In any organisation, formal rules designed to achieve an outcome (such as compliance) are underpinned by informal rules and values. If those informal rules and values are not consistent with the formal rules and staff do not follow the formal rules the outcome will not be achieved.

An article in the NY Times recounts how Bernard Madoff’s bank did not report his suspicious activity because of “a huge bureaucracy where employees stuck to their own silos and did not communicate well with others. … Many people simply filled out and filed forms, oblivious to what those forms might, or might not, indicate.”

The article goes on:

“… JPMorgan had a requirement that a “client relationship manager” certify every year that each client complied with all “legal and regulatory-based policies.” This was no doubt viewed as a tiresome and routine requirement, both by the bankers who did the certifying and by the people in the compliance department who collected the certifications.

“In March 2009… the Madoff relationship manager “received a form letter from JPMC’s compliance function asking him to certify the client relationship again.”

Evidently, whoever sent out that letter did not read it after a computer generated it. Or perhaps that person had somehow missed the report that Mr Madoff had been arrested on Dec. 11, 2008.”

Whether the failure to check out suspicious activity was based on a desire to protect fees or because of mis-placed trust or because of negligence, the formal rules were ignored and were ineffective.