While digital transformation is accelerating, we are experiencing persistent progression in finance, banking, and economic arenas. New business models, change in business process, innovation, and fast-evolving technologies are transforming industry landscapes, blowing up the bank's strategic tactics and projection for sustainable, long-term value creation.
Banking business and financial intermediation are always risky. The overall soundness and stability of the financial systems largely depend on effective risk management. After the global economic crisis, financial institutions worldwide underwent the emergence of augmentation of their risk management capabilities.
Experts believed the economic meltdown of 2007-08, which propelled the biggest financial decline since the Great Depression was avoidable, and only occurred because no one concerned understood the risks they were taking. These disasters underline a concern that all banks, regardless of size, should make a top priority: Cultivating the appropriate risk culture within the bank.
Banks often think of risk within the circumstance of credit risk. Nevertheless, risk should be viewed from a much wider perspective, together with liquidity, market, compliance, operations, and reputational risk. Sketching a risk appetite statement, parallel to the bank's mission statement is a good place to start. This is an official document that outlines the base of the bank's risk management program. It must be strongly incorporated with the bank's overall policy. And all bank employees must be informed and well-trained, which would enlighten them in risk management and organizational success.
Regulators expect banks to formulate a formal risk appetite statement that brings out their level of risk tolerance. Particularly, improvements to the Basel Framework states that "it is the responsibility of the board of directors and senior management to define the institution's risk appetite and to ensure that the bank's risk management framework includes detailed policies that set specific firm-wide prudential limits on the bank's activities which are consistent with its risk-taking appetite and capacity."
At first, a bank should recognise its existing risk culture and measure how well it supports the organisation's risk strategy and risk management approach in its journey toward effective risk management.
A mixture of tools can help banks comprehend their existing risk culture, such as the Risk Culture Framework. The framework consists of four drivers: risk competency, organization, relationships, and motivation and it provides details of risk culture drivers and subcomponents. The workforce should be acquainted with the organization's mission, ethics, and objectives. They must understand the risk appetite and be well-versed about which risks to take or evade that fit within those domains. The Chief Risk Officer (CRO) should march in to assist the CEO to decide whether specific initiatives fall within the existing bank's risk culture—and risk appetite, once the organization widens its strategic initiatives.
An official risk appetite structure should include qualitative and quantitative risks in credit, liquidity, and reputation. That provides insight into the types and levels of risks seen as suitable. For example, one bank may identify a top priority in capital adequacy—that is, the number of assets a bank has to hold as obligatory by a financial regulator. Any business decision that could endanger capital adequacy by a definite boundary can be defined as excessive risk. The CRO would then work to scrutinize capital adequacy and raise a flag if the value exceeds the company's defined risk framework. Then associates of the relevant squads that contribute to the risk and answerable for mitigating it would team up on the particular causes to fine-tune and correct for this risk issue, while making sure the bank preserves superior regulatory standing and a high reputation index.
The Financial Stability Board (FSB) included the following indicators of a well-built risk culture:
- The board of directors and the bank management will start it from the top and it must flow downwards.
- The employees should clearly understand risk culture and they should know how their dealings impact it which will make them responsible.
- Staff from all ranks should be welcome and encouraged for any dissent and opinion to the risk culture.
- Monetary inspiration may be offered to staff for demonstrating expected risk behaviours.
Further than that, three lines of defense should all perform in concert to uphold a stricter risk culture and eradicate incompetency and overlaps:
- The first line is supposed to make the right business decisions and take possession of the risks different departments take.
- The second line, risk, and compliance teams must support the business through owning risk and wheels by efficiently challenging business decisions with the help of evaluation methodologies, as well as principles and practices.
- The third line, in-house auditors, should evaluate business risk and control assessments, and assess second-line risk and compliance functions.
Simultaneously, a regular review of the company's risk culture can assist in updating a bank's board and senior management and strengthening desirable risk cultural traits and practices. While risk culture is not a fixed notion other than developing dealings in the bank and the setting of the bank, it is essential to review the risk culture frequently. In a nutshell, the key is to make sure that risk culture promotes well-groomed decision-making and becomes vital for determining how much uncertainty is tolerable as bank management chase other targets. By fostering a distinct risk culture, banks will get better at managing the challenges that come their way. The bank should exhibit its moral compass- how bankers are performing when nobody is watching over.
The author is a banker and a Certified Expert in Risk Management (CERM) from Frankfurt School of Finance & Management, Germany. He can be reached at [email protected]
Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.