|It is difficult, from the evidence now available, to be certain how aspects of RBS’s
management, governance and culture affected the quality of its decision-making,
but the Review Team’s analysis prompts the following questions:• Whether the Board’s mode of operation, including challenge to the executive, was as effective as its composition and formal processes would suggest.
• Whether the CEO’s management style discouraged robust and effective challenge.
• Whether RBS was overly focused on revenue, profit and earnings per share rather than on capital, liquidity and asset quality, and whether the Board designed a CEO remuneration package which made it rational to focus on the former.
• Whether RBS’s Board received adequate information to consider the risks associated with strategy proposals, and whether it was sufficiently disciplined in questioning and challenging what was presented to it.
• Whether risk management information enabled the Board adequately to monitor and mitigate the aggregation of risks across the group, and whether it was sufficiently forward-looking to give early warning of emerging risks.
|…weaknesses were found to arise from seven key risk areas that are potentially inherent in all organisations and that can pose an existential threat to any firm, however substantial, that fails to recognise and manage them. These risk areas are beyond the scope of insurance and mainly beyond the reach of traditional risk analysis and management techniques as they have evolved so far. In our view, they should be drawn into the risk management process. They are as follows:
A. Board skill and NED control risks – limitations on board competence and the ability of the Non-Executive Directors (NEDs) effectively to monitor and, if necessary, control the executives.
B. Board risk blindness – the failure of boards to engage with important risks, including risks to reputation and ‘licence to operate’, to the same degree that they engage with reward and opportunity.
C. Poor leadership on ethos and culture
D. Defective communication – risks arising from the defective flow of important information within the organisation, including to board-equivalent levels.
E. Risks arising from excessive complexity.
F. Risks arising from inappropriate incentives – whether explicit or implicit.
G. Risk ‘Glass Ceilings’ – arising from the inability of risk management and internal audit teams to report on risks originating from higher levels of their organisation’s hierarchy.