Kevin Gundle
INSIGHT 11/08/2015

Culture: The best form of risk control

Kevin Gundle Chief Executive Officer

The word ‘risk’ means different things to different people at different times.

Volatility is seen as a risk to some, while at another extreme, risk is the total loss of capital. But it is the complexion of risk that changes at different times. For example, when Bernard Madoff hit the headlines, the focus was on the risk of fraud; while when the markets are choppy, volatility is seen as the risk to watch. The bigger beast of systemic risk was one that few thought about until Lehman Brothers went under. Then banks started to fail.

A common thread that binds all of these types of risk—but is not a catch all—is culture and this is related to values. Cultural risk management involves looking at both the individual and their appreciation and understanding of how to behave, as well as a broader vision of how an organisation conducts business.

One key aspect to look at when trying to assess cultural risk is whether or not the integrity of the business has been ‘industrialised.’ As large organisations cannot rely that everyone will behave in the same way, they have to have rules, parameters and committees set in place. To ensure that integrity does not fail, the new buzz word in the banking industry today is ‘conduct.’ In fact, banks are now incorporating conduct risk into their compliance policies and some are even appointing global heads of conduct risk.

At its most basic level, conduct risk can be summed up as the risk of the loss of integrity from the individual upwards, which is what Aurum refers to as cultural risk. Conduct risk management involves assessing the culture of a business because it is this that gives an individual an implicit understanding of how to behave.

Aurum assesses risk holistically, considering all forms of risk, as well as risk in the context of the culture of a manager. If you look at what happened to Lehman Brothers it was a combination of operational risk and the culture of the bank at the time. Since then, our own risk management policies have changed to include counterparty risk, so that we are no longer able to invest in hedge funds that do not have multiple counterparties.

You can recover from losses related to investment risk, but it is difficult to recover from a failure in your operational risk management processes; those that result from a breakdown in procedures, people or systems. Operational risks are those where reputations are easily destroyed, which is one of the reasons why we rarely invest in early stage managers, many
of whom do not have the operational robustness to pass our due diligence tests.

When it comes to looking at risk, most focus on measuring the easy metrics, such as the number of investment professionals, but the measurement of risk is not the same as the management of risk. I liken this to the story of a drunken man who is looking for his house keys under a street lamp. When someone asks him if this is where he lost them, he says “no, but this is where the light is better.” In other words, what typically gets measured is what is easy to measure, but not necessarily what is relevant or important. In my experience it is the step that you don’t see that trips you up.

While I believe that culture is the best form of risk control, cultural due diligence is extremely difficult to undertake. How do you measure and get information about culture? To really get to know an organisation, you either have to work there or get to know the individuals running it. The cultural risk pointers we look at in our underlying investments include: the experience other investors have had in relation to communication; how many people are dedicated to servicing clients; and the thoughtfulness that goes into reporting and communication.

These are the external factors, but we also look at the internal ones: how well the staff are looked after; are they given things that they don’t ask for but appreciate; and what are the policies for staff and family welfare? Beyond that, what value do they place on social responsibility: does the firm give back? Is ESG engrained or is just lip service?

A company’s culture is the thread that binds all of the potential risks together. This either creates an investment red flag, or a tight-knit, collegiate cultural thread that runs seamlessly throughout the organisation, from the team that selects investments to those involved in setting the strategic direction of the business.

A version of this article originally appeared in the bi-weekly issue from iiSEARCHES International Magazine in April 2015.