The way things are supervised, managed and done dictates the success of an organization. A sound system of internal control with an effective and balanced Board of directors will govern the act of professionalism and discipline. However, this alone is not enough to keep the spirit strong, it requires a strong sense of belief in the compliance and risk culture as a guiding principle to perform the duty. This paper, inclusive of change management process to restore the reputation and turn around financially, will critically examine and address the root causes of the high profile failings in the previous five years of BBB Bank Sdn Bhd, building on the revised future structure of Board of Directors, a sound system of internal control and appropriate regulatory compliance and risk culture.
Over the past five years, the bank has been facing with a number of critical ethical and regulatory failures involving mis-selling scandals due to inappropriate marketing strategy, losses arising from the unauthorized activities of the executive, adoption of a casual approach to provisions for bad debts and a few instances of regulatory breaches. It has resulted in financial loss and reputation risk to the bank that required immediate remedies from the newly appointed CEO, Ahmad Sallehin.
According to The Fraud Triangle theory, fraud happens when there is opportunity, motivation or incentive and rationalization or attitude to do so. With that, the situation in BBB can be analyzed as per below:
1. Opportunity: a high level of discretion power is given to sales executive without proper risk management framework. This allows room for the employees to behave undesirably without the organization’s notice.
2. Motivation or incentive: there is a silo approach to internal control system in BBB of which the focus is only on financial aspects and disregard the importance of non-financial aspects of the organization. It forms a basis of performance management that the staff were rewarded well on the basis of sales value and volumes only; which mislead them to perform whatever necessary just to meet the number, leading to short-termism and manipulation of the results.
3. Rationalization or attitude: it was wrongly set from the top level management that the non-executive directors put entire focus on profitability and financial aspects only. This was escalated down to the ground people and sales force leading to “cavalier” attitudes to customers. Together with a lack of code of conduct, the employee tends to rationalize their misconduct by thinking that “everyone can do it why not me”. Ultimately, the organization will fall into a vicious cycle of ethical issues causing a number of regulatory breaches.
With above circumstances, BBB is prone to reputational risk of losing public trust and attractiveness to customers, operational risk causing business interruption, compliance risk and finally strategic risk due to the fact that the direction from top management fails to improve the business performance of the bank. This will invite a much more scrutiny from the regulatory and governing bodies as the bank is operating based on trust.
Following the board’s direction and determination to restore the bank’s reputation as quickly as possible, it requires a proactive solution to address the current issues and turn around to survive and prosper. The below solutions are proposed:
1. To set up a more effective and balanced board structure: according to the corporate governance framework, the responsibility of the board is to ensure the success of strategic guidance to deliver satisfactory performance with effective monitoring and supervision. As mentioned, there is a poor leadership in board level which required continuous review on the NEDs’ willingness, devotion, knowledge, skills and competencies in performing the role.
According to Higgs Report, the role of non-executive directors should perform include:
• Strategy: to commit in providing strategic initiatives to operate the business.
• Performance: to scrutinize the performance in all aspects.
• Risk: to satisfy themselves with the integrity of the reporting, internal control and risk management framework in robust and defensible manner.
• People: to be responsible for the performance management and recognition to executive management team to ensure that the right tone is being set and escalated to the ground level.
For the interim solution, the NEDs shall be re-engaged and communicated about the bank vision and mission with the reminder that they should cover other critical aspects not just financial performance of the business to restore the current situation and re-enforce their role and responsibility. Moreover, since the three of the non-executive directors would be retiring from the service in the next 18 months, there is also a need to have a proper succession planning to appoint the new NEDs with the right skillsets and competencies, aligning with the organization vision and mission.
In addition, as per Governance Code 2012, one of the characteristics is to have a formation of committees including audit, risk, and nomination and remuneration committee with the right competencies and independence. This will bring about a more effective and balanced board to ensure that the focus will spread across key business aspects mainly financial and non-financial performance indicators.
With the right set up of all committees and commitment to perform the role, the future board structure is expected to be well framed and executed in delivering the success of the organization.
2. To develop a sound system of internal control: it is designed to detect, correct and prevent any issues and fraud cases in the organization. There are a number of control procedures required urgently to solve the current issues as followings:
• To create authorization and approval limit: a proper authorization matrix is to be developed covering the responsibility and accountability of each approving party. However, it is to be governed by the bank risk appetite to ensure that the bank is protected to the tolerance level. The matrix shall be duly approved by all relevant committees including audit and risk to assure that it is subjective and fairly represented based on the hierarchy, competencies and accountability of the approving party.
• To have a clear segregation of duty: a standard operational procedure (SOP) shall be developed to guide daily operations. The SOP shall include the steps to perform specific job ranging from sales to operations with the appointment of data entry, maker, checker and reviewer as the control activity. By having a clear segregation of duty, it reduces the opportunity to commit fraud or unauthorized activities as there are many stakeholders being involved.
• To have arithmetic and accounting control: for the preparation of financial statements, there should be maker and checker to ensure the compliance of financial and accounting standard and accuracy of information. As mentioned, the provisions was wrongly presented in the instance of bad debts. The issue derived due to the lack of the attention and knowledge; however, if there were a check/reviewer, the issue would have been detected and corrected earlier prior to the detection by external auditor or general public.
• To develop performance management framework: a mis-guided performance management will result in poor attitude. By purely focusing on financial performance indicators, some ethical issues may occur such as short-termism, manipulation of results, window-dressing. To minimize this, a fair and sound performance management framework must cover both financial and non-financial aspects. The approach is to have a smart Balance Score Card (BSC) including 4 key elements namely financial aspect, internal business and processes aspect, customer aspect and innovation and learning aspect.
In addition, the basis of the reward scheme shall be clear, motivational but manageable by the top management to ensure that the reward does not lead to conflict of interest and negative impact to the business in the future.
3. To address the ethical issue and build appropriate regulatory compliance and risk culture: according to ISSUELAB. (1991), ethics is defined as the obedience to the unenforceable. There is no means to eliminate ethical issues but that can be reduced. This requires to be embedded in day-to-day operations via a set of indirect mechanisms such as adherence to code of conduct, internal whistle blowing channel, internal control and performance management framework as prescribed above.
In addition, BBB have to build an appropriate framework as below:
• To develop compliance and risk management framework: compliance and risk culture is to be embedded as an integral part aside from the BSC. Despite extraordinary financial performance, the performance still fails if compliance and risk fail due to the severity of non-compliance ranging from financial loss to business shut-down. In conjunction with the formation of audit and risk committee, it is expected to drive a more prudent approach to business and ultimately minimize the instances of the breaches and frauds.
• To introduce code of professional conduct: as mentioned, the chairman is looking at setting a code of conduct for all employees to guide the ethical behavior in the organization. It comes to his understanding that there is an existing work of the Chartered Banker Professional Standards Board which can be adopted yet he is still considering if the code shall be adopted or newly created one for BBB.
As a highlights, in October 2011, The Chartered Banker Institute has launched “Chartered Banker: Professional Standards Boards” supported by nine banks in the aim to restore public confidence and trust in the industry after financial crisis and promote culture of professionalism among individual bankers. The code is also being reviewed regularly to reflect the changing demands in the industry.
The essences of the code includes the necessary aspects of banking business including respect and integrity in treating all stakeholders, risk implication and accountability of own action, regulatory compliance, maintaining confidentiality and sensitivity, managing conflicts of interest, developing professional knowledge and skills and acting in fair, honest, trustworthy and diligent manner at all time.
The proposal for BBB is to adopt the existing work of the institute. However, the effectiveness depends on the communication and commitment from the top to ground level people. In BBB, the negative culture has been permeated at the ground level which needs to be improved via “Lead by Example” approach. Most importantly, the values and beliefs of BBB shall be congruent with all stakeholders’ to ensure that we are aligned.
Therefore, by adopting the code of conduct with a strong sense of belief will bring about the positive change in the organization.
The proposed solutions above may not be materialized and sustained without a proper change management process. Following Kotter’s principle to change management, there are 8 importance steps to be taken as below:
1. Create a sense of urgency: it has already been five years that BBB has been in bad experience of financial loss. With the new leadership, it is time for the change to take place by escalating the sense of urgency among all stakeholders that the current situation of the bank is very critical and it requires all stakeholders to joint hand in hand to resolve the issues. It is a good time to inject new concept, bring in new, effective and efficient operating model via the new leadership.
There is also an urgent need to create a sense of belonging among all employees in the organization. They shall come to a common ground that the failure or success of the bank is in their hands but sadly they are currently at risk of losing the job, which requires their immediate attention and correction.
2. Build a guiding coalition: after having a sense of urgency, all stakeholders should be able to work collaboratively across all functions toward achieving the organizational goal, avoiding silo approach.
3. Form a strategic vision and initiatives: the above designed control procedures will need to be communicated effectively to all level of hierarchy. Plus, the strategic vision to embed the ethical culture shall be demonstrated in daily activity. It shall be gradually formed as unconscious competent that ethics is guiding principle of all actions in the organization.
4. Enlist a volunteer army: this wave of change is to be executed on a large scale basis with an involvement from all stakeholders in the organization from the Board level. This needs a specific and dedicated taskforce to communicate, lead and monitor the momentum to ensure that correct information has been spread around and we are working in the same direction toward above strategic visioning.
5. Enable action by removing barrier: with above proposed control procedures, it aims to improve efficiency and effectiveness of the operation via SOP, code of conduct and compliance and risk management framework. At the same time, uphold a right set of professionalism and ethical behavior.
6. Generate short-term wins: after materializing the plan, the outcome of the change shall be communicated to all stakeholders. In the event of positive outcome as desired, it will serve as a monitor and catalyst to further improve the organization. However, if it turns out to be negative, it will allow the taskforce to take immediate remedies action or alternatives to fix the problems on a timely manner.
7. Sustain acceleration: provided that the proposed change is implemented successfully, it must be refreshed and re-energized relentlessly to keep the momentum strong. Failing which, the organization will be at risk of returning into the same vicious cycle. The effectiveness of the sustaining the realization of strategic visioning is to incorporate this as mandatory learning and induction course to ensure that the new joiners are well informed and aligned with the organization vision and mission.
8. Institute of change: the depth of sustain acceleration is to ensure that this success will continue to prosper within organization through connecting a strong link between the ethical behavior with the success.
As described above, the fraud cases in BBB were caused by the allowable opportunity due to lack of internal control, motivation to commit due to an unbalanced performance management and attitude that was dictated by the top level management. To turn around, BBB shall set the right tone from the top by having an effective and balanced board of directors with structural framework of governance, compliance and risk culture as prescribed above. In addition to this, there must be a proper internal control to detect, correct and prevent the fraud at the onset. Finally, despite the proposed mechanism to bring about positive change, this will not be able if the implementation is not carried out properly. It requires a thoughtful change management process in this organization so that everyone will feel the sense of urgency to take corrective actions to resolve these ethical behavior issues for the prosperous future of BBB Bank.