Getting past the myths about risk culture

Bhushan Sethi Financial Services People & Organization Practice Lead February 10, 2017

For years, financial institutions have used ethics and compliance programs to address bad behavior and build trust. In spite of this, every year seems to bring a new disappointing “surprise,” from rogue trading to market misconduct. In our 20th CEO survey, 76% of global banking and capital markets leaders agreed or strongly agreed that it’s hard for their businesses to gain and keep trust. In 2017, we expect that a lot of them will spend time addressing risk management culture and ethics. As they do, it’s time to let go of some outdated myths around how these programs should work:

  • Myth 1: As long as you’re complying with regulations, your risk culture is good enough.
  • Myth 2:  Your risk culture has to be the same (and measured the same) throughout your organization.
  • Myth 3: “Tone at the top” is enough to change your risk culture.

Myth 1: As long as you’re complying with regulations, your risk culture is good enough.

Regulatory compliance is usually a lot of work for financial institutions. The environment is constantly changing as customers and regulators demand higher standards. Firms can be tempted to look at risk culture as mainly about regulatory compliance, but this would be a mistake. Basing your risk culture goals on regulations alone may ensure compliance, but it’s unlikely to build the lasting transformation you want.

Risk culture is more than compliance—ideally, it should change how your firm operates. But completely changing culture can be tough, which is why we recommend taking a more direct approach. Instead of trying to overhaul an entire culture, identify specific behaviors that demonstrate your firm’s purpose, values, and ethics. Once you’ve chosen these attributes, you can create specific goals and incentives to help achieve them.

Ironically, in the past few years, regulation has helped financial institutions address some other talent-related issues. In the process of complying, firms now have more visibility into their talent management practices. This has helped them develop their leaders, get a more diverse workforce, and create a culture of higher performance. Often, this has made their risk culture more effective, and it has led to substantial improvements in both client and employee experience.

Myth 2: Your risk culture has to be the same (and measured the same) throughout your organization.

You allocate capital differently across business units and geographies. Your employee incentives may vary across your lines of business. The risks in your sales and marketing groups will differ from the risks on your trading floor. So, why would you expect to achieve an optimal risk culture by treating these unique risks with a “one size fits all” approach? You may miss investment opportunities, and you may not motivate your best employees, if you don’t think carefully about how you set boundaries.

This relates to measurement, too. There is no single measure of risk culture. Instead, consider categories such as client feedback, social media sentiment, operational risk, employee surveillance, training, and engagement. Work with middle managers to select measures that fit the unique segment of your business based on factors including business model, risk appetite, and workforce.

Nine years on from the financial crisis, some firms still struggle to find the right metrics to evaluate their risk culture. From my perspective, this has less to do with a lack of data—after all, firms can always choose metrics where the data is readily available—and more to do with the ongoing ownership and accountability for results. So, don’t focus on consistency; find metrics that work, and then get people to own them.          

Myth 3: “Tone at the top” is enough to change your risk culture.

Since the passage of Sarbanes-Oxley in 2002, tone at the top has been a cornerstone of risk culture. We expect leadership to set expectations, from signing off on financial statements to modeling desired behavior. Most firms take this responsibility seriously. What’s lacking is consistent buy-in from managers and staff at other levels. This is where “tone at the middle” comes in, especially in lines of business that are further removed from executives. Commitment doesn’t automatically cascade down from the top. You need a plan, and you need to set expectations. That includes targeted management training, “on the job coaching”, communication, managing performance, and rewarding the right behavior. You should align incentives for middle managers with the firm’s commitment to its purpose and to its broad set of stakeholders: customers, shareholders, employees, regulators, and more.

Even earlier in the employee life cycle, there’s a stage that is often overlooked: the beginning.  Are you hiring the right people? Are you providing the right background checks into their behavior—whether they’re employees or contingent workers? If you’re putting an emphasis on risk from the beginning, developing and managing your staff becomes that much easier.          

Moving forward

Staying ahead of a constantly changing issue like risk culture often demands that you look past outdated but commonly-held beliefs. To do this, you may have to take a long, hard look at your firm’s current approach.

These days, most financial institutions find themselves in the headlines because of problems with their risk culture. By getting past the myths, you can start to move the needle on culture and get in the headlines for the right reasons.

Read more about risk management culture and other issues facing the industry in our report, Top financial services issues of 2017: Thriving in uncertain times.

And learn more about industry news by following @bhushansethi1 and @PwC_US_FinSrvcs on Twitter. All views expressed above are my own.

To join the conversation, visit this post on Bhushan's LinkedIn page.

Contact us

Bhushan Sethi
Financial Services People & Organization Practice Lead
Tel: +1 (646) 471 2377

Follow us