A Risk Culture Framework for Systemically Important Banks
Journal of Risk and Governance, Vol. 3, No. 1, 2013
46 Pages Posted: 27 Oct 2013
Date Written: July 25, 2013
A good 'Risk Culture' has often been identified as a pre-requisite for improving risk management in regulated banks. In the wake of the GFC, regulators have called for improvements in the risk culture of banks, especially Systemically Important Banks (SIBs). But the term 'risk culture' is not well defined, often described by equally vague concepts such as 'tone at the top,' 'walk the talk' and 'tick in the box.' It is assumed by, among others, industry bodies that risk management can be improved by somehow wrapping an all-enveloping cloak of 'risk culture' over a firm. But such an approach treats risk as something outside of, and optionally added to, business culture, not as an integral part of almost every business decision.
Organizational culture has long been identified as a complex phenomenon not easily susceptible to change. A firm's culture is based not only on overt rules and regulations but also on shared, often invisible, assumptions, which sometimes may even be in conflict with the espoused values of the organization. Do as I say, not what I do!
Changing any culture is difficult because altering the underlying assumptions can be seen as attacking the organization itself, so entrenched are the attitudes of the staff. And changing a culture will invariably introduce new, or modify existing, conflicts of interest, some of which will be the unintentional consequences of change.
This paper argues that merely covering an organization with a veneer of 'risk culture' will not address the problems that cause firms to take unsustainable risks. And, in order to create the necessary awareness of risk throughout the organization, the underlying culture itself must be changed. To change an organization's culture, it is necessary first to understand the existing culture and then to change it from the inside. This means that each firm is unique and 'one size will not fit all' as regards risk. In particular, different firms will require different approaches and different business units within firms will require different tactics. From a regulatory perspective, this means that, in order to ensure that risks are being managed properly, supervisors must ensure that firms try to understand their existing culture(s), and make meaningful efforts to change the culture to properly address risks embedded in it. Regulators and risk managers cannot dictate a firm's culture, but must first understand it, to be able to change it, and to ensure that it stays changed.
To assist firms in changing their cultures (not an easy task), this paper proposes a Risk Culture Framework, based on an ongoing and, at least partially successful, effort to change banking culture, namely the Treating Customers Fairly (TCF) initiative developed by the UK regulator, the Financial Services Authority, and embraced by systemically important UK banks. Without such a starting model, banks will embark on their efforts to change their risk culture, the success, or otherwise, of such efforts not becoming evident for several years.
Keywords: Risk Culture, Organizational Culture, Banking Regulation, Behavioral Finance, Systemically Important Banks
JEL Classification: G21, G28
Suggested Citation: Suggested Citation