Natalie, please tell our Risk Insights’ readers about yourself and your professional experiences.
I joined Yorkshire Building Society in 2015 to head up its new People Risk team. I’m not an operational risk professional by training; I started out as a trainee lawyer at Freshfields Bruckhaus Deringer in their Employment, Pensions and Benefits team nearly 20 years ago. More recently I have led teams of various sizes and founded my own legal firm, simultaneously building my risk management and entrepreneurial skills. Since joining YBS I have built the strategy, remit and profile of the People Risk function whilst also operationalizing processes associated with, and successfully embedding, the Senior Managers’ and Certification Regime (known internally as Our Trust Code).
As a fairly new discipline, can you give our audience an overview as to the areas you look to cover under the People Risk heading, and how you have evolved the area within Yorkshire Building Society?
There are two main facets to this phase of our evolution. The first has been to work with the business to understand the key areas of people-related risk faced by the business at the current time and agree some common language around those. The second has been to work closely with our colleagues in Operational Risk to further progress the maturity of our 1LoD operating model and drive out improved consistency. This exercise has included consideration of the remit of the People Risk team in overseeing the suite of risks that may arise within the People Division, which is where the People Risk team resides.
Historically, our operational risk functions have taken on a role to develop and embed operational risk management frameworks and facilitated risk reporting to the Group-wide management committees. Increasingly, there is an expectation from the Board that such operational risk functions will need to deliver formal opinions on the effectiveness of 1LoD management of the key risks inherent within the Group. People Risk and other specialist risk areas will clearly have a part to play in this development as we embed our new 1LoD operating model.
With culture and conduct featuring heavily in the media and an increasing area of focus, how can FIs implement culture changes and measure conduct to mitigate these risks?
Our approach to culture within YBS has been to focus on the fact that culture is a product of individual behaviours – it’s the things we do, not what we say we do. Our work on this is still in progress but we have spent considerable time understanding what makes YBS unique – all its positives and any areas that we believe are holding us back from being the business we truly want to be. Our next phase is looking at the non-negotiable behaviours that are key to us achieving the culture we aspire to and how to make those stick through peer-to-peer influence. One thing is for sure – we won’t look to achieve that by a splashy “campaign” telling colleagues what our culture is and how they need to behave to fit in!
In terms of conduct risk, it’s abundantly clear that poor culture can create unacceptable exposure to poor customer outcomes. At YBS we are clear about our purpose and our values – the cornerstones of a strong, customer-centric business where everyone understands how their day-to-day decision-making can take us nearer to, or further away from, being the most trusted provider of financial services in the UK.
How do you see the role of the operational risk professional changing over the next 6-12 months?
In common with most areas of FS businesses, operational risk as a function is being asked to do more with less (or at least do more with the same). And the threats our organisations face are growing and changing faster than ever before. So doing what we’ve always done and giving the business what they’ve always got before simply isn’t enough.
So operational risk professionals are going to need to become increasingly:
• Strategic – how effectively does our op risk strategy serve the organisational strategy?
• Collaborative – breaking down silos that may be perpetuated by the 3LOD model;
• Clear on our raison d’être: we don’t “do” risk for the business but can be invaluable in supporting incorporation of effective risk management practices into day-to-day operations rather than as part of ad hoc activities.
• Agile and innovative – exploring new ideas and ways of solving problems.
