Diving deep on risk culture

A growing priority for European banks and supervisors

Collegues in meeting

December 2023

“Well run banks don’t fail”

Improving bank governance is a long-standing European Central Bank (ECB) supervisory priority – and as we reported in our July article, the issue has been given extra impetus by the collapse of US and Swiss banks this spring. The ECB has identified bad management as the root cause of these bank failures and has promised to keep pressing banks to remedy shortcomings in their governance and risk management.

The software of governance

In a September speech, ECB Supervisory Board Vice-Chair Frank Elderson highlighted one specific area of governance: risk culture. This Elderson described as the ‘software’ of governance, the set of attitudes and norms that influence how individuals actually behave with the formal framework of management structures and policies (the governance ‘hardware’). A healthy risk culture, Elderson argued, will spur innovation and customer service while also promoting compliance with regulatory requirements and internal controls. A bad culture, on the other hand, will encourage bank staff to ignore or disregard risk controls in the pursuit of short-term profit alone – with potentially disastrous consequences.

Elderson argued that by undermining banks’ formal risk management systems, poor risk culture was a key driver of the reckless behaviour that led to the global financial crisis of 2008, as well as more recent bank failures. It is therefore essential, he said, that the ECB scrutinize the software as well as the hardware of governance to ensure that banks remain well run.

Deep dives and new guides

To that end, Elderson announced that the ECB is piloting ‘risk culture deep dives’ at a small number of banks. These build on the ECB’s review of management bodies earlier this year as well as the assessment of bank culture conducted by the Dutch central bank (DNB) in 2015, when Elderson was Executive Director for Supervision. That exercise employed organizational psychologists to evaluate behavioural drivers and risk culture through observation, surveys and interviews with staff.

The results of the deep dives, plus a review of international work in this space (Elderson cited the Australian Prudential Regulation Authority’s Bank Executive Accountability Regime and the draft risk culture guidelines issued in February by the Canadian Office of the Superintendent of Financial Institutions as well as the DNB 2015 assessment) will inform a new ECB Guide on Governance and Risk Culture. Elderson announced that this will be published by the end of 2024.

Measuring culture

A key challenge, however – both for banks seeking to demonstrate the quality of their risk culture and for supervisors performing assessments – will be measurement. Based on the experience of previous ECB on-site inspections, we expect documentation to be a major focus for supervisors. The ECB will most likely look for extensive documentary evidence that management promotes a positive attitude toward prudent risk management throughout the organization. Types of material that supervisors may review include:

  • Internal communications such as all-staff memos and town-hall meetings: do these show bank leaders setting the right ‘Tone from the Top’ and emphasizing the importance of prudent risk management?
  • Meeting records: is there evidence of management openness to constructive challenge and diverse perspectives before decisions are taken?
  • Training materials: how far is importance of prudent risk management reflected in training for roles across the business?
  • Escalation / whistleblowing channels: can a bank show that staff are willing to escalate concerns without fear of consequences?
  • Appraisal and remuneration policies: is promoting prudent risk management included in staff objectives, and reflected in compensation decisions?

Thorough documentation will not only help banks prepare for supervisory scrutiny. It will also equip management to proactively monitor their risk culture and ensure that risk policies and controls are followed at all levels of the organisation. 

A growing priority

Risk culture looks set to remain a central element of the ECB’s approach to bank governance. Indeed, it could well be listed as a formal ECB supervisory priority for the coming years, with the risk culture deep dives announced by Elderson serving as a model for on-site inspections at a wider population of banks.

Ahead of any supervisory audits, banks should consider first performing their own risk culture assessment, to understand in detail the state of their current risk culture and identify any shortcomings.

In parallel, banks should review their internal processes and records. This should only be seen as an exercise in gathering evidence to demonstrate the health of their risk culture tosupervisors.

More importantly, it should be regarded as a powerful tool for management to fully understand the culture throughout the bank and drive continuous improvement in their risk culture and governance.

Related Content

Navigating the ECB's expectations: Strengthening governance in European banks

Better governance leads to better banks, which in turn leads to a stronger and safer banking system.

KPMG European Central Bank Office - Advisory Services

KPMG ECB Office offers you information and solutions for dealing with the ECB supervisory approach under the Single Supervisory Mechanism (SSM).


Our people

Benedict Wagner-Rundell

Senior Manager

KPMG in Germany


Connect with us

KPMG combines our multi-disciplinary approach with deep, practical industry knowledge to help clients meet challenges and respond to opportunities. Connect with our team to start the conversation.

Two colleagues having a chat