Why Penn Mutual Combines Ethics and Risk Management Together
My job title is a strange one: Chief Ethics and Risk Officer. I don’t know of anyone else with this title, combining ethics and risk management together, but I think it makes sense on many levels. It certainly fits the way we work here at Penn Mutual perfectly.
Penn Mutual is a life insurance company, and the life insurance industry is different from other industries. We don’t manufacture a physical product or perform a service for our clients that is one-and-done: We make promises for a living — promises to take care of families in the event of tragedy. That’s what we at Penn Mutual call the noble purpose of life insurance, and that alone gets us pointed in the right direction when it comes to creating an ethical culture. Ethics really are part of our business model, not something we are trying to bolt on as an after-thought.
Penn Mutual is also mutually owned. Like all companies, we work in the best interests of the owners, but, as a mutual company, our owners are our policyholders. Publicly traded companies have a split objective of serving the sometimes conflicting needs of both clients and investors. Maybe it’s the risk manager in me, but having our incentives aligned to serve our policyholders eliminates possible conflicts of interests and makes my job as an ethics officer an easier one.
It all comes back to our company strategy. In 2010, we rolled out our 10-year strategy, which was not just a numerical exercise with sales, revenues, and profit measures. We decided that our strategy was to be known for five things by 2020, including our commitment to the noble purpose of life insurance and, as the foundation, working together in a values-driven and relationship based culture.
Ethics and compliance need to be embedded in our culture, connected to our strategy, integrated into our processes and practices — not a separate program. Our ethics and compliance program, therefore, is values-based, not rule-based. Our code of conduct, policies, and education are expressed in terms of our values, behaviors, and language. To ensure that everyone understands the importance of this, we modified our compensation/performance framework to focus on two attributes — the ‘what’ and the ‘how’ — which we treat equally at Penn Mutual.
This is carried through to the way we communicate and educate our people. We have folks who are peers of the people we’re training stand up, roll out a policy, and give examples from their own work experience. I think that if you have a Chief Ethics Officer or someone from HR lecturing on policy, it won’t be effective. A peer leading the training will better understand the issues their colleagues experience in their work and can address concerns in concrete terms.
Our risk management practice is similarly predicated on our strategy. In fact, we have defined risk as any potential deviation from strategy.
One of the things that risk managers have a tough time talking about is operational risk. Companies like Penn Mutual face many different types of risk. One type of risk is financial or balance sheet risk, and it’s very numbers-based. It’s easy to measure financial risk, and there is a lot of very fancy mathematics to manage it. But often what gets lost is the bigger risk of operational risk. This is where my role as an ethics officer comes in. Operational risk and ethics are both about how people perform and how people make choices in performing their job. Our ethics program sits inside our operational risk framework. Again, I love this sort of alignment because, by bringing different disciplines together, it results in a very streamlined and self-reinforcing approach.
I’m not sure that I would advocate that all companies adopt a similar approach — to combine risk and ethics together as a single function. It works for us, but it may not be right in all circumstances. Even if the risk officer and ethics officer are not the same person, they still need to work closely together, because risk and ethics really do go hand-in-hand.