Author: Chris Rowe, Director, Leathwaite

Could large financial firms really have become too big to govern? This has been the question on many minds since Stuart Gulliver, HSBC’s Chief Executive, commented on the aggressive tax avoidance revelations by its Swiss banking arm. In a moment of self-pity that skirted dangerously close to Tony Haywood’s disastrous plea of ‘just wanting [his] life back’ during the BP oil spill, Mr Gulliver asked how he could possibly be expected to know what every one of his 257,000 employees was doing. Whether or not it truly is necessary for CEOs to maintain a watchful eye over the shoulder of each of their employees, building a framework to mitigate bad practice is far from an impossible task. As long as the group board can build an effective internal safety net and govern the firm by example with a unifying culture, maintaining a system of best practice even through massive companies should become easier.

The ‘Second Line of Defence’ Must Be Front of Mind

When scrutinising HSBC over the recent Swiss episode, a little context is helpful. Some of the transactions which caused the episode are more than eight years old, and the regulatory landscape of 2015 in Switzerland is significantly different to that of 2007. MIFID II, the new Swiss Federal Financial Services Act (FIDLEG) and a torrent of other post-crisis regulatory reforms are having a huge impact on the work undertaken by all banks. Many of the operational failings that may have allowed the Swiss avoidance to take place will have been addressed since then. Equally, the business practices and cultural norms in Swiss private banking are significantly different now than they were then.

What this illustrates is how important it is for a board to invest efforts into its second line of defence: principally the control functions, including risk & compliance. Financial watchdogs have tightened the regulatory belt, but a tiered system of checks on activity is more than a regulatory burden, it’s a vital tool for the board to manage large organisations. Under-investing in these functions is no longer an option and HSBC is pumping roughly $1 billion a year into developing these areas.i

HSBC’s tremendous growth since the global financial crisis has seen it more than double its number of employees.ii Grappling with tightening regulation which is costly to implement and bringing in staff in an environment where revenues are depressed is a post-crisis reality for any financial institution. However, gaining complete control of its governance and control functions is a vital step towards being able to identify and mitigate compliance issues in advance. Boards should plan to build their compliance teams in line with growth early, before rapid expansion creates areas where governance is struggling to keep up.

HSBC faces a challenge here, as it is far from the only firm looking to hire more compliance professionals. The well-publicised war for talent currently being waged between financial firms to find the right quality and quantity of compliance staff needs to be acknowledged.

Modern forms of legal, risk and compliance management were only invented in the last thirty years and as a non-revenue producing function have never had a higher value until recently. The talent shortage within the financial services sector is already starting to push firms to think laterally in hiring decisions; increasingly raiding law firms and consultancies within the professional service sector, as well as the regulators themselves, to plug these gaps.

Governing With a Unifying Culture: The First Line of Defence

Ensuring a full, well trained and well integrated control function is both a requirement and a benefit to modern finance operations, but it can’t be the only tool the board uses to govern its business. The board has a responsibility to instil a culture of best practice towards conduct, risk and clients within the business units themselves. This would greatly reduce the burden of the second line of defence as well as the third, such as internal audit, both of which are often already stretched beyond their means. Of course, however, this culture comprises of intangible traits that need to be coached and developed rather than just prescribed.

The board and executive committee of large financial institutions must lead by example, adopting and taking ownership of development of these practices throughout the business. These are part of a gradual change that requires specific training programmes to nurture intangible traits. Eventually, these traits will become part of a prescribed role but one might argue that we must wait to see a generation of people leave the industry before there is a true change in mentality. This long-term thinking is what organisations look to their leaders to provide and should make instances such as those that HSBC recently endured less frequent, harder to miss or inexcusable.

Ultimately, the scale or headcount of an organisation is not the sole measure of its ability to ensure best practice and ethics across its operations. A holistic approach is vital to ensure oversight and exemplary behaviours reach all staff, no matter how many or how dispersed. Boards must be confident in the ripple effect their example provides to their entire organisations. They must also be mindful of their responsibility to create a culture and development network that crowds-in best behaviour, ethics and a commitment to identify and address problems. When this is supported by a well-resourced team of compliance and governance, which draws from the best talent available, even massive global firms will find ensuring best governance well within their reach.

This article was first published in Governance & Compliance Magazine.