People Risk and the Great Resignation

???1????????Risk issues

The risk landscape of 2022 is perhaps clearer than many other years. One area of risk stands out – People Risk. This can be defined as the risk of:

• The lack of sufficient human resources to effectively execute the strategic objectives
• The actions (or inactions) of people which have an adverse impact on an organisation achieving its strategic objectives

In the client work I’ve conducted recently, be it s166 Skilled Persons reviews, M&A due diligence or other engagements, it is often the actions or inactions of people which have been at the root cause of the issues identified. And these have crystalised in failures of capacity, capability and culture.

And these issues will be exacerbated in 2022 by – staff shortages caused by ‘The Great Resignation’, and the risks associated with the continuation of hybrid working.

1.1????????The Great Resignation

In my view, the term Great Resignation is a misnomer. It is focussing too much on the symptoms not the causes, it is ‘what’ not ‘why’ thinking. In reality, this phenomenon is a Great Realignment, with staff taking stock of their working lives and seeking what they perceive to be better opportunities. Staff are not leaving, they are going.

Whilst the Great Realignment started in 2021, it is set to accelerate in 2022, for a number of reasons:

• All those ‘New Year, new you’ reflections in early 2022
• The stabilisation of the economy, and the expansion of opportunities as we come out of the Covid crisis
• Decisions made after banking bonus payments in Q1 2022
• The fact that resignations are contagious. Staff are influenced by the pull factors of seeing colleagues getting better opportunities elsewhere, and the push factors of the stress and overwork for those who remain

Regardless of whether you look at it as Resignation or Realignment it is referring to the same issue – an unplanned reduction in personnel. And this can be across all levels of the organisation:

• Senior management – key person dependency, loss of strategic direction, inability to fulfil SMCR requirements
• Middle management – spans of control stretched, inability to effectively oversee staff
• Control functions – failure to meet regulatory requirements, loss of oversight
• Back office – key person dependency, project completion risk, failures of systems and processes
• Customer facing staff – customer detriment, increased errors, increased stress

If you are a financial services firm, your competitive advantage clocks off at the end of the day, and has the potential to check out permanently if they don’t feel rewarded and valued. So identifying and controlling the risk of staff attrition should be a key focus. However, it is a risk that many firms overlook. I see organisations that have a laser-like focus on revenue and customer satisfaction, but are seemingly blind to their own outflows of human capital.

1.1.1???????Risk outcomes

The capacity issues firms experience can lead to a range of issues, both on the regulatory side, and also in the wider business activities.

Regulatory risk

Capacity issues brings a range of regulatory risks:

• Firms unable to meet their threshold conditions
• Increased customer complaints
• Increased mistakes as staff are overworked
• Conduct issues, as corners may be cut
• Failure to undertake required activity – e.g. compliance monitoring, audit, regulatory returns, quality assurance
• ?Stretched spans of control, and insufficient oversight
• SMCR failings – incorrect details of individuals, and persons undertaking responsibilities who have not been approved

Business risk

Equally, capacity issues can significantly constrain a firm from achieving its commercial objectives:

• Insufficient front-office staff to serve customers
• Insufficient back-office staff to process business
• Lack of specialised resourced to undertake strategic projects (e.g. lack of personnel in IT or project office)

If financial services firms fail to control these risks, they should not expect much sympathy from the Regulator – it will not be seen as a credible excuse to say ‘we did not have the staff to…’. The FCA/PRA will expect all firms to be closely monitoring the risks, putting effective planning in place, and taking prompt action to:

• Recruit additional staff
• Obtain temporary support from contractors or consultancies
• Reduce business activity

The final point is an important one to consider. Whilst recruitment has significant external dependencies, the volume of sales enquiries generated and the projects undertaken by the firm (e.g. the execution of new strategic initiatives) are under internal control. Running a business beyond the capability and capacity to control it is a fast route to regulatory enforcement.

1.2????????BAU hybrid working

As Covid eases many firms are transitioning from the ways of working during lockdown (effectively an extended business continuity exercise) to a more formalised BAU hybrid working approach. And in doing so, it is important for organisations to recognise the inherent risks that come with a decentralised delivery business model.

This distinction between lockdown and BAU is not lost on the Regulator. The FCA have updated their guidance on remote working, and this represents a clear shift from the somewhat indulgent approach during the Covid crisis to a much stricter interpretation of the rules going forwards – in such areas as MiFID II and MAR.

It is therefore important for firms to recognise the risks, develop appropriate controls and monitoring, and put in place a clear action plan.

1.2.1???????Risk outcomes

An ineffectively controlled hybrid working environment can present a range of risks to firms:

• PRIN and COCON breaches – if senior management cannot demonstrate they have taken reasonable steps to plan and implement risk controls
• Data breaches and cyber risks if system access is not controlled
• Criminal activity – financial crime breaches, fraud and market abuse all increase if activities are inadequately monitored
• Deficiencies in the control framework if 1st Line oversight and 2nd/3rd Line monitoring is not adapted to the new structure
• Training doesn’t land effectively – as firms don’t adapt the delivery
• Culture and team ethos is not embedded – as additional effort and focus is not prioritised
• Spans of control weaken – as line managers do not adapt to the new working environment
• Deficiencies in record keeping – as information is spread across many locations
• Increases in bullying, coercion and discrimination when interactions are away from scrutiny
• Conduct risk and poor customer outcomes – as a result of the above

2????????Risk mitigators

Given the threats that People Risks pose in 2022 (and beyond), firms should ensure they have considered and applied a full range of mitigants. There are a number of actions firms can take quickly to reduce the impact of capacity issues. But there are also more strategic opportunities which may take time to implement, but will ultimately deliver lasting improvements.

2.1????????Risk identification, monitoring and control

As with any risk it is important that firms have an honest assessment of what the possible outcomes can be, how they will be tracked, and what mitigants can be put in place. For People Risk there are a range of issues which can crystalise:

• Illegal activity – bribery, market abuse, money laundering, theft, fraud
• Prohibited activity – conflicts of interest, bully, harassment, intolerance
• Biases and heuristics and groupthink which lead to wrong decisions
• Recklessness leading to rash decisions
• Inertia – in the failure to take decisions, or address issues identified
• Human error – the genuine mistakes that can always happen (but can often be controlled against)

Firms should capture these on the Risk Register, assess the status quo through the Risk Control Self-Assessment process, and fairly report on RAG statuses in periodic reports to senior management.

2.2????????Firms structure and ways of working

How, and where you work has a significant impact on risk. As noted, hybrid working comes with challenges, but (done properly) it also brings huge advantages for staff recruitment, retention and well-being.

Omicron may have been the booster shot to finally inoculate some firms against the notion that there will be a permanent return to office-based working. Those few outliers, still holding Canute-like to the notion of 5 days in the office will surely find that employees are working on their CVs on days 6 and 7.

Hybrid working enables firms to widen their talent pool – both in terms of geography and make-up. It is also a key enabler for the diversity and inclusion objectives the FCA is expecting financial services firms to progress. And the oft-overlooked S of ESG.

But why stop there? Consider the post-Covid opportunities for more radical initiatives. Atom Bank, for example was one of the first financial services firms to champion the four-day week, and the 100/80/100 model (100% of the pay for 80% of the time, at 100% productivity), and others are following suit in 2022. Atom Bank’s initial findings showed a 500% increase in job applications and an uplift in satisfaction levels, amongst existing staff, from 77% to 86%. And imagine what it is doing to their retention levels.

2.3????????Management practices

The quality and effectiveness of leadership is a key determinant in the success of an organisation and its ability to control risk. This fact is not lost on the Regulator, who has put a far greater focus on the role of Boards and Excos in recent years – from the implementation of SMCR to the recent requirements on Consumer Duty.

The quality of leadership within a firm will also have a huge impact on people risk – hopefully to the positive, but equally to the negative if senior management do not exhibit the right behaviours. In times of trouble people look to leaders, for guidance, and also as an example of good practice. And those leaders who did not rise to the challenge during the pandemic will become one of the causal factors in the capacity and cultural issues their firms are experiencing.

And post-pandemic, staff will be looking to senior management for the bold initiatives to take the organisation forward, and to set the tone for how business should be conducted. I have heard a lot of talk recently about ‘turning the taps back on’ post-covid, and accelerating growth. In this, it is important the leadership set the right balance and tone, so the desire to recoup revenue is not at the expense of customer outcomes.

Whilst the art of leadership is incredibly important for controlling People Risk, we should not ignore the craft of management – the role of middle managers and team leaders, in the organisation, and their impact on delivery and risk control.

It is evident that a decentralised delivery model requires a different approach. 2D management (via Zoom and Teams) has a different skillset (and a higher level of Emotional Intelligence) than 3D management, in person.

And it is also evident that many individuals have proven themselves not up to the challenge. Too many managers behave as custodians not coaches. They are focussed on task and time management, rather than performance and productivity. They are not able to project culture and control across a decentralised workspace, and are failing to develop productive and self-motivated employees.

In the new workplace, these requirement for reskilling and upskilling are essential at all levels of the organisation. It is important that leaders and managers recognise what is required of them and are clear on their roles and responsibilities:

·??????Supporting the development and retention of productive employees

·??????Delivering good customer outcomes and controlling conduct risk

·??????Achieving revenue targets and strategic objectives

2.4????????Process

Too often I hear from firms ‘we don’t need a procedure for that, John knows how to do it’. If Covid and the Great Realignment have taught us anything it is that John (or whoever else in the firm has the necessary skills) might not be around forever. Maintaining clear, comprehensive and current policies and procedures is a key mitigant against People Risk, a basic requirement under SYSC, and just good business sense.

2.5????????Staffing

The development of effective risk control mitigants for People Risk clearly requires a full consideration of the people themselves. Employees are the engines of growth within a financial services firm, but they can also be the drivers of failure. Firms need to have an honest assessment of the human resources within the organisation, and their strengths and weaknesses.

2.5.1???????Employee makeup

Any organisation will have a mix of employee types:

• Revolutionaries – want to change the world, and see the firm as the agent of that change. Highly motivated and loyal (provided the firm stays true to its mission)
• Volunteers – share the values of the organisation, and have a positive and productive outlook
• Mercenaries – can be productive, providing they are rewarded
• Conscripts – unproductive workers who only remain at the firm because they can’t see an alternative

This makeup will shift over time – start-ups will have far more revolutionaries and mercenaries, established companies will have a greater number of conscripts. Understanding the mix, and understanding how the proportion of positive employees can be maintained and increased is a key factor in a successful business.

2.5.2???????Key person dependency and succession planning

Under the Principles, SYSC and under good business practice, firms should know who their key persons are, and why they are important to the organisation. And it should be noted that key persons are not just in senior management, they will be in areas such as Operations and IT too.

In addition to identifying the key persons, firms should be taking reasonable steps to reduce dependencies and increase contingencies, via effective succession planning.

In a service sector organisation, succession planning should be seen as a business continuity issue, and should be treated with the same degree of importance as back-up IT systems and the provision of secondary sites.

Firms should take the key person mapping, and make an honest assessment of who within the organisation can step into a role – both for a short-term period, and as a replacement. Where successors cannot be identified, this should be highlighted as a People Risk. The succession plan should be kept up to date, and it is recommended that a two-stage contingency is identified – because what if the nominated successor leaves too?

2.5.3???????Recruitment

Given the staffing challenges currently being experienced due to the Great realignment, there is a temptation to recruit quickly and ‘put bums on seats’. But firms should ensure they get the right people, for now, and for the future. As noted above in the section on management, the new workplace requires a different skillset:

• ?Self management
• Resilience
• ?Emotional intelligence
• Integrity and trustworthiness

And the importance of the last points should not be overstated. Too many financial service firms pay lip service to the ‘proper’ of Fit & Proper. They have no structured process for assessing character and culture fit, and merely rely on credit and criminal records checks.

For financial services firms, an untrustworthy individual (particularly in a senior role) is a major driver of conduct risk. But they are an equal risk to the fabric and cohesion of the organisation. If you invite a fox into the henhouse, do not be surprised by the outcome.

The writer Simon Sinek has an amusing anecdote about the selection process for the Navy Seals – where there is a lower salience given to technical ability (would I trust you with my life?) but a far greater focus on integrity (would I trust you with my wife?).

When you recruit someone and bring them into the organisation, you are holding them up as an exemplar of your cultural aspirations – you are saying, quite clearly ‘this is what good looks like’. So, if that person does not demonstrate integrity, if they fail to ensure good customer outcomes and control conduct risk, these behaviours will be copied by others.

2.6????????Culture

Culture is a topic in itself (and one I will be considering in more detail in a later edition). But here, in relation to People Risk, there are a number of key points to consider.

Culture is the ‘social glue’ of an organisation. It is a truism that 150 is the upper limit for a cohesive group of people – the tribe of our forbearers. For many organisations it is a challenge to get to the first 150, let alone the next 150, or the next. But whatever the size of the firm it is the shared norms and values that holds it together. Tribes become nations not through force of arms, but through force of will - the strength of their culture.

Culture is actions not words. The CEO’s Town Hall address, the statements on the intranet, the messages in the training sessions – these carry surprisingly little weight. What matters is what employees see and experience. And if they see senior management engaging in counter-cultural behaviours this can be hugely damaging – cynicism is one of the most toxic emotions in an organisation.

Culture is control. Culture, if used properly can be one of the strongest elements of the control framework. Firms should use the risk landscape as a guide to the norms and values they are seeking to promote.

2.7????????Performance management

Most (most…) financial services firms have recognised the regulatory risks prevalent within bonus schemes and put controls in place to reduce the incidence of poor outcomes. However, few firms are taking a holistic look at their overall performance management framework and considering whether it is strengthening or weakening the organisation.

A clawback for quality failings may be commonplace within sales teams (albeit as a sop to the Compliance department), but it is rare to see a consideration of wider behaviours and attitudes. Firms should ask themselves – can a member of staff (at any level) be rewarded if they exhibit behaviours counter to our cultural aspirations? And if so, what message does this send to other employees?

For those firms looking deeper, there are also fundamental questions to ask about the purpose of the bonus scheme. The bonus framework has become such a universality within corporate life we rarely stop and think about the actual outcomes they are delivering. If employees are competing more with people inside the organisation rather than other firms in the marketplace, this is not a sustainable model.

And all firms should be considering the concept of ‘reward’ in the broadest sense – so bonus payments, but also recognition and advancement. When you promote someone, you are endorsing their values, attitudes and behaviours along with their performance. As with recruitment, when you promote someone you are saying to the rest of the organisation – this is what good looks like.

2.8????????HR

Some time ago I wrote an article describing HR as the 4th Line of Defence. And I still believe that holds true. But it is predicated on the expectation that HR will step up and take an active role in controlling risk within the organisation. Particularly in these challenging times.

Unfortunately, many financial services firms are asking the question - is my HR lead a wartime consigliere? Are they able to move beyond the ‘pay and rations’ administrative functions, and contribute to the control of People Risk.

Firms will not be able to fully achieve the control of risk across capacity, capability and culture until the HR function is fully aligned and engaged.

3????????Conclusion

These are clearly challenging times for firms. And many organisations are feeling the adverse effects of staff outflows and the difficulties of adjusting to new working practices. But there will be winners from the Great Realignment – forward looking firms who can embrace the opportunities of change and build businesses fit for the future.