Read Blog Post

Read Blog Post

Contributed on July 13, 2020

62

928

Risk culture: from reactive to preemptive

Blog: Capgemini CTO Blog

The recent evolution of risk culture

Most companies have extensive experience with risk management, and financial institutions firmly belong in this group. However, the 2008 financial crisis demonstrated that financial institutions had behavioral shortcomings with respect to how risk and internal controls were measured and applied – often in contrast to formal process protocols. This behavior led to unimaginable consequences and contributed to the deepening of the financial crisis. Regulators devised a number of post-financial crisis measures to close this gap, including a formal guidance on how financial institutions must maintain a risk culture.

Many Chief Level Executives regard this evolution as a genuine opportunity to make their organizations more sustainable and resilient in the face of future crises. They engaged in serious self-assessment of their risk cultures, determined where deficiencies existed, and then began the long-term programs necessary to transform their organization’s behaviors related to risk. By doing so, COOs, CROs, CEOs and boards became proactive in discussing the internal tradeoffs for risk and control. By setting up the Top Management Tone communicated to internal stakeholders giving direction to the overall organizational risk culture, they managed to make the cultural aspects of risk issues more visible, better understood, and more widely accepted across the entire organization. The Top Management Tone also allowed them the opportunity to reestablish credibility with regulators and the public while they continued to fulfill their essential mandate within the economy. Financial institutions thus formalized company preemptive cultures centered around self-awareness of risk. This risk awareness is the core instrument designed to ensure their overall stability and sustainability into the future.  Risk culture is the combination of the awareness, behavior, competencies, and expertise exercised within the context of the technologies and data quality used to perform daily tasks.

Preemptive risk culture stresses the proactivity of internal stakeholders by enabling them through well-communicated risk governance mechanism. The aforementioned proactivity is further empowered by clearly defined risk management processes.

The pandemic and risk culture

The pandemic is resulting in a global economic recession that could lead to permanent shifts in competition across the global business landscape. Although it is too soon to know how a recovery will play out, we do know that firms with mature risk cultures are better equipped to navigate the economic downturn to ensure their survival. We expect risk culture maturity to receive increased attention from regulators in the upcoming months. Consequently, organizations should focus their attention to enhance their risk culture, thus ensuring competitiveness and regulatory compliance.

Risk culture in dynamically changing world  

The development of preemptive risk culture in all types of companies – not only limited to financial institutions – will be immensely valuable in helping companies adapt to the dynamically and continuously changing operational ecosystem. Our experience in improving risk culture has led us to conclude the following key findings that indicate a mature risk culture setup:

1. Review and update risk appetite statement in alignment with corporate strategy.
2. Set up a risk governance mechanism that promotes self-awareness, track risk metrics, and hold employees accountable in conjunction to incentivizing them to proactively operate with enhanced risk awareness.
3. Design risk management processes and seek accreditation such as IEC 31010:2019 & ISO 31000:2018 (relevant for FS and non-FS).
4. Improve risk processes continuously, communicate and educate employees about risk awareness.
5. Enhance operational efficiency to ensure high data quality leading to better risk identification, measurement, and assurance.
6. Proactively invest in risk management IT systems to increase resilience to unidentified risks and visibility in tracking identified risks.

Next steps – and validation for a solid preemptive risk culture

The concept of the risk culture should be a core part of a company’s strategy. Companies can benefit from acting on the lessons learned by financial institutions in the 2008 financial crisis and be proactive given the reactions taken by regulators to curb the behavioral shortcomings of financial institutions. Many financial institutions are already at the beginning of the risk culture journey and we are expecting an increase in efforts to enhance risk culture maturity to cope with market changes.

• First, a functioning preemptive risk culture enables the entire corporation to solve risk problems and take actions at an individual level. In an economic environment where the full scope of risks is not known, this capability will become a vital asset to bolster the firm’s ability to react to disruption.
• Second, organizations that establish a mature preemptive risk culture can better manage their risks and reduce risk of failure, even when they must deal with extreme unexpected events.
• Third, building a mature preemptive risk culture is a dynamic and continuous process that requires time, patience, and effort, but it offers long-lasting resilience during times of financial stress.
• Fourth, to build an organization that is stable and sustainable over a long period of time, risk culture is essential. Even outside the scope of the current pandemic, recent years have seen an increase in natural disasters, incidences of cyberattacks and data breaches that are becoming more and more prevalent.
• Fifth, in a business system that is set up to anticipate as much as possible and be flexible with procedures when the worst happens, coping mechanisms within risk cultures become second nature for employees and managers alike.

Preemptive risk culture would not only enable organizations to resiliently thrive within uncertain and constantly changing environment, but it would rather create a competitive advantage providing an edge of swiftly and efficiently swaying through unfavorable market movements whether exogenous or endogenous.