Meeting new regulatory expectations means not only applying risk mitigation, compliance, and control methods, but also instilling a corporate culture where the right people do the right thing at the right time. This culture starts at the top—with leadership from the board and the C-suite—but must also involve the entire organization. What are the best ways for financial services firms to establish an effective risk culture?
In its recently released final report, the National Commission on the Causes of the Financial and Economic Crisis concluded that the crisis of 2007-09 was caused partly by a failure of risk management, with ignored warnings, unasked questions, and mismanaged risk. In response to this failure, the Dodd-Frank Act and other legislative and regulatory initiatives imposed new risk management and oversight requirements. Banks and other financial institutions face heightened scrutiny, with a greater focus on risk management, risk-reporting, and the use of risk analysis in decision making. Meeting the new regulatory expectations means not only applying accepted notions of risk mitigation, compliance, and control but also instilling a corporate culture in which the right people do the right thing at the right time.
This new risk culture starts at the top—with leadership from the board of directors and the C-suite—but also requires commitment and involvement across the entire organization, including business lines, risk management, internal audit, and human resources. An effective risk culture can be developed through a framework that integrates the following key focus areas: leadership, governance and organization, technology and infrastructure, talent management, communication, and global operating norms. Executing in each of these areas will help an organization move towards a rich culture of risk management.