Financial institutions are investing heavily in risk management in a bid to avoid the massive fines handed out since the global economic crisis began

Many financial institutions around the world are beginning to put a large focus on expanding their risk and compliance departments. This is a reaction not just to the financial crisis, but the mounting fines that are being levied on these institutions. It was recently revealed that since the financial crisis, JP Morgan has spent more on lawyers and fines than on its core resource – its people.

To halt the rogue activities that have landed so many banks into such trouble recently, their senior managements are investing heavily in risk management systems. They have increased their spending on new technology as well as new staff. It was recently revealed that the UK’s financial regulator, the FCA, has been finding it difficult to hold onto its staff as the large banks poach them for their own expanding risk management functions.

Most of the revenue-generating parts of banks now come with large risk and compliance teams. The strategic thinking appears to be that more risk and compliance people on staff will help prevent the kind of financial misadventures with which the banks have recently become associated.

In many ways this renewed focus on risk within large banks has been welcomed. It ensures that these institutions have a better understanding of their exposure to risks within the market. It also helps to pre-empt the kind of dangerous behaviour that led so many banks into disastrous positions in the wake of the financial crisis. The risk function should also help preserve a more cautious approach to business. This is likely to make banks safer but also potentially a little less profitable. But the really big strategic question that the boards of banks need to ask themselves is whether employing more risk and compliance officers and putting into place expensive new IT systems will stop the next rogue trading or market manipulation scandal?

The answer to this question is far from clear. Typically, financial crises tend to direct banks to adopt a more cautious and risk-conscious approach for some time after. For example, following the savings and loan scandals in the US during the 1980s, many of the banks put in place more developed risk functions. But as the economy began to pick up again, many of these hard-won lessons were forgotten and risk functions bypassed.

The result was that trading teams began to have greater degrees of freedom both to make money, but also to make mistakes. The upside was staggering profits. The downside was often staggering losses in the form of fines.

Functional stupidity

There is a significant likelihood that much of the investment in risk and compliance within the banks will only last for a short time. When the economy picks up again, it is likely that the strategic priorities of firms will change with it. When this happens, making money and being entrepreneurial may return to the agenda. The result will be that all the investment in risk and compliance may be overlooked. Then we are likely to see the same kinds of scandals that have blighted the sector’s past few years.

The big banks must ask themselves how they can ensure that the current heavy investment in risk and compliance remains sustainable. New personnel and systems are important. But transforming the wider culture and routines of these institutions is probably more of a priority.

A wider risk culture needed

Many studies of rogue traders show that all too often it is the informal organisational and institutional culture that allows bad behaviour in banks to happen. Putting in place systems without addressing these cultural issues is unlikely to change anything. If banks are serious about risk, they need to develop a wider risk culture.

To begin to build such a culture, firms must be ready to tackle the lack of critical thinking that characterises so many of our largest institutions. From our own research on knowledge-intensive firms, we found that many organisations were dominated by a culture of functional stupidity.

This is not about having a low IQ. In fact, many of the firms we studied prided themselves on employing the best and the brightest. What was so striking is what happened once these smart people began working for the firm.

When they came into the organisation they were encouraged not to use the thinking skills they were hired for. We found employees were encouraged to not think about the ultimate results of their behaviours, to avoid giving – and asking for – justifications of behaviours, and not to question widespread assumptions. Managers would encourage employees not to think, and simply focus on taking action. The mantra seemed to be ‘don’t think, just get something – anything – done’.

Because the people working in these companies were smart, they quickly learned this lesson and self-censored their critical-thinking capacities. The result was that within a few months even the more critical and questioning employee became a thoughtless action taker.

Explosive issues

But perhaps the biggest surprise from our research was that this kind of thoughtlessness actually helped companies to function. By not asking too many questions, we found that employees were freed up to get the job done and deliver on time.

Furthermore, it allowed companies to avoid conflict and awkward conversations that would lead to bad feelings within the organisations. Finally, it helped the organisations to maintain a relatively coherent image as successful and action orientated firms. Being ‘thoughtless’ also brought some significant benefits to individuals. It allowed them to make relatively smooth and impressive progress within the firm. It helped employees avoid tricky and potentially politically explosive issues. It also allowed them to avoid seeing any of the more unpleasant results of their action.

But this widespread ‘functional stupidity’ was not all good news.

In many contexts it would lead individuals and indeed whole organisations to make minor mistakes and to overlook important errors. This is OK at times. But when several mistakes are overlooked, they can quickly build up and lead to large-scale disasters.

It was only when these disasters – such as rogue trading scandals – happened that the organisation was pushed into thinking in a more rounded and critical way. And it was only following these disasters that firms began asking bigger questions about assumptions, justifications and ultimate goals. But often this broader thinking came too late.

The lesson from firms thinking about risk and compliance is that to prevent disasters, it is necessary to create space and processes for broader critical thinking in firms. Employees should be systematically encouraged to question assumptions, ask for and give justifications for their action, and consider the result of their own as well as others’ actions.

Doing this is likely to mean there is more conflict within the firm and that getting things done takes a little longer. It will also mean that individuals need to risk articulating what can often be unpopular opinions. But it will help organisations to spot small problems before they become large disasters.

What is more, no amount of risk officers or IT systems can ensure this happens throughout the company. It is vital to establish a critical-thinking routine as an important part of how business is done daily. A little questioning and critical thinking will go a long way to making banks safer and to better serve the needs of society.

Andre Spicer, professor of organisational behaviour, Cass Business School