We frequently speak with some of the most progressive executives and leaders from many of North America’s largest companies to glean their insights on how they are creating, managing, and measuring corporate culture in their organizations.
The following is the first in our monthly series, where we sit down with veteran banker Mark Caplan. Mark has spent 25 years in various executive and management positions at BMO, Scotiabank, and the Bank of Canada. He most recently served as the President of the Global Risk Institute (GRI), the preeminent source of ideas on the management of emerging risks and trends for financial service organizations. In our discussion, Mark shares his thoughts on the industry's current approach to risk, the need for better use of people analytics, and the distinction between risk culture and culture risk.
Receptiviti: How has the perception/conversation around workplace culture and risk changed throughout your career in the financial services?
Mark: It’s changed immensely since I started. When I began as a trader in the early 90s, there was no expectation that a company should adjust itself to benefit or attract employees. Every institution had its own culture, and people that didn’t fit in would leave. Financial institutions in particular had unspoken but uniquely strong cultures that were difficult to disrupt. Some people describe the prevailing culture in banking as a ‘locker room mentality’. I wouldn’t conceptualize it that way, but it certainly was male dominated. You had straight white men with alpha personality types running trading floors and trading businesses, and people who fit with that culture were embraced. But the concept of talking to your employees, assessing their engagement or stress, and fostering a culture that supports their needs, that’s all fairly new.
A lot has changed since then, some of which is attributable to the 2008 financial crisis. Prior to the financial crisis, transgressions were thought to be made by rogue traders. When an employee did something bad it was viewed as your company being tapped with the unlucky stick - you hired the wrong guy. But people started realizing that transgressions aren’t idiosyncratic, they happen a lot and in many cases they’re endemic. Now, having spent the year at GRI talking to CROs, CTOs, and governance professionals, it’s clear that culture is very much on the minds of senior regulators and big financial firms. People are realizing that culture can be a huge source of risk, as well as a huge competitive advantage if you get it right. This sense of ‘who are we, what makes us different, and what are our sources of risk’ – that conversation is happening everyday now whereas before it never was.
Receptiviti: What would you identify as the prevailing approach to people risk today, and do you consider it effective?
Mark: I’ll start by saying no, it’s not effective, but not because of a lack of desire or focus. I think the problem is a lack of tools. In terms of current techniques, you see a lot of things like employee surveys, whistleblower hotlines, and statements of mission/vision/ethics. I wouldn’t recommend against doing those things, but they aren’t sufficient for successfully mitigating risk. Large institutions with endemic conduct issues had all of those but were still vulnerable, so more advanced methods should be implemented.
The problem is not that executives don’t care about culture, it’s that most executives don’t know what to do about it. From a practitioner perspective, no one is really leading the way in terms of setting forward best practices. Companies don’t want to be led down blind alleys and, in some cases, they don’t even want to know what’s happening. The question becomes: do we want to know that we lost a billion dollars, or should we just turn our heads and keep doing what everybody else is doing? You’re getting a bit of a first mover problem. These things tend to travel in herds so if one person finds the secret sauce, everyone follows behind them.
Receptiviti: What would you suggest as a better approach to risk and culture management than what exists now?
Mark: I think that technology is the answer to better managing risk. Analytics can inform behavior better than anything else. Banks originally managed credit risk by hiring, training, and moving analysts up the ladder. Then, they started looking at analytics to examine things like portfolio diversity and expected loss, allowing people to better understand and adjust their risk profiles. Culture risk is the same in that it should start with using analytics to understand how your staff are behaving, so that you can change the inputs to create a better risk profile. It’s not just about finding misconduct, it’s about understanding this huge asset that you’ve invested in and being able to see how it’s performing. I can’t see any way to do so other than through tech-based analytics.
Receptiviti: How should risk culture play into a company’s larger workplace culture strategy?
Mark: I think people get the concepts of risk culture and culture risk confused. Risk culture refers to your approach as an organization to the assumption or the taking of risk. A good risk culture is one in which the existing incentives encourage people to take appropriate risks and discourage them from taking inappropriate ones. In contrast, a bad risk culture is one in which people get huge bonuses when things go right and fired when things go wrong, without consideration of why that outcome happened.
Culture risk is about the behaviours and norms within an organization. When the behaviours and norms are not what you think they are, when people are misbehaving or there’s misalignment or misconduct, it means you have culture risk. Culture risk is the responsibility of your CEO and board of directors, it’s part of the broader culture function. Conversely, your risk culture should be within the purview of your CRO. They are responsible for ensuring that your approach to risk – such as the incentives and deterrents that exist within your organization - is effective. Most CROs are required to have a view on things like whether people are being paid appropriately, if people are exhibiting the right risk culture, and if certain individuals should be sanctioned. It’s that independent risk function that directs the company’s risk culture.
Receptiviti: Senior officials in major Australian and European banks have said that changing their toxic culture will take up to 10 years. Are there ways that cultural change can be facilitated or accelerated that companies aren’t utilizing?
Mark: First, I have no idea how they could know the time frame that it would take to change their culture. It’s likely that they grappled with strategies to improve their culture and realized that it wouldn’t be an overnight thing, so they pulled a number out of the air and said it will take 10 years. If it was really an existential crisis they would get it done faster, and there are tools that would enable them to do so. But it’s important to understand that there are no solutions to culture or risk problems. A company's culture is never going to reach a point where its fixed or perfect, it just needs to be kept within a range that’s relatively safe.
In terms of expediting culture change, I think it starts by gaining a solid understanding of where your culture is currently, which requires the use of analytics. A lot of people get frightened by analytics because it’s uncomfortable to find out information about others. But my advice is for companies to start using them, because that information will help create conditions that better serve their employees. It’s similar to data science 5 or 10 years ago, when there were reams of data and people had to experiment to figure out how to use it. I would say that companies need to take the same approach with analytics - to start, see what they find out, iterate, and go from there.
Receptiviti: What would you say is missing from the current conversation about culture and people risk? What aspect(s) are banks failing to focus on that could be beneficial?
Mark: I think financial institutions tend to focus very heavily on misconduct as part of culture. A lot of the previous analytics have been around keyword searches to prevent misconduct like insider trading and conduct violations. I find this kind of sad because holistic culture analytics would allow leaders to identify areas for misconduct while also providing a much richer sense of what’s going on in the company. This would better position them to develop a culture that supports their objectives.
Whoever can foster a culture that effectively attracts, develops, and retains good talent will have a big competitive advantage. Goldman Sachs used to be that, they had a recipe for attracting and incentivizing the right people, which made them very difficult to compete with. We saw something similar with Jack Welch’s (of GE) approach, which focused on all aspects of people management from intake to progression and diversity of experience. The advantage that comes from getting culture right doesn’t last forever, but it does translate to a significant competitive advantage for a long period of time.