Promoting EDI is more than a cause, it should be managed as a risk



Promoting greater equality, diversity, and inclusion (EDI) within the financial services industry (and society more broadly) is seen by many as an important social and moral cause that everyone should believe in. While well intentioned, approaching the challenges of EDI primarily through expressing and spreading belief in their importance will be limited in impact. The toolkit of risk management should be used to bring the structures required for actions that bring about sustained results.
There are many reasons why EDI should be a priority for organisations. These include:
- Considering a more diverse, and hence broader, range of people to recruit and develop, enables organisations to make the best use of potential to deliver goals; studies show that diverse organisations have better performance1.
- A broader range of life experiences and perspectives can help organisations better understand and serve customer needs and better identify and manage risks2.
- Arguments that it brings about greater social justice.
To make the most of these benefits, organisations must promote inclusion and an environment of ‘psychological safety’ where people can speak up and share ideas, questions, and concerns.
Both individual and organisational efforts to express and spread belief in the importance and value of EDI have not been sufficient to address challenges across the financial services industry3. Adding urgency to the need to act, the Financial Conduct Authority (FCA), Bank of England (BOE), and Prudential Regulation Authority (PRA) have articulated expectations in a recent discussion paper: DP21/2 ‘Diversity and inclusion in the financial sector – working together to drive change’.
Organisations do not approach other priorities by cultivating belief in their importance and then expecting results to flow from this. For example, firms do not rely on passion for profit to deliver financial performance; instead, firms define responsibilities, metrics, and targets to achieve financial results and have approaches in place to hold individuals and teams accountable for these.
So, how should firms best manage EDI?
Methods used for non-financial risk management can be used to significantly improve EDI and demonstrate compliance with the proposals under discussion by UK regulators. The methods also have the advantage of being familiar amongst financial services organisations and regulators, and therefore relatively simple to implement and evidence.
1. The first step is to define EDI within a risk taxonomy. Equality, diversity and inclusion risk should be considered sub-risks within people risk. In particular, the risks that the organisation:
a. does not recruit and develop talent from diverse characteristics
b. excludes some staff from fully participating
c. does not treat staff in line with equality legislation and regulations
At a superficial level, this might appear to hide EDI in the detail of people risk. However, as required, deep-dive assessment of EDI risk can be reported to senior management and Boards. This is important given that both DP21/2 discusses the importance of Board accountability and looks set to increase the extent of disclosable information.
2. The next step is to scope the key EDI risks. This is best performed through mapping the risks against the employee lifecycle, for example considering the most material risks during recruitment, development, performance management, and reward and recognition of staff. DP21/2 increases the importance of clear articulation of accountability and responsibility for improving EDI; the organisation should consider who are the appropriate people to own and manage risks at different points in the employee lifecycle.
3. Then risk and control assessments can be conducted adopting standard approaches, such as through a firm’s RCSA:
a. Consider the ‘inherent risk’ of EDI concerns (i.e. what would happen if the organisation did nothing to improve EDI)
b. Identify key controls (or initiatives) relating to EDI (e.g. remove names from CVs reduce risk of unconscious bias)
c. Assess whether controls are designed and operating effectively (e.g. are names actually being removed from CVs)
d. Assess the ‘residual risk’ (i.e. taking into consideration the controls and initiatives in place)
e. Engage representatives from Employee Resource Groups (e.g. LGBTQ+ network) to participate in, and challenge, risk and control assessments
Significant value comes in using the residual risk scores to inform the business case and prioritisation of actions to improve EDI and to secure organisational resources to deliver the best results.
4. Organisations should set targets for EDI that are, to quote DP21/2, “stretching enough, with a defined timeframe, to contribute towards meaningful change”. To mitigate against progress waxing and waning as personal passion ebbs and flows, these targets should be embedded within the scorecards of senior management and impact their compensation (as is the case with other risk factors).
5. Key Risk Indicators (KRIs) should be developed to monitor both the effectiveness of initiatives in contributing to these targets, and to identify emerging areas of concern. For example, is a specific training intervention more effective than another, and are people with a particular characteristic facing more EDI challenges.
As far as both meaningful and possible, these KRIs should consider reporting against the protected characteristics defined in the Equality Act 2010.
6.Such an EDI framework above can be articulated in policy (in line with DP21/2 expectations). The framework can also be linked to different external schemes to support the organisation in providing evidence for accreditations. The framework and its operation can also be subject to reviews by Internal Audit to identify areas for improvement.
Personal connection and empathy are, of course, critical for the effective application of EDI best practise. Leveraging established risk management tools can enable a holistic and structured approach that channels individual passion to deliver results for an important and urgent cause.
1“Geyfman et al. (2018) find that gender diversity on US bank Boards positively influences performance outcomes without affecting bank risk, which, the authors say, ‘reinforces the notion that diverse banks are not assuming greater financial risk to generate higher returns’”. Referenced within https://www.fca.org.uk/publication/discussion/dp21-2.pdf
2Arnaboldi et al (2020) examined the fines received by EU banks from US regulators. They found that greater female representation on the Board significantly reduced the frequency of misconduct fines, with female directors more influential once they reach a ‘critical mass’. Wilson and Altanlar, in a wide ranging study of mainly SMEs, found compelling evidence that more gender diverse Boards reduce insolvency risk. Referenced within https://www.fca.org.uk/publication/discussion/dp21-2.pdf
3Demonstrated in https://www.lse.ac.uk/News/Latest-news-from-LSE/2021/j-October-21/Greater-transparency-on-pay-and-promotions-needed-for-Black-professional-women, https://fticommunications.com/wp-content/uploads/2021/10/Reboot-Race-to-Equality-UK-Financial-Services-Report-2021.pdf, https://www.fca.org.uk/publication/discussion/dp21-2.pdf, https://www.ft.com/content/239c95cc-d34f-43e9-a61e-faa7954277b6