Risk Culture – McGing Submission to the Hayne Royal Commission

In October, Sean prepared a submission to respond to the Interim Report of the Royal Commission into Misconduct in the Banking and Superannuation and Financial Services Industry. The submission offered some ideas on better understanding, and how to address, the failures on conduct as set out in the Interim Report. These ideas are based on insights from research with colleague Andrew Brown into Risk Culture over the past several years. The following extract covers one of three ideas suggested by Sean in his submission in October:

Idea to address areas causing this poor conduct

Structures, processes and systems intended to drive good outcomes can actually do the opposite.


Our organisations, especially our larger organisations are centres of complexity. Complexity created over time. Ultimately this was created by human beings who through the lens they were viewing, established processes, structures, policies and practices intended to create effective operations.

However, the unintended consequences of many of these systems has been severe. The following are some key examples:

Organisational structure

Large organisations typically have multiple levels of formal and informal hierarchies. Matrix management adds extra dimensions. Yet, these traditional corporate structures have inherent flaws – their hierarchies stifle autonomy, limit openness, and prevent the democracy of debate.

These can all have disastrous consequences from a risk perspective.

Risk and compliance practices

Compliance regimes focus attention on risks on the compliance list rather than taking a holistic approach or encouraging responsibility for wider risk management. As the APRA Prudential Review into CBA observed, these have often created compliance to a process rather than compliance to an outcome.

The three lines of defence model increases oversight. For the first line, this may increase complacency or reduce responsibility (someone else is looking at the risk and that’s their job). For example, we sometimes hear from risk officers how the first line may respond to lack of traction on a risk issue as a lower priority for them than the risk team.

Incentive systems

Incentive systems have often created conflicting goals and led to poor consumer outcomes. Unless incentives create an alignment between customers, providers and advisors, bad things will happen.

Conflicted remuneration incentivises the wrong behaviour. As human beings facing into these conflicts we haven’t proved to be ethically mature enough to adequately address this paradox.

What can be done?

Each of these challenges requires a deeper understanding of the systems we are part of. We must ensure any structural solutions we put in place (risk policies, organisational structures, incentive schemes) are fully aligned to desired outcomes, and potential consequences are carefully considered.

Structures and systems can influence and shape people’s sense of what is possible (their self efficacy) and their ways of working (can make collaboration easier or harder). Systems, structures and policies must carefully consider how these impact on people’s experiences and beliefs.

For effective risk outcomes, this will include systems and structures that

  • build confidence that people can safely speak up
  • encourage and reward effective outcomes
  • reinforce the importance of risk ownership and personal accountability.

We can assist you to understand and implement changes in governance, operational and risk management processes required so that your organisation can thrive.

You may wish to read the full submission or read a detailed paper or presentation on Risk Culture.