A View of Risk Culture in 2016
A financial consultant said to me that 2016 would
be the year for greater awareness of risk culture.
This statement certainly has
validity considering the confluence of a few factors bringing
more attention to the topic such
as the regulatory environment,
including the drive for more individual accountability for corporate misconduct, continued
knowledge-sharing among risk
professionals, and of course,
the continuation of high-profile
risk failures. These serve as reminders of the work that still
needs to be done within corporations in better organizing
around risk. Companies in highly regulated industries are
at early stages of incorporating measures that include more
cohesive organizational responses to risks particularly for
those rolling out more structured enterprise-wide risk models and processes for the first time. Financial services regulators in particular provide the most prominent examples
of the shift in focus to more comprehensive rules involving
risk management, which includes a much deeper look into organizational cultures.
Personal consequences from business failures and regulatory infractions are much more severe today. Aggravated
customers, taxpayers, and lawmakers have been calling for
more personal accountability from top managers, and new
rules being rolled out place added financial and reputation-al pressure on companies and their leadership and boards.
The UK has ratcheted up this issue by passing the Senior
Manager’s Directive targeting upper management at banks
and other financial institutions. In the US this has piqued
the interest of the Securities and Exchange Commission
as a potential added measure. This comes on the heels of
what is now known as the “Yates Memo” issued by Deputy Attorney General Sally Yates that calls for more individual accountability in cases of corporate misconduct. This
individual accountability theme is in fact global and can
be found anywhere where regulators look to increase pressure on corporate leaders following the perceived “failures
of professionalism” uncovered in the aftermath of the recent financial crisis.
The subject of risk culture isn’t new. Professional organizations such as The Institute of Risk Management,
for one, have been covering it for decades. What is new
is the acknowledgment of the need for risk culture to be
included as an important part of a broader, sounder risk
framework. And it is reaching its zenith today. One major reason for this is the reforms deriving from the 2008
financial crisis, which has led to a regulatory shift in approaches to risk management from pure reaction-mode
strategies to strategies that are focused more on prevention and preparedness for future crisis and risk events.
This shift is forcing a more rigorous look into broader
issues within organizations.
While researching financial risks and controls services earlier this year, we asked several consultants
about a very recent and notable risk failure that occurred at a well-known global bank. The basic question
to them was how such a risk failure could take place
in 2016 after all of the progress made in managing and
mitigating risks in the banking industry since the financial crisis? The question was asked to get a better
understanding of the current state of risk management
generally, and to gather opinions on what is left for organizations to focus on. Consistently the answer was
that this particular case represented a failure of “tone”
from top management and that, of course, not every risk
can be known and negative situation uncovered.
The growing emphasis and integration of risk management with organizational culture is potentially the last piece
of a puzzle, and the most significant one. It puts in place a
more complete risk management framework. Consultants
with strong risk and governance capabilities are finding
great opportunities in helping clients to better define and
understand risk culture, and integrate it into their current
business models in measureable ways. The continued migration from reactive to proactive regulatory priorities and
expectations, combined with the added pressures on top
management to account for risk management breakdowns,
will help ensure that risk culture will continue to be a crucial part of the broader risk conversation.
BY GABE WALLE
Gabe Walle is an analyst for the ALM Intelligence
financial consulting service line.