In any form of business, be it private or public, the importance of risk culture cannot be over emphasized. But when it comes to financial institutions, the dynamics of risk culture change significantly as the nature of banks’ operations make it distinct from all other forms of businesses which call for more intrusive, consistent and strict regulatory regime. Banks, irrespective of their jurisdiction, are required by regulators to establish strong governance, risk and compliance functions to reduce conflict of interests between various stakeholders. However, in spite of enhancement in regulations and supervisory practices, their still remain chances that banks may incur losses or fail due to management decisions.
There are many examples of failures in both developed and developing economies due to weak internal control systems. The global financial meltdown of 2008 has shown that several banks faced huge losses or even failures by executing decisions that were not detected by risk and control functions and were excessively risky and beyond institutions’ capacity/risk appetite. Several scandals have been unfolded around the world that found bankers engaged in discriminatory lending, excessive risk taking (short-term), ‘rogue’ trading practices (Ponzi schemes), market manipulations through insider trading (the London Whale Scandal) and several other practices which have led to a view that in corporate culture, it is not only financial corruption that matters, moral corruption matters too!
Currently, the banks around the world are investing heavily to improve their risk models and re-engineer their processes and monitoring structures to support timely detection and mitigation of potential risks. However, no model of risk management can be successful unless the banks themselves make a conscious effort to manage people’s attitudes and behaviors towards risks across all lines of defense. The regulators around the world have started emphasizing the importance of risk culture and issued guidelines to banks for establishment and promotion of a more participative, open and strong risk culture supported by robust corporate governance practices to safeguard the interest of their shareholders against any reckless decision-making by a handful of individuals.
It is true that risk culture in an organization could not be changed overnight. The banks need to implement a thorough, focused and consistent long-term awareness drive to sensitize employees about the value of‘ strong risk culture’ and how they and the institution would benefit from it. A sound risk culture promotes sound risk-taking, and ensures that risk-taking activities beyond the institution’s risk appetite are recognized, assessed, escalated and addressed in a timely manner. On the other hand, poor risk culture cultivates the mentality of ‘burying the head in sand’ in view of impending risks.
Risk management is an activity that must be performed at all levels and at all times in any organization. Perhaps, the best way available is to link the objectives/activities/strategies of any business unit to banks’ overall risk appetite. A misaligned risk-reward system will create further room for decision makers to take risky decisions that are more aligned with their own personal interest than that of the entity. Hence, the regulators are stressing the need to integrate the risk culture with decision making process. This will result in inculcating a “right” risk culture which will enable banks to make more informed policy decisions by adopting a ‘forward looking’ approach. There is still alot that needs to be done on both regulatory as well as industry fronts to change the risk cultures in banks. It is high time now for regulators to be hard with bank on risk management and control systems and work proactively and consistently with financial sector players to foster responsible banking practices supported by superior governance, risk and compliance functions, founded upon strong risk culture/values.
The banks also need to recognize the importance of risk culture in instituting robust risk management & control processes and make conscious and consistent efforts to internalize the right risk and corporate culture in their operations, enabling them to meet the growing regulatory expectations that lie ahead. It is also time that the risk managers should change their approach towards risk management, moving it away from a reactive function that merely focuses on ‘whatmay go wrong’ towards a more proactive and ‘valueadditive’ function that should provide line managers, decision makers with the ways, means and strategies to help them achieve the long-term goals and objectives of the organization.