Leadership Conduct and Organizational Risk

A Great Conversation 2017 Monthly Speaker Review

In 2011, the International Network of Women in Emergency Management (inWEM) hosted its International Women in Homeland Security and Emergency Management Hall of Fame induction ceremony. It honored women who are pioneers and leaders in the fields of homeland security and emergency management in local, state, tribal and federal governments. Each one of the inductees were known for promoting a culture of preparedness for safer, resilient, and sustainable diverse communities.

Annie Searle, a Great Conversation in Security keynote, was one of them.

Annie Searle at The Great Conversation in Security 2017

Annie Searle at The Great Conversation in Security 2017

Annie’s presentation was entitled “Using Conduct Risk to Link ERM and ESRM to Organizational Value.” She began by addressing the fact that the intersection of people, processes, systems and events can ultimately elevate risk and/or financial loss. This intersection works within a values framework that ultimately is anchored by the words and actions of the leaders of the organization.

Since the intersection of risk and opportunity represents the value equation for an organization’s executives, the values framework is put to the test in the strategic planning, communication and performance management of the executive team. Actions speak louder than the values framed on a wall.

CEB, a best practices insight and technology company, used as a data source by Annie, stated that 40% of misconduct observed by employees goes unreported. Of those that are reported, only 17% will find their way to a compliance and ethics office. This is disturbing; especially when the projected costs of misconduct are $5.4M for a single privacy breach or $188 per record and 5% of annual revenue for a single instance of fraud.

If the risk is frightening, the opportunity loss is staggering. CEB reports that higher integrity companies outperform in shareholder returns by 16.2%.

Why do leaders set the tone? According to Annie, there are three causes of conduct risk:

1.           Monkey See, Monkey Do. Employees will model the tone at the top

2.           Culture. Employees practice what leaders preach

3.           Conflicts of Interest. There is a general lack of supervision and gaps in ethical controls.

Annie believes the word “tone” needs to be more understood. She cited a 2016 Ponemon Survey that described tone as “a term used to describe an organization’s control environment, as established by its board of directors, audit committee and senior management. The tone at the top is set by all levels of management and has a trickle-down effect on all employees of the organization. If management is committed to a culture and environment that embraces honesty, integrity and ethics, employees are most likely to uphold those same values. As a result, such risks as insider negligence and third-party risk are minimized.”

From this we know that employees pay close attention to the verbal and non-verbal responses of their bosses. Procedures manuals take second place.

Regarding culture, Annie cited the 2016 U.S. Financial Industry Regulatory Authority:

“While firms may have their own definition of ‘firm culture,” we use it here to refer to the set of explicit and implicit norms, practices, and expected behaviors that influence how firm executives, supervisors and employees make and implement decisions in the course of conducting a firm’s business.”                 

She then showed several corporate brands and asked the security professionals in the audience what they believed the tone at the top valued and how it influenced the culture. Many of the brands were icons of the Pacific Northwest.

Finally, with “conflicts of interest”, Annie referred to the classic Oxford Dictionary definition:

“A situation in which a person is in a position to derive personal benefit from actions or decisions made in their official capacity.”                 

This is where self-interest meets opportunity without attention to a values framework. She broke conflicts of interest into non-financial and financial categories. Examples of non-financial interests included career advancement, publications and reputation. Financial interests were direct and indirect.

In a 2012 report by Labaton Sucharow, a law firm that prosecutes precedent-setting class and direct actions, recovering billions of dollars on behalf of defrauded consumers and investors, where they interviewed 500 financial professionals from the U.S. and U.K., they found that 22-25% believed they needed to behave illegally or unethically to get ahead. 16% would commit a crime like insider trading if they believed they could get away with it. 94% would report misconduct if it could be done anonymously, protected their job, and they could receive a monetary award. Annie’s point, without an actionable governing values framework, and a culture of reporting misbehavior, misconduct will likely occur.

To reduce conduct risk, Annie recommends the following:

  • Review the corporate values/vision statements
    • Create a statement of values that points to desirable behavior, not a marketing slogan.
  • Create/review the code of conduct
    • Put a real communications program in place, with storytelling around behavior.
  • Incentivize employees to do the right thing
    • Recognize when employees and teams do the right thing. Protect individuals from retaliation.
  • Build a fraud and misconduct plan
    • Train employees on how to report misconduct or fraud.
  • Create your own whistleblower program 
    • Guarantee anonymity, employee protection and a monetary award.  Self-report without retaliation.
  • Ask your senior leaders to reinforce ethical conduct with their own performance
    • Walk the talk. “I was wrong.”  And/or “Thanks for your insight.”

Please feel free to reserve your seat for The Great Conversation in Security here