Risk culture and supervision: beyond the box-ticking exercise, striving for fair balance

Since the 2008 crisis, the financial sector has been under scrutiny. Identified as one of the crisis root causes, the importance of risk management framework and risk culture and its interconnectedness to ensure the long run financial stability of each organisation has been revealed. Accordingly, institutions are expected to develop an effective risk management framework and a sound risk culture.

The increasing focus on these topics as well as their relevance for regulators at global level are testified in the Financial Stability Board (FSB) consultative document – Guidance on Supervisory Interaction with Financial Institutions on Risk culture: A Framework for Assessing Risk culture, issued in November 2013. “An anticipatory and strategic approach to supervision rests, among other things, on the ability to engage in high-level sceptical conversations with the board and senior management on the financial institution’s risk appetite framework, and whether the institution’s risk culture supports adherence to the board-approved risk appetite.” 

Risk management framework and risk culture: The virtuous circle

The risk management framework is the combination of elements that encourage and maintain risk management throughout an organisation. It includes risk management policies, objectives, commitments and organisational arrangements (plans, accountabilities, processes and tools).

Risk culture, on the other hand, is the set of norms and behaviours that determine the way in which individuals and groups identify, understand, discuss and act on risks. By influencing actions and decisions, risk culture is a powerful driver to support the implementation of a robust risk management framework.

A sound risk culture does not only provide financial institution staff with guidance for their own behaviour, but it also encourages them to challenge and be part of the risk management decision-making process. Implementing an effective risk management framework requires a sound risk culture, which ultimately benefits from a robust risk management framework, thus triggering a virtuous circle.

Risk culture supervision: Avoiding the box-ticking trap

Risk culture is not a quantitative or tangible element that can easily be assessed and quickly implemented. It is a behavioural concept. Developing and communicating a sound risk culture requires time and methodology as recognised by the Institute of International Finance (IIF): “Good risk culture is easy to articulate, hard to execute and requires ongoing attention, even when the starting point is acceptable. Cultural change programs are extensive and require persistence over significant time to be successful”.

[pukka_pullquote width=”300″ txt_color=”#ffffff” bg_color=”#2d2d2d” size=”24″ align=”left”]“Good risk culture is easy to articulate, hard to execute and requires ongoing attention, even when the starting point is acceptable. Cultural change programs are extensive and require persistence over significant time to be successful” The Institute of International Finance.[/pukka_pullquote]

Capitalising on a common base of successful practices, behaviours and attitudes which already exists might be an option. However, adopting a tailored approach to each institution’s organisation and complexity is the most appropriate way to ensure successful risk culture embeddedness.

Regulatory bodies have taken up this challenge and started building guidance to supervise risk culture. The consultative document issued by FSB in November 2013 exposes a list of four indicators that can provide evidence on the soundness of a risk culture: tone from the top, accountability, effective communication and challenge, and incentives. However, it is specified that this is a non-exhaustive list, and that there are several indicators or practices that can be indicative of a sound risk culture.

Based on the different recommendations and practical examples introduced in the guidance, supervisors or commissioned independent advisors are now able to identify areas for improvement related to risk culture and respectively ask for or suggest corrective actions.

However, can risk culture or any culture at all be captioned through a prescriptive framework? This is one of the issues raised by the Institute of International Finance (IIF) along with the Global Financial Markets Association (GFMA), in their response to the FSB Guidance.

IIF and GFMA commented that the risk culture indicators might tend to be prescriptive, reducing the flexibility required by risk culture assessment. Risk culture is not a static object. It evolves according to each financial institution’s specificities including its economic environment. A less    compliance-driven and more flexible framework to assess risk culture practices may encourage financial institutions to define and promote their own risk culture.

Adopting a 360° style to manage risk culture

Risk culture is a nascent field from a regulatory point of view and best practices are constantly emerging to address it. The IIF-GFMA response suggests for instance that the tone from the top indicator is important but not sufficient to ensure a sound risk culture. Tone at the middle should be emphasised because the middle management usually transmit the day-to-day messages and expected behaviours agreed at top management level. Compensation practices are also a powerful driver for developing a robust risk culture. Finding the fine balance between sanction and reward while focusing on good behaviours might be worth exploring. The IIF legitimately stresses that: “Ultimately, the essence of risk culture is that it is motivated not really by awards or fear of consequences, but by internalization of an organisation’s values such that individuals naturally align themselves with those values”.

However, it should be mentioned that proposing enough incentives for good behaviour in the present should not prevent financial institutions for implementing and developing a sound risk culture in depth in the long run.

Enhancing risk culture supervision, a collaborative approach

Supervisors and business advisors benefit from a unique point-of-view through their reviews of risk culture in the financial sector. Their insight could be precious for building a culture assessment guidance that could reconcile business needs and specificities as well as supervisors’ expectations. Publishing more case studies and best risk culture practices across the financial services industry could be very helpful for organisations to grasp more precisely how to practically improve their risk culture.

Financial institutions experience on the front line the necessity of a sound risk culture and its operational implications. They should be more actively involved in that area and invited to share their experience through the development of a collaborative relationship with their own regulators.

A collaborative approach among regulators, business advisors and financial institutions could be a key factor in ensuring organisations are able to develop and communicate a sound risk culture.