Whilst KYO is a new term, you are already being asked to meet KYB obligations. Recent questions asked by regulators, auditors and stakeholders relate to a growing trend requiring directors and executives to “Know Your Organization” to a deeper lever than ever before. Based on global research, meeting with regulators, auditing firms and financial institutions across the world, we have identified KYO to be a critical part of compliance, culture, and strategy for financial institutions.
The Australian Banking Royal Commission is part of a global reform of financial institutions and how they are managed. The RC lifted the bar on board and executive accountability. It led to the removal of CEOs and Chairs of 4 institutions. In India, several CEOs were moved on by regulators. In Europe, banks must prove that tens of thousands of risk controls are up to date and enforced. We are seeing a trend across the globe from Governments enforcing change on banking.
KYO has evolved as a response to this global change. Existing systems and procedures do not have the capacity to meet increased expectations around risk, compliance, governance and culture. These existing systems are inadequate in supporting management to deal with digital disruption. What we have relied on to protect boards and executive management from liability such as traditional policy management, risk management and performance monitoring are no longer enough.
To understand what KYO is about, it is important to understand how deep rooted the change that is occurring. Businesses are moving from macro to a meso management styles. This is a style between micromanaging and macromanaging a business. Where the top echelon of management focuses on the importance of the structures which drive the business and how to measure the effects of changes in these structures. This is in response to regulators evolving from macro prudential to meso prudential regulation.
Take for instance, Commonwealth bank who received a $700m fine for a money laundering breach from automating deposit taking through ATMs. The macro management focus was on cost, ROI and ensuring that it met compliance requirements. The exposure was from management being unaware of the impact of changing structures within business. There were no processes in place to measure the impact of structural changes. Organised crime was taking garbage bags full of cash to ATMs that did not raise any red flags, where if they went to a teller with a garbage bag full of money, alarm bells would be ringing. KYO would have picked up the outlier and alerted senior executives that there was a problem and this is why KYB will become increasingly more important to management.
KYO is about augmenting management through use of technology. The activities behind Wells Fargo account fraud scandal, Commonwealth bank’s money laundering breach, JP Morgan’s $6bn London Whale Loss would have been picked up as outliers and alerted to senior management. The problem today, is that three lines of defence risk management and many of the processes we have built into our organisations were designed for a manual era. We are investing millions in automating manual processes instead of rethinking how we do things differently with today’s technology. This is why KYO is different.
KYO may seem ominous, but it is also an opportunity. There is no doubt that the better executives understand their business, the more likely it is to perform. KYO will solve several frustrations for executives who struggle to get a feel for the business with the reporting they receive. Look at KYO as an opportunity and a positive change to management styles.