risk culture within organizations in the financial ......risk culture within organizations in the...
TRANSCRIPT
Risk culture within organizations in the financialservices industryCFA Society Netherlands – 8 October 2015
Agenda Risk Culture
• Risk culture trends in the financial services industry
• The risk management advisory perspective
• How to address the risk culture topic?
• Risk Culture model EY – The link between culture mechanisms and behaviours
• Case study- examples
Page 2 Risk culture
3
Risk Culture - Trends in the financial services industry
Risk culturePage 4
Risk culture trends in the financial services industryThere are four factors driving risk culture up the agenda
Risk Culture
Page 5
Regulatory pressure
Leadership pressure
Higher consumerprotection standards
Negative public sentiment
Risk culture
Risk culture trends in the financial services industryOutcome EY risk management survey 2015 amongst major financial institutions
Risk culturePage 6
7
Risk Culture– the risk management advisory perspective
8
► Risk culture provides a specific lens allowing general concerns about cultureto focus on risk-taking and risk control activities
► The FSB defines risk culture as the institution’s norms, attitudes andbehaviours related to risk awareness, risk taking and risk managemen
► Risk culture is at the intersection of risk management and behaviour
The Risk management advisory perspectiveDefinition of risk culture
Risk culture frames the relationship between the culture of a financialorganisation and its risk-taking actions
Risk culture
The Risk management advisory perspectiveEY view of an Enterprise Risk Management framework
Page 9 Risk culture
The Risk management advisory perspectiveSome common red flags addressing risk culture topics
Page 10
The existence of the ‘Risk Management & Internal Control’ framework/system can create a false senseof protection … … as there can be a big difference between design/existence and actual effectiveness
Risk Management & Internal Control Checklist In design: Common red flag in effectivenessRisk appetite defined? ✓ Not embedded in business decision making3 Lines of Defence model in place? ✓ Front office lacks risk ownership
Risk committee(s) in place? ✓ Little involvement of business, lack of oversightat board level
Product Approval Process ? ✓ Risk involvement too little, too lateStrong risk function? ✓ Capacity, capabilities, insufficient challenge
towards business
Control Owners defined? ✓ Lack of accountabilityControls monitoring ✓ Behavior is compliance-focused or control
reliant.
Periodic Risk and Control Self Assessment? ✓ No alignment between strategic level andoperational level
Periodic reporting? ✓ Reporting lacks transparency at board levelBalanced incentive structure ✓ No actual involvement of risk function
The soundness of the risk culture heavily impacts the effectiveness of therisk management and internal control system
Risk culture
11
Risk Culture– How to address the topic?
How to address the risk culture topic?Financial services firms increasingly face four key questions
1. 2. 3.What is yourrisk culture?
What is thisbased on?
What are youdoing about yourrisk culture?
4.How do youmonitor your riskculture?
1. Define 2. Assess 3. Change 4. Monitor
Define and assess risk culture Strengthen and sustain riskculture
Page 12 Risk culture
How to address the risk culture topic?Overcoming challenges
Firms becoming tooconservative in the wakeof regulatory scrutiny
Ensuring relevancetowards line employees
Missed opportunity tooverlay target operatingmodel
Firms not having astructured framework
Undefined starting point
Challenges8
7
654
3
2
1
Unrealistic assessmentas to rate of achievablechange
Considered in isolationvs. embedded intobroader organisationalinitiatives
Over reliance onpoorly designedsurveys
Risk culturePage 13
14
Risk Culture model EY
Risk Culture model EYThe link between culture mechanisms and behaviours
Culture mechanisms
Behaviours outcomes
Risk framework
CultureMechanisms
Communicating theright message
Establishing the rightenvironment
Providing the rightmotivations
Taking the right risks
Employeelife cycle
Rewards
(Risk)Transparency
Riskappetite
Tone fromthe top
behavioursstandards
Roles andresponsibilities
Governance
Organisation
LeadershipIncentives
Advocate
Adaptable
Communicative
Ethical andcompliant
Leadand influence
Analyseand interpret
Collaborative
Responsible andaccountable
BehavioursOutcomes
To create anappropriateculture, a varietyof mechanismsneed to be in placeand be effective.When in place andeffective, themechanismscontribute todeliver the desiredbehavioursoutcomes
Attributes of a sound culture
Leadership – tone from the middle aligned withtone from the top and desired behaviours areestablished
Organisation – governance and business modelsupport the delivery of desired behaviours andenable strong accountability and effectivechallenge
Risk framework – risk management framework isembedded in the way the business manages riskand enable effective challenge
Incentives – employee lifecycle and incentivessupport the delivery of desired behaviours
Risk culturePage 15
Risk Culture model EYRisk culture mechanisms
LeadershipEstablished 2 way communications
Consistent tone from the topAlignment of Risk behaviours to organisational
values
OrganisationEstablished, well understood 3 Lines of defense
Clear view of roles and responsibilities, includingaccountability for risks
IncentivesAlignment of remuneration and rewards
Recruitment, on-boarding process reflectsfirms values, expected risk behaviours
Structured performance evaluation andconsequence management
Risk FrameworkRisk appetite embedded in daily decisionmakingClear and robust management information,escalation linesRoot cause analysis of complaints, issues
Page 16 Risk culture
Risk Culture model EYBehaviours outcomes
Advocate
Adaptable
Communicative
Ethical andcompliant
Lead& influence
Analyseand interpret
Collaborative
Responsibleand accountable
Behavioursoutcomes
Behaviour
Attitude
Values
Beliefs
Actions
People areloss adverse
Doingthe right
thing
OtherPeoples
BehaviourMatters
People areBad at
Computation
Habitsare
Important
Engagement&
Involvementare Key for
Adoption
SelfExpectationInfluencesBehaviour
Risk culturePage 17
18
Risk Culture– Case study examples
Page 19
Case Study – exampleRisk culture mechanisms- assessment various stakeholder groups
Risk culture mechanism dimension 1 2 3 4 5 6TONE FROM THE TOPManaging risk is top of mind for our senior executives. It is a genuine priority thatfeatures regularly in their various communications, both formal and informal.
BEHAVIOURAL STANDARDSThrough their actions, senior executives consistently take risk seriously, even if it isat the cost of short term profits, missed deadlines or disappointing influentialstakeholders by refusing to compromise on operational standards.
ROLES & RESPONSIBILITIESBetween divisions and across our operating model there is sufficient clarity on roles,responsibilities and accountabilities to ensure we consistently manage riskeffectively.
RISK GOVERNANCEIn our governance structures, risk management, is both formally and informally, kepttop of mind. For example, in marketing, product design and approval forums.
RISK APPETITEOur risk appetite is clearly articulated and meaningfully cascaded throughout the firmin our governance structures and control environment.
RISK TRANSPARENCYOur people and systems are appropriately configured to promptly identify risk issues.People have no hesitation in raising issues, knowing they will be dealt withappropriately without any recriminations.
EMPLOYEE LIFE CYCLEAssessing people’s aptitude for, and track record of, risk management is tangiblyconsidered at key points in the employee life cycle. For example, recruitment,performance review, promotion and learning.
REWARDSThe way in which our people are motivated, assessed and rewarded ensures theconsistent delivery of good risk outcomes for the firm, its customers andstakeholders.
SENIOR LEADERS
MIDDLE MANGEMENT
FRONTLINE
RISK FUNCTIONS
Strongly disagree Strongly agree
Risk culture
Case Study – exampleBehaviour outcome
Risk culturePage 20
Lizette Bruidegom, senior manager EY Financial Services [email protected] +31 88 4071550 / + 31 6 21252264