organization to as much embrace and act on the “Catch it Early and Keep It Small” goal. Once you accept this, defining and putting structure to Risk Appetite follows quite easily. Go back through every major accident and event in financial market history (and even broader …from the Titanic to many other natural and man-made disasters). Prevention in some cases was not possible, and in others simply did not happen. But time and time again, organizations that proved resilient exhibited the fundamental ability to catch the issue before it festered and snowballed into something beyond what balance sheets and capital (and the system as a whole) could sustain. They had the detective and forensic abilities that provided the safety-net. They very quickly caught the smelly stuff, unusual p/l, conflicts of interest, trade-tickets in the drawer, fudged accounts, system accesses, fake reports, collusions, violations of confidentiality, doubling down on bad debts, unwillingness to accept the smaller losses, the disregard for limits and boundaries, cooking of client books …all of which help to conceal and clinically exacerbate the original problem (in retrospect small and simple, if the “culture” allowed recognition and acceptance early in the sequence)…  Without the early intervention, it all becomes too difficult to camouflage and conceal and keep under wraps any more. The lid of the pressure cooker blows. For want of nails, kingdoms are lost. And the rest becomes history. RIP.

I have a last point here in this long sermon. There is a tendency not to ask questions when things are going well, even too well. And there is a tendency to slump and withdraw when things are going badly, even too badly. When someone makes large and unusual profits, ask How they did it. When someone has made a large loss or fallen well behind budget, ask What might he do to try make it up… watch the large gains and the large losses – bad behavior is lurking there, waiting for opportunity to manifest.

Amen