In the current environment, risk management is more important than ever for banks. And risk culture is at the heart of effective risk management.
Risk culture is a key part of a bank’s overall culture and can be defined as the collective set of behaviours and actions that drive an organisation’s response to identifying, assessing, and managing risk.
"Having the appropriate risk culture is paramount in ensuring that firms can identify emerging risks but also minimise the likelihood of any existing risks crystallising, in an ever-changing operating environment."
Bank of England
Poor risk culture has been cited as the root cause of major conduct failings (Bank of England Staff Working Paper No. 912). On the flip side, a strong risk culture plays a crucial role in supporting an organisation’s financial and operational resilience, can drive good risk decision-making, and reduces the risk of misconduct and regulatory action. Recent research by the Bank of England has even shown a direct correlation between good risk behaviours and positive risk outcomes , which ultimately can improve financial performance and drive good customer outcomes and support market integrity.
"If culture is so crucial, then it needs to be managed. If it needs to be managed then it needs to be measured."
Financial Conduct Authority
The question then becomes, how do you know if you have a ”good risk culture”? Organisations have always struggled to quantify a ‘soft’ concept like risk culture. However, measuring it is beneficial, as it helps expose any warning signs and identify where issues may lie.
By proactively identifying weaknesses, banks can take action to transform their culture. Regulators are also increasingly expressing interest in this area. For example, the Australian Prudential Regulation Authority (APRA) has defined an approach to assessing risk culture and set regulatory expectations.