strategy+business is published by PwC Strategy& LLC.
or, sign in with:
strategy and business
(originally published by Booz & Company)


Getting a Return on Judgment

The financial meltdown showed the limits of bureaucracy. Recovery depends on how well companies adopt the practices of personalization instead.

In retrospect, it’s clear that the heart of the 2008 credit crisis was a failure in risk management. Indeed, the crisis provides a rich context for understanding where risk management goes wrong and how it can be improved. Banks overextended themselves, but the root cause was not individual bad judgment. It was formalization: the institutional bad judgment that comes from habitual reliance on regulations and structures (or, as Max Weber defined it, bureaucracy) to control activity.

Historically, bureaucratic control has had many benefits: It establishes formal rules and procedures that transcend individual idiosyncrasies and traditional orthodoxies. However, it also has many unwanted side effects: It can become overly rigid and specialized, it encourages groupthink, and it can lead to depersonalization and a lack of commitment on the part of employees. Reliance on rules can bring down companies because it inhibits them from taking the right risks in the right way.

That is precisely how bureaucracies failed many of the large investment banks. During the 2000s, the banks developed, with many signatories, multistage procedures to evaluate which risks were worth taking. These procedures were so elaborately defined that, as Andrew Kuritzkes put it, well-intentioned managers could no longer see the forest for the trees. The banks also externalized risk management, relying on expertise and approval from outside parties such as auditors, regulators, and credit-rating agencies. This allowed individuals to detach themselves — legally and morally — from the system in which they were working.

The banks that survived the credit crisis most effectively, such as Goldman Sachs and JPMorgan Chase, had a different approach to risk: personalization. Instead of embracing bureaucracy, they pushed more responsibility to individual decision makers and required them to live with the consequences of their choices. This in turn required a higher quality of insight, greater personal accountability, and a stronger supportive culture for risk management. Gillian Tett of the Financial Times reported about this in January 2008: “Employees [at Goldman] typically view themselves as being affiliated to the bank, not business line, and there is a strong ethos of shared accountability.” Similarly, at JPMorgan Chase, CEO Jamie Dimon has been known to take an active personal role in risk briefings.

Most smaller players, such as hedge funds, also escaped relatively unscathed. This was partly because their decision makers were close to the action, highly knowledgeable, and personally accountable for the outcomes of their decisions. As one leading hedge fund executive commented to us, “We have robust informal systems, we communicate naturally, and we develop our own views on what risks to take. We get a return on our judgment.”

Successful companies in other sectors also have highly developed forms of personalization. In the pharmaceutical industry, for example, firms make high-stakes investments in new drugs all the time. These firms have sophisticated formal systems and stringent external regulations, but in addition they rely on the strong ethical norms and professional standards of the medical community.

Insight, Accountability, and Culture

For us, the importance of personalization became clear in a research project we conducted on risk management in large organizations, beginning in late 2007. We interviewed executives in financial-services, pharmaceutical, oil and gas, mining, and telecommunications companies, and in the public sector, particularly among law enforcement agencies in the United Kingdom. We found that the concept of personalization has great intuitive appeal. Nonetheless, people struggle with applying it in large organizations that rely on formal systems to get work done.

Our research suggests three elements are necessary. Each of them can be fostered through organizational practices.

1. High-quality insight. Effective personalization of risk management requires putting the right information in the hands of those making a decision, and then rapidly transforming that information into insight, based on collective deep experience. The U.K. police force provides one example: When an incident flares up and becomes serious, an employee of any rank can call on a cross-force “critical incident” group to pull together all the available information about the situation and the larger community. Critical incidents are called only occasionally — when the officer’s “antennae” are “twitching” — but they provide an effective way of quickly bringing to bear all the different views on an issue and reaching a thoughtful decision.

Follow Us 
Facebook Twitter LinkedIn Google Plus YouTube RSS strategy+business Digital and Mobile products App Store



  1. Karen Broadhurst et al., “Performing ‘Initial Assessment’: Identifying the Latent Conditions for Error at the Front-Door of Local Authority Children’s Services,” British Journal of Social Work, January 2009 (online version): More about the “critical incident” groups. 
  2. George S. Day and Paul J.H. Schoemaker, Peripheral Vision: Detecting the Weak Signals That Will Make or Break Your Company (Harvard Business Press, 2006): For developing insight. 
  3. David Demortain, “Credit Rating Agencies and the Faulty Marketing Authorization of Toxic Products,” Risk & Regulation, January 2009: Tracing formalization back to one external source.
  4. Alan Gemes and Peter T. Golder, “What Is Your Risk Appetite?s+b, November 30, 2009: An antidote for bureaucracy, through setting a collective goal for exposure.
  5. Gillian Tett, “Anthropology That Explains Varying Banking Behaviours” (registration required), Financial Times, January 18, 2008: Cultural qualities of the major banks that made it through the downturn.
  6. Max Weber, Economy and Society (University of California Press, 1978, translation of the original, Wirtschaft und Gesellschaft, 1956): Source of Max Weber’s definition of bureaucracy.
  7. Karl E. Weick and Kathleen M. Sutcliffe, Managing the Unexpected: Assuring High Performance in an Age of Complexity (Jossey-Bass, 2001): Learning from high-reliability operations.
Sign up to receive s+b newsletters and get a FREE Strategy eBook

You will initially receive up to two newsletters/week. You can unsubscribe from any newsletter by using the link found in each newsletter.