Why organisational culture could be your biggest risk management blind spot
4 min read 9 October 2023
The world has changed dramatically in the past few years. We have faced unprecedented challenges and disruptions. A global pandemic that disrupted supply chains, work patterns, and customer expectations. A volatile geopolitical landscape with new threats like cyber-attacks, Russia’s war in Ukraine, and more.
Despite these changes and increased volatility, many financial institutions’ (FIs) risk management functions and operating models haven’t evolved with the times. To us, it feels like many risk management functions are stuck in the 20th century. Banks are still focused on the same problems they were decades ago.
When we ask Chief Risk Officers (CROs) what they are worried about, they usually mention specifics like geopolitical risk, credit risk, and cybersecurity risk. But their biggest blind spot is often the most important factor that influences how these risks are managed: culture.
Post financial crisis, we saw many organisations embark on efforts to embed more holistic risk culture programmes. The problem is that many FIs treated this as a one-and-done exercise, when culture should be a constant evolution.
Cultural changes made once over a decade ago aren’t enough to address today’s very different world and risk climate. In our view, it takes 100 silver pellets, not just one silver bullet. To survive and thrive in a constantly shifting risk landscape, FIs need to build a risk culture that is comprehensive, integrated and agile. A risk culture that enables them to identify, assess, and respond to emerging risks effectively.
How can FIs achieve this? Here are some strategies that can help:
- Risk awareness and education: Train your employees regularly on different types of risks and how to handle them. Make sure they understand the impact of their actions on the overall risk profile of the bank.
- Risk ownership: Each department should take responsibility for understanding and managing the risks (and blind spots) associated with their operations, fostering a sense of accountability.
- Cross-functional collaboration: Encourage collaboration and communication across different departments and risk functions with a culture of kindness which is essential for operational efficiency.
- Incentives and performance metrics: Recognise and reward employees that contribute to a more integrated approach to risk management. Ensure that risk management objectives are embedded into performance evaluations.
Final thoughts:
Creating a good risk management culture is not enough. You also need to maintain, nurture, and improve it over time. You need to keep the conversation going among your colleagues, learn from each other, and challenge your assumptions.
Pre-pandemic we used to be office-based five day a week. That just doesn’t happen anymore. How do you ensure that your conversation is global, not just within four walls? How do you keep the lines of communication open, encourage collaboration and openness – not just across functions but within them – when this is your new reality? It’s going to take more creative thinking to shape the culture you need to manage risk in today’s world.
We hope that after reading this piece, you open dialogue with the people around you; talk to your colleagues, learn what they’re doing, what they’re worried about, and see if there are opportunities to challenge your risk culture.
Our Experts
Related Insights
Navigating Australian financial services regulation
Australia’s financial services companies face a wave of new regulations requiring a strategic approach.
Read moreWhy banks fail
After a decade of relative calm, a series of sharp and sudden failures hit the banking industry hard. They’ve prompted many post-mortem analyses, discussions, and regulatory recommendations. But are other institutions really taking the lessons learned to heart?
Read moreHow do super CROs navigate the double-edged sword of AI?
Explore how AI is transforming risk management for superannuation funds and the strategies Chief Risk Officers are using to navigate the complexities of the modern financial landscape.
Read moreFour steps to comply with the updated BCBS239 regulations
Banks have spent millions on BCBS239 compliance, but they aren’t yet in the clear. In case you missed it, the ECB recently published new guidance that updates the decade-old regulation. Here are the four actions that we recommend firms take to meet the latest BCBS239 rules.
Read moreAre digital and AI delivering what your business needs?
Digital and AI can solve your toughest challenges and elevate your business performance. But success isn’t always straightforward. Where can you unlock opportunity? And what does it take to set the foundation for lasting success?