Soft power: Trusting to culture, governance and risk management
04 January 2017
As your organisation looks at how to master the new regulatory landscape and its commercial impact, the yardstick for success can’t just be straight compliance. Rather the ultimate aim should be sharpening competitive advantage, given how much has been invested and how much the business still needs to be re-engineered.
Risk culture, risk governance and risk management are at the heart of this step up from compliance to competitive advantage. Together they determine how the business is driven in areas ranging from the quality and relevance of the information used to make decisions to the assurance of knowing that your people will do the right thing even when nobody is looking. Regulators recognise this. Boards recognise this. Yet while many banks have made determined efforts to change how the business is driven, a continuing stream of misconduct fines suggests that not everyone at the wheel is steering in the right direction. So why is change proving so difficult and how can you get your business on the right road?
Sell the benefits
Cultures can’t be changed overnight. The big danger is looking at the risk culture as something that needs a quick fix or should only be addressed to meet regulatory expectations. Where banks and other businesses have been most successful is when leaders have positioned cultural change as an opportunity to enhance brand, reputation and performance.
In recognition of how long change takes, the initial focus should be on a small number of behaviours and how they are shaped in key ‘moments that matter’ (e.g. how staff decide what business to take or how to deal with a customer complaint). These will form the foundation for a longer term shift in mind-set.
Within governance and risk management, it’s vital to establish clarity over the particular roles and responsibilities of the three lines of defence and the leadership chain from team leader to board – if wires are broken, governance will quickly break down. A litmus test is how effectively the risk appetite framework (RAF) is cascaded through the organisation, how its understood by all members of staff, and the extent to which it’s embedded in day-to-day business decisions and processes. While our research shows that most banks believe their RAF is effective at an enterprise-level, 60% believe that it is inadequate at lower business lines.
Information is power
The other key foundation is ensuring that the right information is going to the right people, at the right time. The incoming BCBS 239 offers an opportunity to do away with workarounds and move to a sustainable approach to data sourcing and risk reporting. The development of stress testing can also provide valuable information on pricing, risk appetite and the viability of business plans. To harness the potential, it’s important to recognise that data, modelling and reporting are assets in need of investment, rather than simply a compliance cost to be minimised. Smart banks are looking at risk and stress testing information as a competitive differentiator.
Get this right and you can not only meet supervisory expectations, but also develop a faster and more agile response to emerging threats and opportunities – real competitive advantage.
To find out more, see A Practitioner’s Guide to Banking Regulation: Mastering the New Regulatory Landscape