Effective counter-measures have to be put in place and tested. We have outlined some of the Basel II guidelines for effective risk management. The trouble is: “Do you have the corporate influence and the budget to get the proper risk management in place?”
Where advice and plans fall on deaf management ears, nothing concrete is likely to be done. Budgetary constraint, as an opponent, is no stranger to the champion of risk management.
The financial world is set on cutting costs and automating business processes; risk management systems are just one facet of this drive. Yet, the quest for lower costs and automation can blind us to the fundamental areas for error. Human intervention and room for exercise of staff initiative can become stifled.
This is partly why human error is cited as the source of most operational failures. However, this is often just an excuse for poor management and badly designed systems and processes that remove checks and controls in an effort to improve efficiency by lowering costs.
Much of this corporate culture against disclosing the truth stems from the top of the financial institutions. Switzerland, for example, makes whistle-blowing a crime. Therefore, unfavourable financial assessments can remain hidden from the investors. Whistle-blowing really saves investors money in the long run. It pinpoints the perpetrators of economic crimes and reduces the period during which they could be removing or destroying economic capital of the company and its shareholders. Whistle-blowing reduces the time-lag after which auditors and investigators can look for relevant evidence.
Whistle-blowing works on a raising series of red flags. When there is no visible recourse, or for major crimes, resort to an escalation of whistle-blowing. Alert the press and media, then report to regulators, police and other supervisory authorities. A proper whistle-blowing methodology can be set within the staff contract to lift the lid on fraud and crime. For minor transgressions: keep the dissent internal initially and keep an account of all errors, crimes and relevant data. Consult the ombudsman or newspaper if the company refuses to act.
Whistle-blowers must be protected and encouraged. Right now, the downside risk is being fired or shunned in the professional for “squealing” on the company or colleagues, while the upside potential is not much. Immediate risk is being questioned for technical competence, political competence, sanity, naivete ́; onus is on the whistle-blower to understand the
whole of the story; first managerial reaction is often “you do not have a view on the whole picture”.
Many corporations do not encourage whistle-blowing. Certainly, discouraging the leaks of information is an overt attempt to block all events that present a corporate reputation risk. Enron did not support whistle-blowing, but preferred to hide or shred the facts. Fraud and concealment of the truth were deep-rooted in the structure of the company. Worse, the fraud was perpetrated at the top. A company has to have a structure that is rooted in business and risk management.
Risk ignorance does not work, especially if the top management is ignorant or crooked. What an open risk-managed structure does is to open the corporation to the control function of the risk managers. They actively let the company be open to the idea that “squealers” can inform on the company if something wrong or fraudulent is suspected.
An internal company “fraud hotline” should be set up, where anonymous whistle-blowing can be channelled and processed for action. Nowadays, whistle-blowing is possibly anonymously through setting up temporary email accounts that access the regulatory website.