Did General Motors make a series of bad mistakes in its handling of ignition switch problems on certain vehicles, as well as its handling of recalls? The Detroit automaker has now recalled more than 20 million vehicles worldwide this year, a continuous stream of recalls that has kept the bad news in the headlines. Also, investigations have focused on internal problems that caused the company to keep making vehicles without fixing known problems, according to news reports.
What can we learn from the way General Motors has handled the ignition switch issue?
As described in the investigative report, GM executives adopted a decision process forever identified as the “GM nod,” where everyone would nod in agreement with a proposal and then leave the room without having established responsibility and accountability for the decision made. The lesson for any company is to insist, from the top-down, on responsibility and accountability. By comparison, Alan Mulally famously reformed Ford’s culture to reward those who accurately reported risks and mistakes and took responsibility. The results have showed up in quality of the products of each company and the perception of these companies in the market. These lessons can certainly inform management at banks, particularly with regard to the bank’s risk culture. The first line of defense in any bank to managing risks is in the line of business itself, which should be held accountable by senior management and the board of directors for appropriately identifying and mitigating risks. This should not be left to the auditors, examiners, and risk managers to instill risk management discipline.
—Cliff Stanford, Alston & Bird LLP
A slow reaction to a problem can result in more than just a bad day in the office. The biggest headline was not the recall. The media focused on the fact that General Motors knew about the problem long before the recall and failed to react resulting in lawsuits, congressional hearings and calls for boycotts, all of which have negatively impacted the automaker’s reputation and bottom line. Bankers should take notice of such missteps in responding to potential cyber-attacks launched at their institutions. It is not enough to simply have security measures in place. Directors also need to ensure that their institutions have proper response policies to react quickly to minimize potential damage to customers and to take corrective measures to address the cyber-attacks head on. Failing to respond in a timely manner can result in more than just a few angry customers and can expose the banks to regulatory and legal penalties.
—Christian Gonzalez, Dinsmore & Shohl LLP
It appears there was little enterprise risk management stressed and in place at General Motors. The General Motors situation has taught us the need to encourage/require employees at any level of a bank hierarchy immediately to report problems so that material issues can be handled and solved by executive management with reports, if necessary going to the full board. Bank employees must not hide material issues. When discovered, the issues may lead to very embarrassing situations for the bank and its parent.
—Bob Monroe, Stinson Leonard Street LLP
GM probably learned a few lessons from the experience of the banking industry and was more prepared to navigate the horror of becoming a public whipping boy. When something has gone terribly wrong inside a large organization, it’s terribly important to get on top of the facts as soon as possible. And that’s not easy. To avoid embarrassment and compounding the problem, you have to resist the temptation to speak before you have assembled the facts. Measure your statements carefully, and support them with facts identified by an investigation by an outside firm and reported to the board or committee of the board charged with overseeing the investigation. [CEO] Mary Barra deserves serious praise for her authentic brand of leadership in the midst of a corporate crisis.
—Mark Nuccio, Ropes & Gray LLP
The GM ignition switch debacle is nothing new and merely underscores a series of well-known precepts that directors should internalize as official bank policy. Playing ostrich never works. Problems must be faced, not ignored in the hope they will disappear. Cover-ups never work either. The underlying problem always comes to light, and the consequences in terms of reputation risk, regulatory risk, and legal risk end up being exacerbated, and any judgments and penalties enhanced. When an issue is identified by any employee, including even the lowest level employee, steps must be taken by management promptly to investigate the issue and, if it is significant, bring it to the board’s attention and implement a strategy to address it. The board should have a crisis management policy in place for handling really serious issues; this will entail assembling a team of specialists to handle the public relations, compliance, security, IT, and legal components of the problem, including where necessary, an internal investigation.
—Keith Fisher, Ballard Spahr LLP