The case of the rogue trader Jérôme Kerviel in France in 2008 illustrates that bank risk management procedures are easy to circumvent. The trader, a former middle offi ce employee, had an intimate knowledge of the control and reporting systems of the bank Société Générale. That knowledge allowed him to adapt his communication, go around certain rules and feed the information system with bogus data.

Operational risk management systems have failed miserably in the case of Société Générale (which lost €4.9 billion), but also again a few months later in another French bank, Caisses d’Epargne, which
lost €75 million. Paradoxically, Jérôme Kerviel didn’t want to act at the expense of his employer, but to increase the profi ts of the bank and, as a result, increase his personal bonus. He didn’t try to deny his actions and declared that his line management tacitly encouraged his actions.

Lack of Communication

Operational risk management, a notion which emanates directly from the Basel II Agreements, does not only cover technical aspects. Actually, “operational risk is a non-fi nancial risk that is, however, very
much driven by both market and credit risks” explains Ioannis Akkizidis, senior fi nancial risk analyst at FRSGlobal Switzerland, a risk analysis consultancy, and member of the steering committee of Zurich Chapter PRMIA, an international risk management association. “Operational risk is measured quantitatively based on actual or potential fi nancial losses that it can or will cause.”

It should hence address the aptitude of the different departments of a bank to actively and openly cooperate. The different divisions report to the hierarchy explicitly and diligently. Unless ordered differently, they barely communicate with each other. And this fact has dramatic consequences. Some bank departments are building a corporate culture of their own, which considerably complicates communication. Little barons are enforcing a jealous power on their subordinates, blocking the circulation of information and creating additional sources of risks. In the case of trading desks, controllers often have to bypass the procedures when traders refuse to answer. The hierarchy backs the traders who are seen as an essential source of revenue – and, therefore, become the local divas.

Cultural revolution

“Being excellent in a subject does not always mean that you will deliver excellent results. It is necessary to apply some ‘consulting intelligence’ and combine professional knowledge with an understanding of the culture of the departments”, says Sohella Thuiner, Associate Partner at e3, an IT consultancy in Zurich. Banks have thus to undertake major changes. The fi rst one is a fundamental cultural shift, with the further revision of the bonus calculation. So far, the changes have been minor and heading towards less responsibility at the individual level. Then, it is necessary to redefi ne the operational risk to exit the logic of box ticking which fl ourishes in the American way of controlling.

Today operational risk produces “cathedrals of paper” whereas it is necessary to produce less and more intelligently, by introducing dynamic concepts and doing independent evaluations of internal procedures. “These different worlds cannot be forced to adapt to each other’s culture, but if they understand each other’s point of view, this will lead to a cost effi cient result”, states Sohella Thuiner. This implies an important shift in the perception of procedures which are now deemed to be secret, barely evaluated in their effi ciency and seen as a source of costs. According to Ioannis Akkizidis, “the analysis of operational risk, just like any type of risk analysis, should support the profi t of the bank: in other words, risk management, for the sake of it, should not be just an additional expense with undefi ned benefi t to the institution.”

Regulators could promote competition between banks to set best practices and share information to avoid the dreaded systematic risks. In fact, “more regulation alone will most probably not reduce the operational risk, but will defi nitely increase the costs of implementing operational risk management systems”, states Ioannis Akkizidis. Client data thefts from former employees, misbehaviour in conducting business, blatant and unresolved confl icts of interests are a few examples of what banks should address in their operational risk assessment.

The scale of the task is enormous, but there are a lot of entry points. “Using communication differently to produce less paperwork, while ensuring that the information fl ows formally as well as informally will enhance productivity”, says Thuiner. Up to 40% of the employees’ time is spent in maintenance and control of the quality of the information. These hidden costs are not factored in the loss of productivity of the staff.

A David solution to a Goliath problem

This means not only evaluating the human component globally, but also the ability of services to cooperate, as well as coordinate their action to avoid risks. Social rating comes as a potential fi eld of experiments. ESG (Environmental, Social and Governance) or SRI (Socially Responsible Investments) criteria have been in high demand as these criteria developed as a quasi-standard among a certain number of asset managers.

Employee diversity, fair remuneration and independence of risk management are part of the criteria of social rating. “Our theoretical and practical experience have taught us that a social rating can identify companies that run into problems long before fi nancials ratios confi rm that”, states Philipp Langeheinecke, partner at Finance-Doc which rates mutual funds. One year before its fall, in July 2007 Bear Stearns received a critical valuation by an ESG rating agency because of its unwillingness to manage environmental and social shocks (especially in the sub-prime sector).

The solution lies in the accentuation of the human side of the banking business. Solving human-related issues by reinforcing the human aspects of banking is not the least of the paradoxes which could help the “too big to fail” to get out of their colossal problems. After all, the small and nimble David has defeated the giant and weighty Goliath in the past.