The reputations of many of the world’s leading banks took a severe hit during the Global Financial Crisis (GFC). The widespread sale of risky residential mortgage-backed securities (MBS) and collateralised debt obligations (CDOs) ultimately led to the collapse of several prominent Wall Street names and imposed significant costs on the entire industry.
With global banks forced to write down USD 300 billion in MBS assets, many questioned what had caused the crisis to materialise and how future losses could be avoided. But the scandals continued, including rogue trading and market manipulation. As a by-product of these incidents, regulatory scrutiny intensified, with US and EU authorities alone levying USD 342 billion in fines on the largest 50 banks since 2009, a number we expect to top USD 400 billion by 2020.
The international regulatory framework has also been significantly strengthened since the GFC, underpinned by Basel III, the Dodd Frank Act, and the soon-to-be-introduced MiFID II in Europe, as well as a host of local legislative provisions. To comply with these regulations, banks have invested heavily in their compliance and control functions, with compliance spend at many firms more than doubling since 2009, with investments being made in additional headcount, technology enhancements, and the restructuring of risk and compliance departments.
It is widely recognised that the root cause of the GFC can be traced back to the banking industry’s high-risk, high-reward culture. Incentives focused on short-term gains, a tolerance towards unethical behaviour, and a lack of personal accountability, appear to have driven excessive risk-taking across the financial industry. We estimate this ‘bad behaviour’ has wiped off over USD 850 billion in profits for the top 50 global banks since the GFC in the form of write-downs, trading losses, fines, and additional compliance costs. If we also consider
indirect impacts such as goodwill impairments, increased funding costs, reduced business activity from reputational damage and credit ratings downgrades, and legal fees, this number is likely to exceed USD 1 trillion.
In response to heightened levels of regulatory scrutiny, leading banks have focused considerable attention on bolstering their ‘Three Lines of Defence’. However, actions taken to better manage risk since the GFC have mainly focused on lines two and three (i.e. risk and compliance, and internal audit). We believe many of these ‘remediation’ investments have been made at the expense of achieving meaningful change at the business unit level (i.e. the first line of defence). And it is not weak compliance measures or audit capabilities that have been behind this USD 850 billion P&L hit; it is bad behaviour and the absence of an effective front-line risk mindset.
If banks are serious about avoiding future fines and losses, we believe the solution lies first and foremost in developing a robust risk culture across the entire organisation. While inroads have no doubt been made to strengthen front-line accountability, including adaptations to governance and incentive structures, we feel an effective risk culture has failed to materialise across most firms. Many banks have also struggled to successfully shift the mindsets of their employees from rules-based to value-based behaviour, instilling a true sense of individual ownership with respect to risk. This problem is even more acute for many smaller, regional players.
We believe the most effective risk culture framework is one in which problems are addressed at their source; the first line of defence. Prevention, in our view, is always better than a cure. There is simply too much value at risk for such an approach to be ignored.
Menu
