What's Hot

Nassim Nicholas Taleb's blog, an inspiring read | Incerto

Monday, January 22, 2018

Ethics in Risk Culture

In our previous blog on the outstanding attributes of a solid Risk Manager [LINK], a few practitioners have asked me various questions about Causal Capital’s 'Grid of Permissibility', and so I thought it prudent to delve into a couple of slides in more detail.

The Grid of Permissibility
The Grid of Permissibility or GOP as we shall refer to it, allows risk managers to assess a business unit’s risk attitude or processing activity from an ethical standpoint. We assign the result of each culture assessment to one of four states and I would be interested to hear from practitioners on other states risk managers or compliance officers should consider but as it stands, the four culture positions are ...

[1] An activity is fully permissible straight out of the box.

[2] Activity is permissible but requires attention or approval from the risk management unit or compliance team.

[3] An activity is permissible if it is approached in a specific way taking in a risk appetite or control limit.

[4] An activity has an immediate conflict with a firm’s goals or has direct negative social and regulatory implications and should be avoided.

Grid of Permissibly | Causal Capital

The approach is simple to apply, and for a change, we aren’t going to dive into any modelling techniques in this posting. Although, it is possible to develop Culture Score Cards for a business unit based on its GOP feedback and if there is an interest in doing this for our clients, I will pull together the necessary bits and bobs to score and report how effective a Risk Culture is after it has been assessed.

As a risk manager, you hear about Corporate Culture as being one of the biggest soft or human factors that drives risk failures all the time, and there are plenty of examples to demonstrate what we are referring to here. The Global Libor Rate scandals in the UK, US, Japan and even down under in Australia OR the Control Failures of Deepwater Horizon and BP’s blowout disaster OR the cross-selling fiasco at Wells Fargo OR the Volkswagen emissions Scandal and so on ... Each year, numerous players large and small fall foul of regulators and governments over ethically questionable business practices and the outcome can be catastrophic with huge penalties or even loss of licence to trade. 

GOP Exercise | Causal Capital

Risk Managers talk about the tone at the top all the time but rarely do they assess such ethical dilemmas, nor do they attempt to identify whether these unfastened tones at the top translate into potential incidents as one moves from the executive teams into the line manager space. I would go as far to say that many presentations I have reviewed on Corporate Culture are fluffy, empty, obvious, innocuous and not very useful. However, please do feel free to share any links we me to prove that statement wrong.

Anyway, back to our 'Grid of Permissibility'. The concept under GOP is simple; Risk teams start out by identifying the principal risks a business faces as employees go about their daily endeavours. Then they develop a set of ethical questions that are put to business unit staff which interrogate corporate professionalism and ethical responsibility. A great example of these activity questions can be seen above in a small sample of our Front Office wealth management question set.

Theoretically, if a business unit has Stable Moral Standing, different individuals or teams (the exercise works best with teams) should select the same grid position for each of the activity scenarios they are questioned on. In our example above you can see the pink group are more risk adverse or ethically conservative than say the yellow team.

Is this a good thing?

It's a concern that needs to be noted, and it says to me that the business unit being assessed is made up of actors which don’t converge on their thinking around ethical boundaries, and that is potentially a breeding ground for conflict or rogue outcomes. If one thinks it through, a business team that converges, ethically speaking that is, chances to be more harmonious and standardised, neutral if you prefer from a Risk Culture Perspective.

I welcome your thoughts on our GOP and in the coming months ahead, Causal Capital is going to enhance this system so that it can be used to assess the culture in many different corporate settings. We also include this GOP study and the associated score card reporting methods in our Auditing Culture Workshops but more on that at another time.


  1. good play/game/discussion approach. I am missing, what are the "scales" of the 2x2 - and could other scales be used to put nuances to the game.

  2. Hans, thanks for your message.

    The grid is simple to apply ---> There are basically four key positions someone can place each of their specific business scenarios into, as shown in the picture. Although, some teams put their business scenarios on the border between one zone and another.

    What we are trying to establish here is whether different staff have the same ethical outlook for various uncertainties their business unit faces.