Why ‘I won’t let anything happen to you’ is more of a threat than a promise
Have you ever stopped to think about all the short-sighted choices people make while risk-managing?
If risk is everything, everywhere, all at once, then risk management is everyone’s job, now and always
Have you ever stopped to really think about all the value we leave on the table, for instance, while managing one particular cost exposure inside our businesses?
All the clients we may be aggravating while trying to close one hypothetical loophole? All the real terrors we allow into our homes while inspecting for imaginary monsters under the bed?
Have you ever worked in a situation where teams give in to the temptation to over-correct (the False Positives Conundrum) because they are under a lot of pressure to do the job and do it well and they are not given enough context and they are not cut any slack… so they go hard because that’s the way to show commitment?
They go into overdrive because doing too much of the job can only be a good thing… right?
Because, if we are honest with ourselves, that’s what doing a good job looks like when you are doing it out of context.
But we can’t afford to do the job out of context anymore.
We can’t afford to do whatever we do without thinking about risk management holistically all the time.
And we cannot manage risk without knowing about what everyone in the business is choosing to do and not do – and why – at all times, so we can manage the interdependencies between all of those things all of the time.
It’s a lot. But that is, ultimately, the job.
I was on a FinScan webinar with Steve Marshall, Richard McDermott and Stephen Edwards this week. The topic was risk. And the fact that it encompasses literally all the things simultaneously and the only way to really manage risk is… holistically.
And the fact that the way we as an industry tend to manage it inside our organisations seems to miss that point entirely most of the time.
The combined experience of the folks on the webinar was mind-bogglingly extensive and their stories around all those short-sighted, non-holistic choices people make in the name of risk management were side-splittingly funny… at least until you got to the part where you realised how common those stories were.
In my opinion, people are so hell-bent on not talking to their risk teams, they would rather err on the side of caution or go for the adventurous ‘easier to ask for forgiveness than permission’ approach to life.
Each is as risky as the other.
Each is as likely to hurt the business, albeit in different ways.
Why do we do that?
Many reasons.
It’s not me, it’s you. If we are honest with ourselves, we have all had at least one awful experience with colleagues in the control functions when they were unhelpful, unreasonable, belligerent or passive aggressive. When they said no to everything that wasn’t airtight, waterproof, locked down and tied up with a bow. And, adding insult to injury, saw their job as protecting the business. From the world.
From you.
We’ve all had those meetings when colleagues ask us to commit that things will (or won’t) happen a certain way in the future. And the thing about the future is it hasn’t happened yet so we can’t commit, and they roll their eyes, scoff, dismiss. And say no.
So yeah, of course we don’t like talking to them.
It’s not you, it’s me. If we are honest with ourselves, we have all tried to get away without speaking to colleagues in risk and compliance only to find ourselves in a very awkward meeting weeks, months, years later with a colleague tearing their hair out saying, ‘Why didn’t you come to me at the start? I could have helped then. I can’t help now.’
We have all avoided speaking to the risk colleagues, anticipating a difficult meeting and never giving it a chance to not be so.
There are silos, and under the pretence of ‘staying in our lane’ we often use the organisational separateness to get away with not having difficult conversations.
If the organisation allows us to innovate over here while risk sits over there then… don’t mind if I do.
It’s neither of us, it’s the situation. FinScan’s Steve Marshall said something on the webinar that really made me pause. He said that even the language we use implies separateness. We talk about the control functions rather than the control process. This colours expectations, determines how we show up, what we ask of each other, what we expect of each other, but also what we leave for each other to do. What we see as ‘our job’ and ‘someone else’s job’. And whether we see things as a set of dependencies rather than a checklist.
Ultimately, the language we use matters. Because if it makes it out like something is ‘not my job’ I will approach it as such. And if said job is to be done in a particular way, I will approach it as such. And that is what we have largely done until now. Risk was a department whose job was to minimise the risks we take as a business.
If only life worked that way.
You know those dramatic moments in movies where the parent or beleaguered spouse cradles the recently rescued loved one while explosions in the distance mingle with uplifting epic music?
You know how they always say something along the lines of ‘I will never let anything happen to you’?
Am I the only one who thinks ‘well… then nothing will ever happen to me’?
Even if you amend the sentence to ‘I will never let anything bad happen to you’, it still doesn’t work. Because life is messy, and risk is everywhere. Every good thing that may happen entails the risk of it not happening at all. Or the opposite happening. Or something else altogether happening or not happening that could not be predicted. Everything in life and business is about trade-offs. The risks you take for possible rewards. The rewards you eschew to avoid risks. The balance you keep and when you choose to shift that.
If you ask people to talk about risk, they will either talk about horrible headlines of banks being shamed for failures, oversights or a cavalier attitude towards their obligations, or they will talk about the colleagues who say no.
But rarely do people talk about the space between the two: about the risk of good things not happening. And the risk-mitigation we engage in every day to ensure they do happen.
The good things.
It’s time to move the conversation away from this context, away from these stale assumptions. Everything we do is an exercise in risk management. And it’s an ‘everyone’ job’ and an ‘all the time job’. And we all need to realise that and adjust accordingly: whether we work in the risk function or not.
If risk is everything, everywhere, all at once, then risk management is everyone’s job, now, always and forevermore. And that job is not about ensuring bad things don’t happen. It’s about managing trade-offs. And visibility. And context.
About managing things on the whole.
So that good things keep happening.
Because we let them.
#LedaWrites
Leda Glyptis is FinTech Futures’ resident thought provocateur – she leads, writes on, lives and breathes transformation and digital disruption.
She is a recovering banker, lapsed academic and long-term resident of the banking ecosystem.
Leda is also a published author – her first book, Bankers Like Us: Dispatches from an Industry in Transition, is available to order here.
All opinions are her own. You can’t have them – but you are welcome to debate and comment!
Follow Leda on X @LedaGlyptis and LinkedIn.
