For those regular visitors to our Website, they will know that we take a keen interest in the latest news and information from the FCA. But for those of you that have been reading our articles for some time now, you will be aware that we occasionally sample the PRA as well, and in this blog, have we got a corker for you!
Very quietly (although I’m not sure why) the PRA published Staff Working Paper No 912 in early March. Not a title designed to entice the reader in, is it! But if you look a bit further you find that it is actually a research paper that covers Organisational Culture and risk in banks. It is a very interesting and worthwhile read.
The research considers whether organisational culture affects risk within banking institutions and to do this the PRA have reviewed statistical data from more than 150 banks over a 6-year period from 2014-2020. Now for those of you already shouting “you can’t identify an organisations culture from pure data” then please read on as I think that it is worth understanding what the research taught the PRA and then consider as regulated firms what that might mean to you in the content of your role in your regulated organisation.
The research identified two key initial findings:-
- Using “self-reported” culture measures, such as staff surveys and interviews, tend to be non-representative of the entire employee workforce.
- Using data gleaned unobtrusively without asking firms and staff specific questions tends to provide a set of indicators that can be relied upon because they are based on fact.
On that basis the research then went on to focus on “Unobtrusive Indicators of Culture” that were drawn from six particular data sources. It was noted that the data used came from three distinct bank types which were noted as; 1) domestic bank, 2) mutual (building society), and 3) foreign subsidiary of a foreign bank.
The six data measures that were identified and used for this study were:
- Data quality metrics (derived from regulatory return submissions)
- Diversity data (derived from the Approved Persons database)
- Customer complaint reports
- Whistleblowing referrals
- Reports of internal fraud cases and associated costsa
- Balance sheet and capital requirement information
Whilst we haven’t got time in this blog to examine each one in detail, we will leave you to do that when you read the full report if interested. We will however consider the data used in point one.
The PRA notes that as banks are required to submit regulatory returns to them on a regular basis, it is a good measure to consider what those submissions portray to the regulator. The PRA considered items such as errors in reporting, deadlines missed, how many days late submissions were made, how many days early submissions were made and fed all of these individual items into a much wider scoped cultural assessment.
It’s funny though, we’ve been saying for a long time that they way firms deal with regulatory matters ‘paints a picture’ and this research is a prime example of that!
The report goes on to consider each data source and, for each one, it notes key indicators within it. Once the full data was reviewed, the PRA then used this and “risk related items” within banking to try and assess which firms were likely to have more risks arising aligned to a poorer cultural indicator score. The PRA noted in the research that this additional dimension allowed them to consider the concept of “risk culture” as a sub-set of the wider topic of culture.
I know by now you are asking, “so, what conclusions did they reach?”
Well, there are many, but the closing words of the report reads as follows:
“Our approach might offer a blueprint for other sectors and other banking sector stakeholders, for example board committees tasked with monitoring the culture of their institution, or pension and investment funds with an interest in the organisational culture of the banks they invest in!
Now as a report ending if that doesn’t make it worth reading, then I’m not sure what will!
Using RegTech To Help Enable Culture Change
What’s the connection between something as ‘hard’ as RegTech and something as ‘soft’ as culture? Well, a great deal is the answer!
RegTech can help on several levels, but picking out just two:
- Deployed wisely, RegTech ensures the underlying processes that drive compliance run seamlessly. From simple things like providing timely and accurate returns that are required on a routine basis, e.g. bi-annual complaints return, to reporting ad hoc changes such as Senior Managers’ responsibilities and changes to staff in The Directory, the list goes on. Although appearing innocuous in themselves, these are exactly the kind of cultural indicators that PRA is referring to using.
- RegTech has a great ability to aggregate data, imagine a firm identifying its own internal cultural indicators, and then organising these data feeds into a Senior Manager/ Board dashboard that could give that cultural health check – now that would be interesting. Think even further, the PRA/FCA decide to visit your firm and want to see what your “culture is”, you can choose either the route where you have to try and find some evidence of what your measures are or some suitable “candidates” for them to interview, or you can give them a well thought out dashboard that says, in our opinion these are what we think we should be measuring, these are the results and this is what we are doing about it. I know what route I’d rather take………
I know that these examples are in the remit of the FCA, however, given the FCA’s headcount and the fact that they have around 50,000 firms to supervise, it’s reasonable to assume the FCA are mirroring the PRA’s use of ‘big data’ to predict firms with poor culture or are intending to.
Exciting times indeed!