error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content
Submit RFP

      Leading organisations are moving away from rigid, prescriptive controls; today's dynamic markets and complex macroeconomic landscape demands a more agile and risk-based approach. This shift presents an opportunity for banks to move beyond a compliance-driven mindset to embrace a culture of controls that prioritises efficiency, effectiveness, and proactive risk management.

      From Prescriptive to Outcome-Based: A New Era of Risk and Controls

      Regulation has traditionally been regarded as prescriptive, outlining specific requirements that banks must implement. While this approach provides a clear framework of rules for banks to comply with, it often creates a “tick-the-box” mentality. The result is then layering of manual control upon manual control to meet a disparate set of regulatory requirements.

      Christopher Checkley - profile-picture
      Christopher Checkley

      Partner, Finance Transformation

      KPMG in the UK

      But the regulatory landscape is shifting towards a more outcome-based approach, empowering banks to design controls that fit their unique risk profiles and business models. This requires a cultural shift, a need for organisations to make judgment calls to figure out the most effective way to protect the bank. As with any cultural shift, it requires people to think and behave differently

      Defining a Culture of Controls

      A strong culture of controls across all levels of the organisation is needed to thrive in this environment. It requires a shared mindset and commitment, where all colleagues clearly understand how their role contributes to safeguarding the bank and enabling sustainable growth in line with the bank's risk appetite.

      A strong culture of controls is characterised by:

      • Going beyond compliance

        Colleagues regard controls as essential to achieving business objectives safely and sustainably.

      • Escalating early

        Colleagues identify and raise potential risks or control failures early and healthy challenge is encouraged.

      • Shared responsibility

        Effective risk and control management is regarded as a shared responsibility across all lines of defence.

      • Read-across

        Lessons learned from past incidents and near misses are shared to prevent similar occurrences in the future.

      The Drivers of a Culture of Controls

      Building a culture of controls requires an approach that focuses on people, training, governance, and communication. By focusing on these key drivers, organisations can effectively steer their culture in the right direction:

      culture-of-control-blogs
      • Tone from the top and middle

        Role modelling and setting the tone from the top, encouraging open and transparent communication and empowering individuals to take ownership of risk management.

      • Training

        Equip employees with the knowledge, skills and tools necessary to design, implement, operate and monitor controls effectively.

      • Governance

        Establish clear governance structures, ensuring accessible and well-enforced policies and accountability control frameworks.

      • Roles and Responsibilities

        Clear and structured reporting lines, enabling conducive cultural dynamics and accountability for controls across all LODs.

      The Cost-Benefit Equation: Investing in a Culture of Controls

      Embedding a culture of controls requires an upfront investment in training, resources, and technology, but the long-term benefits outweigh the costs.

      • Maximising process coverage (control to process ratio)

        Enhancing efficient risk mitigation across key processes.

      • Reduced manual intervention

        Minimising manual controls, which are prone to human error and inefficiencies, and leveraging technology-enabled solutions.

      • Spending less time fixing, more time preventing

        Shifting employee focus from reactive problem-solving to proactive risk identification and mitigation.

      Embracing a culture of controls is a necessity, not a nice-to-have that requires commitment from stakeholders at all levels. Get it right and unlock a proportionate approach that drives safe, sustainable growth.

      Previous insights

      With some clever thinking you can take your control environment into the future.
      Read more

      Regulatory reporting is not simply a box that needs to be ticked
      Read more

      Our risk and regulation insights

      Something went wrong

      Oops!! Something went wrong, please try again

      Our people

      Christopher Checkley - profile-picture
      Christopher Checkley

      Partner, Finance Transformation

      KPMG in the UK

      Sarah Ward
      Sarah Ward

      Partner, Risk & Regulation

      KPMG in the UK