Why organisational culture could be your biggest risk management blind spot

The world has changed dramatically in the past few years. We have faced unprecedented challenges and disruptions. A global pandemic that disrupted supply chains, work patterns, and customer expectations. A volatile geopolitical landscape with new threats like cyber-attacks, Russia’s war in Ukraine, and more.

Despite these changes and increased volatility, many financial institutions’ (FIs) risk management functions and operating models haven’t evolved with the times. To us, it feels like many risk management functions are stuck in the 20th century. Banks are still focused on the same problems they were decades ago.

When we ask Chief Risk Officers (CROs) what they are worried about, they usually mention specifics like geopolitical risk, credit risk, and cybersecurity risk. But their biggest blind spot is often the most important factor that influences how these risks are managed: culture.

Post financial crisis, we saw many organisations embark on efforts to embed more holistic risk culture programmes. The problem is that many FIs treated this as a one-and-done exercise, when culture should be a constant evolution. 

Cultural changes made once over a decade ago aren’t enough to address today’s very different world and risk climate. In our view, it takes 100 silver pellets, not just one silver bullet. To survive and thrive in a constantly shifting risk landscape, FIs need to build a risk culture that is comprehensive, integrated and agile. A risk culture that enables them to identify, assess, and respond to emerging risks effectively. 

How can FIs achieve this? Here are some strategies that can help:

• Risk awareness and education: Train your employees regularly on different types of risks and how to handle them. Make sure they understand the impact of their actions on the overall risk profile of the bank.
• Risk ownership: Each department should take responsibility for understanding and managing the risks (and blind spots) associated with their operations, fostering a sense of accountability.
• Cross-functional collaboration: Encourage collaboration and communication across different departments and risk functions with a culture of kindness which is essential for operational efficiency.
• Incentives and performance metrics: Recognise and reward employees that contribute to a more integrated approach to risk management. Ensure that risk management objectives are embedded into performance evaluations. 

Final thoughts:

Creating a good risk management culture is not enough. You also need to maintain, nurture, and improve it over time. You need to keep the conversation going among your colleagues, learn from each other, and challenge your assumptions.

Pre-pandemic we used to be office-based five day a week. That just doesn’t happen anymore. How do you ensure that your conversation is global, not just within four walls? How do you keep the lines of communication open, encourage collaboration and openness – not just across functions but within them – when this is your new reality? It’s going to take more creative thinking to shape the culture you need to manage risk in today’s world.

We hope that after reading this piece, you open dialogue with the people around you; talk to your colleagues, learn what they’re doing, what they’re worried about, and see if there are opportunities to challenge your risk culture. 

If you’d like to learn more about how Baringa can help assess your risk framework and operating model and drive the change needed to transform your risk culture, please get in touch.