BHS, Carillion, Tesco, and Patisserie Valerie. Which to be clear, are all organisations where the finance director has not been found to be lying. However, they are all examples of actual or alleged financial oversight shortcomings.
What do financial services firms have in common with these organisations? At first sight if you are not in retail, construction, or cake shops then from a financial services perspective you may feel you have very little in common. However, the one area which undoubtedly is in common is that financial oversight in your business – as with every business – is also conducted by human being.
The use of the word oversight alongside financial could be seen to be slightly unfortunate. The Cambridge Advanced Learners Dictionary and Thesaurus defines oversight both as “a mistake made because of a failure to notice something “and “responsibility for a job or activity and for making sure it is being done correctly “. Naturally good oversight would be concerned with the latter, while the headlines are grabbed by the former. A review of the FCA Enforcement in this area reveals a few situations where their Principles for Business have been breached, especially Principle 3 (Management and Control), and 4 (Financial Prudence). A focus on Principle 11 (Relations with Regulators) may be a function of people displaying a lack of oversight. And then not wishing to bring this to the regulator’s attention.
Responsibility for problems within a firm must start from the top, and there may lie problems too
Alongside these principles, the values which individuals are expected to uphold illustrate human behaviors required for oversight and can be seen in for example the CISI Code of Conduct, where individuals are tasked to be honest open, transparent and fair. The Code also shows in a general form what type of behaviors live out these values. While there is no formal definition from the regulators of exactly what comprises good financial oversight, I would suggest that its purpose could be summarised as managing business issues which may cause future cash flow problems. It is cash flow which will keep a firm or indeed any business alive, and circumstances which threaten cash flow is what is most likely to bring a firm down, possibly even before the negative effect of reputational damage.
Much of the focus of financial oversight is on factors which are internal to the firm, or the internal handling of issues which originate outside it. Internal financial controls must be seen to be both robust, aligned with its operational systems and procedures, but above all have the behaviours of the firm’s staff closely aligned with them. An obvious potential issue is that of internal fraud, and a recognition that this is not merely a failure of internal process, but usually a failure of human behaviour. The causes of such behaviour have been seen to be many and varied, and Donald Cressey’s Fraud Triangle Theory usefully highlights the pressures and incentives, alongside the opportunity and rationalisation which individuals find. To this must be added the constant threat of phishing for data, and even suspected cases of sleepers being put into firms as employees by organised crime, either to assist an act of fraud or to deliver information which will enable others to commit it. Systems, processes and procedures alone will not prevent this: it is the observation of human behaviour in response to these which is most likely to identify potential and actual fraud instances.
Responsibility for problems within a firm must start from the top, and there may lie problems too. Carlo Rotta quotes in her book “A Short Guide to Ethical Risk of the potential problems with those higher up the organisation:
“The higher the individual is within the company hierarchy, the better he knows internal controls and the better he can elude them. In fact, the greater the power he has over the people who have to operate these controls and the easier he can abuse his power to avoid these same controls.”
“A sample of 100 companies from different countries who were victims of fraudulent activity, in 11 cases the culprit was the CEO, whereas in 60% of cases fraud was perpetrated by senior managers and board members, and to include Middle Managers the percentage of cases goes up to 86%.”
It may not just be the FD who is lying! Financial issues should be readily identified within a firm’s business and especially in their regularly monitored management information. There is unlikely to be a shortage of data in any organisation these days, but this can bring with it problems of a different nature. Common issues with financial management information can include having inadequate levels of data which are purely quantitative and without qualitative analysis, having simply too much data or too many reports. Some items can remain in reports even once their use has become irrelevant. There may also be a lack of timeliness, and a natural inclination to choose measures because they are easy to measure, rather than those most relevant to the financial risks.
So, what are the best ways of ensuring good financial oversight? These could be summarised under two simple words: culture and conduct. The regulators have been increasingly concerned about inappropriate cultures across financial services, for example as mentioned by Tracy McDermott from the FCA in July 2015:
. ‘And it is increasingly evident that culture and conduct are two sides of the same coin. Good conduct – hedging that conduct risk – relies on cultural change and can’t happen without it.
Senior leaders have responsibility for espousing the correct culture and behaviours. While we’ve seen encouraging signs, and certainly lots of commitments, it needs to be about changing outcomes.’
This also neatly points out where the responsibility for culture lies, while leaving out the sometimes enormous job of getting it right, and keeping it that way.
Good conduct is closely related to culture and is similarly evidenced by behaviour. One example of behaviour required for good financial oversight is the importance of asking challenging questions within a business, not just at board meetings, but in a timely and appropriate form of communication. When reviewing enforcement notices in this area, I am struck by the number of occasions where email communication is sent, but inadequately responded to and no further action taken. One of the questions which the FCA highlights in its paper “Five Conduct Questions – Feedback April 2018” asks “how do you encourage the individuals who work in front middle back office control and support functions to feel and be responsible for managing the conduct of their business?” They also ask, “how does the board and ExCo gain oversight of the conduct of business within their organisation and equally importantly how do they consider the contact implications of the strategic decisions that they make?” Some of this must fall within the questions and asked, answered obtained, and actions taken and evidenced not just at Board level, but across the firm.
They have been numerous examples of financial oversight in the sense of “a mistake made because of a failure to notice something“, and I would have hoped that we would have learned enough from previous mistakes by now. But I am not optimistic. Good financial oversight needs not just the sight, but the challenge of mistake and bad behavior, and preferably at an early enough stage. To quote Sherron Watkins formerly of Enron Group in 2001:
“I think there are difficult moments of truth when leadership is tested. And if these moments are not faced honestly, if the hard decision is not made at that point, it becomes next to impossible to return to the right path. Once you start to rationalise, you’re stuck.”
All of which will not prevent the finance director from lying, although such instances are thankfully extremely rare. But I hope this does provide the inspiration to professionally challenge an issue when – and not if – you come across one.