Risk Culture

The Risk Culture initiative benchmarks financial institutions' approach to risk management to the leading market practice. The methodology has roots in the Basel regulation and observed supervisory requirements.

Risk Culture is defined as institution's norms and attitudes related to risk awareness, risk taking, and risk management. In PwC's globally recognised methodology, the Risk Culture is described by 6 Focus Areas. Within each Focus Area there are attributes formulated on the level of individual risk categories or processes.  There are separate attributes for attitudes and norms (technical aspects of risk management).

The initiative is unique in covering all types of risks (credit, market, operational, liquidity) and related processes (stress testing, capital management). 

By performing the initiative, a collection of improvement opportunities and recommendations are formulated towards reaching regulatory compliance and leading market practice. The initiative delivers targeted projects designed to implement the recommendations. It usually defines the risk management agenda for the next 1-3 years, supporting the strategic goals of the institution.

Overview of PwC Risk Culture initiative phases

Key Questions

  • What is the current culture?
  • What are the improvement opportunities and recommendations for Risk Culture improvement?

Key Activities

  • Assess the Current State
  • Deep Dive into technical aspects

Detailed description of Phase 1

Two layers (attitudes-focused and norms-focused) define the extent to which a deep dive into the technical aspects of managing risks is performed during the assessment. The Risk Culture Assessment report aggregates information gained during each step. The report provides (i) maturity levels for each Risk Culture attribute, (ii) improvement opportunities identified, and (iii) mitigation actions formulated as recommendations (see Examples).

Risk Culture Survey

  • An online survey for all employees using PwC dedicated web tool
  • Results are benchmarked to the PwC Global Risk Culture Survey done in 2018 amongst financial institutions.

Desktop Research

  • Study of key internal documents of the institution related to risk management in a broader term (Risk Appetite Statement, policies, procedures)

Targeted Interviews

  • Interview with the key Risk Culture stakeholders across the institution covering all 3 Lines of Defense representatives.

Example Questions

Focus Groups

  • The initial assessment is presented and discussed with Risk Culture stakeholders. The discussion includes commenting on regulatory background and market practise. The purpose is to transfer the knowledge and create buy-in amongst future project owners.

Key Questions

  • What does the desired culture look like?
  • What are the benefits for the institution?
  • What are the next steps?

Key Activities

  • Burning Platform
  • To-Be Vision Creation
  • Roadmap Design
  • Organisation Structure Design

Detailed description of Phase 2

Improvement opportunities and recommendations from Assessment phase are processed to deliver the Master Roadmap – a collection of projects, grouped by focus areas (or risk categories), considering the institution's priorities, capacities, and interdependencies amongst the projects.
Master Roadmap is submitted to project Sponsor and Board of Directors for approval.

Aggregation of Recommendations in project

  • Description of targeted end state, benefits, design of Project Charter (see Example)

Grouping of projects

  • Individual projects are grouped per area, creating an agenda for the particular team. Prioritization of projects with regards to the team capabilities.

Design of Master Roadmap

  • Compiling final report by aggregating and mapping the projects, considering project interdependencies.

Board of Directors approval

  • Project Sponsor approves Master Roadmap, and Board of Directors approves projects selected for the implementation phase.

Key Questions

  • What is the necessary set of experiences leadership needs to deliver a transformational project?
  • Which expertise and capacities are required to implement the proposed changes?

Key Activities

  • Project Management
  • Progress Measurement
  • Application of Expertise
  • Reporting to the Board

Detailed description of Phase 3

Implementation support in the execution of selected Risk Culture projects - project owners, objectives, deliverables, timeline defined in Phase 2.

Subject-matter experts from the area of transformational projects and Risk Management will provide the necessary capacities needed for implementation activities and their rapid acceleration.

Designing the controls identified as missing and implementing them to business as usual operations.

Our tools

Risk Culture Survey Tool

  • On-line tool used to collect anonymously responses from survey participants
  • Easy and quick overview of survey results
  • Segmentation of responses per divisions, departments
  • Universal www link for all respondents (or tailor-made link)

Risk Maturity Tool

  • Focus on implementation of the 3 Lines of Defense model
  • Addresses approx. 30 attributes of the Risk Culture
  • Based on the regulatory requirements

Risk Governance Tool

  • Focus on the 2nd Line of Defense
  • Addresses 31 attributes of the Risk Culture
  • 3 areas of assessment:
    • Risk environment
    • Approval process
    • Control and Oversight

Risk Global Tool

  • Based on observed supervisory expectations and requirements of leading central banks
  • Organized per risk areas (credit risk, market risk, liquidity risk,…)
  • Deep dive into technical aspects of the institution’s risk management

Required fields are marked with an asterisk(*)

I acknowledge that my personal data provided in the registration questionnaire will be processed by entities from the PwC network mentioned in the "Data controller and contact information" section in the Privacy Statement. This is done in accordance with appropriate legal provisions (mainly the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016, the General Data Protection Regulation (GDPR) and Act. No. 110/2019 Coll., on personal data processing, as amended) based on the legitimate interests of the above mentioned PwC network entities in order to proceed with my request.

Please, read our Privacy Statement where you can learn more about our approach to personal data and your rights, in particular the right to object to processing.


Jiří Mach

Jiří Mach

Financial Services Risk and Regulatory, PwC Czech Republic

Tel: +420 703 186 914

Dalibor Hála

Dalibor Hála

Advisory services, PwC Czech Republic

Tel: +420 604 370 829