A full discussion of the various issues and causes could fill a voluminous book, but a quick glance at the firm’s governance, risk, and compliance challenges and breakdowns presents an insightful lesson about Principled Performance – reliably achieving objectives while addressing uncertainty and acting with integrity.
An internal management task force report issued earlier this year and focused upon the Synthetic Credit Portfolio debacle (or “London Whale” incident) reveals breakdowns at nearly every turn in GRC systems and processes at J.P. Morgan Chase. Legal charges and settlements stem from intentional understatements of losses in the portfolio, manipulative trading, and insufficient internal controls. The 130 page internal report reveals deeper breakdowns at nearly every level of GRC: a lack of alignment on risk tolerance, conflicting objectives, insufficient validation of the risk valuation models, failure in oversight responsibilities, inadequate and unqualified resources, undisclosed conflicts of interest, insufficient independence and empowerment of internal watchdogs and a culture of fear as it relates to the personal consequences of financial loses to the firm. This situation will almost certainly become a standard textbook discussion on how GRC failures can lead to catastrophic results.
The importance of taking a holistic view of Principled Performance screams out from the pages of the task force report. J. P. Morgan Chase had in place many of the elements of a GRC capability, a key aspect of Principled Performance: risk management infrastructure, various levels of oversight and approvals, committees with defined responsibilities and reporting requirements, internal auditing, etc. However, there were serious design gaps and failures in execution that opened the door to the resulting loss and financial misstatement. These gaps and failures point to a granular approach to GRC that overlooked the breadth and diversity of factors that could lead to misconduct. It is critical that organizations, at whatever level of size and complexity, look at Principled Performance and GRC as a whole across the enterprise and ensure that the various elements are designed properly and also are functioning effectively.
Let’s hope, for the sake of investors, employees and other stakeholders, that J P Morgan Chase has learned this lesson. CEO Jamie Dimon recently announced that the firm would be adding 5000 additional control staff, including 3000 to work at the bank’s corporate level on legal and regulatory matters and 2000 to be assigned to the effort within the business units. This represents a 30% increase in control staff and part of a $1.5 billion increase in spending to manage risk and comply with regulations.
Similar to Congress’ natural reaction to make more laws when there is a serious fraud on the public, throwing resources at a specific compliance issue seems to be the reaction of companies finding themselves in hot water with regulators. On the other end of the spectrum, the firm has also created a Risk Governance Committee to “focus on risk governance and other policy matters, risk analytics, model governance, Basel/Regulatory issues, risk appetite and updates to Firm-wide risk programs in the areas of compliance, liquidity and operational risk.” Maybe this committee, composed of senior leaders will take on the task of evaluating the overall GRC system. Though it is interesting to note that the most senior leadership, including the CEO, CFO and CRO, are part of another committee, the Firm-wide Risk Committee, which seems to have responsibility for day-to-day tactical management of risk. From my perspective, this seems a bit backwards.
Without the foundational design of a system to promote Principled Performance and execution of related GRC processes as designed, an additional 5000 people and $1.5 billion will not prevent recurrence of the type of issues arising in the London Whale case, or any of the other serious issues J. P. Morgan Chase has encountered.