July 2022

It’s long been known that culture drives behaviour, but recent years have seen an explosion of interest in the links between culture and risk among academics, investors, regulators and the public. This has only been reinforced by the environmental, social and governance (ESG) agenda and its emphasis on good governance.

In the banking industry, weak culture has been linked to many historic incidents of loss or fraud. That has led European banking supervisors to increase their focus on risk culture. De Nederlandsche Bank (DNB), which began assessing banks’ behaviour and culture in 2011, was a pioneer in this area.

Today, questions about culture are increasingly integral to banking supervision, for example when assessing the strength of governance and risk management. Most notably, culture audits by specialised supervisory teams are becoming more frequent. These audits can target systemically important banks, or institutions where past incidents have raised questions over culture, but may also reflect thematic topics such as decision-making or customer centricity.

Culture audits aim to generate discussion, share best practice and enhance other supervisory activities. Audit teams typically look for evidence that diverse views are being aired, that those voices are heard, that robust debate is taking place and that leaders are open to challenge. They make use of staff surveys, supplemented by interviews with leaders, key individuals, and second line professionals. Reviews of board minutes are common. Supervisors may also sit in on board meetings to better understand board dynamics and culture.

Fortunately, banks don’t need to wait to be audited before thinking about their culture. There is a powerful business case for a strong risk culture. Risk culture underpins banks’ hard and soft controls, and determines how employees deal with risks — both individually and collectively. Research shows that a good risk culture can deliver:

  • A reduction in the frequency of fraud and theft compared to organisations with weak risk culture;
  • An increase in internal incident reporting;
  • An improvement in financial performance;
  • An enhancement in the ability to innovate;
  • An improvement in staff engagement and retention; and
  • A strengthening of brand reputation.

These benefits are encouraging banking leaders to take greater ownership of risk culture. Key steps include setting out a clear vision, actively seeking to measure culture, and initiating concrete initiatives for improvement. Managing and supervisory boards increasingly see a strong risk culture as vital to implementing purposeful strategies that create value for all stakeholders.

Banks may feel that culture is a vague concept, but it can be monitored and managed. KPMG’s practical and scientifically validated methodology provides a real-world framework. Based on research into 150 business case studies, the methodology can identify eight measurable dimensions that have a real or potential effect on risk behaviour. These range from clear expectations and transparency to employee support, the openness of debate, the willingness to report misconduct, and effective rewards and enforcement.

This methodology gives banks a powerful tool for helping to assess the strength of their culture, identifying weaknesses and their causes, and achieving tangible improvements. It also provides a framework for identifying valuable steps institutions can take to help strengthen risk culture, such as surveys, benchmarking, training or the use of dilemma apps. In addition, strong overlaps with the ECB’s approach to culture and behaviour mean that KPMG professionals’ approach can help banks prepare for supervisory audits.

In short, banks today cannot afford to overlook the importance of culture. The good news is that risk culture can be assessed, monitored and improved using proven methodologies, allowing banks to build internal confidence in their behaviour — and demonstrate their commitment to external stakeholders.