Risk culture

This article was the basis of content and / or formal deficiencies in the quality assurance side of the portal economy entered.
You can help by eliminating the shortcomings mentioned there or by participating in the discussion .

With the concept of risk culture ( English Risk Culture ) European regulators seek a systematic risk-appropriate behavior among employees at all levels of credit institutions.

Origin and definition

The establishment of an appropriate risk culture is intended to strengthen internal governance and thereby prevent banks from taking disproportionately high risks. The term first found its way into European supervisory law when Directive 2013/36 / EU (Equity Capital Directive) came into force in 2013. Recital 54 calls on the Member States of the European Union to introduce principles and standards that ensure effective control of risks by the management bodies of credit institutions and investment firms. As part of effective risk management, these guidelines are intended to promote a solid risk culture at all company levels. As part of the revision of its corporate governance principles in 2015, the Basel Committee on Banking Supervision (BCBS) undertook an initial supervisory definition: According to the members of the BCBS, risk culture symbolizes:

"[...] the totality of the norms, attitudes and behavior of a bank with regard to risk awareness, risk appetite and risk management as well as controls that shape risk decisions. Risk culture influences the decisions of management and employees in their daily work and has an impact on the risks they take. "

Since October 27, 2017, these requirements have been implemented in national German supervisory law as part of the MaRisk amendment. In the general part of MaRisk (AT 3.1), the management is obliged to develop, promote and integrate an appropriate risk culture as part of its overall responsibility. In the opinion of the German supervisory authorities, the following facts should be subsumed under this concept:

“The risk culture generally describes the way in which employees of the institute (should) deal with risks as part of their work. The risk culture should promote the identification and conscious handling of risks and ensure that decision-making processes lead to results that are also balanced from a risk perspective. Characteristic for an appropriate risk culture is above all the clear commitment of the management to risk-appropriate behavior, the strict observance of the risk appetite communicated by the management by all employees and the enabling and promotion of a transparent and open dialogue within the institute on risk-relevant questions. "

Despite the new inclusion of this term in supervisory law, it is emphasized that the requirement to anchor an appropriate risk culture in credit institutions does not require a new risk management approach, but rather banks should be encouraged to deal with this topic more intensively and to define for themselves which ones Businesses, behaviors and practices are or are not considered desirable.

Components of an appropriate risk culture (indicators)

In its 2014 Guidance on Supervisory Interaction with Financial Institutions on Risk Culture, the Financial Stability Board (FSB) also emphasizes the importance of an appropriate risk culture with regard to the decision-making process and the behavior of bank employees. In addition to effective risk governance, an adequate risk appetite framework and an appropriate remuneration practice, which together form the basis of the concept, this committee also names four indicators ( management culture - tone from the top, employee responsibilities - accountability, open communication and critical dialogue - Effective Communication and Challenge, appropriate incentive structures - Incentives ), with the help of which it should be possible to assess the respective risk culture of a credit institution and to control its implementation in a targeted manner. However, these indicators should not be considered exhaustive or a checklist.

Leadership culture (tone from the top)

The first-mentioned indicator management culture essentially addresses the role model function of corporate management. The board of directors of a credit institution not only formulates the expectations of the company's risk culture , but should also use its own behavior to reflect the previously defined company values. Such a commitment on the part of management to the risk culture can also be imitated or internalized over time by employees at lower hierarchical levels. In order to be able to achieve a sustainable change in the risk culture of an institute, appropriate norms of behavior must also be established at the middle management level ( tone from the middle ). What behavior is appropriate or not-to be considered as appropriate, should also in a Code of Conduct ( Code of Conduct written) and its compliance will be monitored by the management.

Employee responsibilities (accountability)

In addition to establishing a management culture at the level of the board of directors or the middle management level, through which appropriate behavior from a risk point of view is to be exemplified, employees must be bound to clear responsibilities with regard to the management of risks (accountability) and breaches of these obligations or guidelines must be risk-taking behavior related to be punished. However, this requires their acceptance of risk-related target agreements and associated values.

The basic requirement for the partial aspect of accountability is individual risk responsibility at employee level. In the course of this, the board of directors must formulate clear expectations of the workforce in terms of identifying, monitoring, but also reacting appropriately to materializing risks and forwarding the corresponding information. All employees must be aware at all times of the responsibilities that have been assigned to them and what is expected of them in the context of appropriate risk-related behavior. Escalation processes and (internal) whistleblowing processes are important tools in this context that enable employees to pass on concerns about products / services or procedures. Employees should therefore be motivated in the sense of an appropriate risk culture - while maintaining confidentiality and without having to fear reprisals - to be able to report illegal, unethical or questionable practices to the highest authority. However, the assignment of responsibilities and the mandatory use of escalation processes also require the establishment and communication of clearly understandable consequences as a result of violations of internal regulations / procedures, codes of conduct or risk limits.

Open communication and critical dialogue (Effective Communication and Challenge)

In this context, communication is not only aimed at the mere exchange of information, but goes far beyond that. On the one hand, it is important to make use of the diversity of perspectives existing in the institute within the decision-making processes, but also to be able to question a status quo that has been solidified over time.

In this context, open communication describes an unconditional exchange between all institutional hierarchical levels. Employees should be motivated to proactively report undesirable developments or materializing risks - for this, barriers that hinder the smooth exchange of risk-related issues must first be removed. This openness is to be promoted, developed and finally evaluated by the company management. However, employees can only be motivated to behave in this way if appropriate communication mechanisms have been provided in advance and their efforts are also observed and rewarded.

Communication also means dealing with criticism and mistakes in a different way. Control functions, such as the Risk Controlling division, internal auditing or the compliance department, increasingly fell behind the operational business units in terms of their importance. In the opinion of the supervisory authorities, this development should be counteracted insofar as these functions should be fully integrated into all decision-making processes at an early stage and proactively and not reduced to a purely advisory role.

Incentives

The effectiveness of a solid risk culture is shown in the intrinsic motivation of employees to only take risks that correspond to the risk appetite of the institution. This succeeds when they can recognize that an appropriate willingness to take risks is valued by the company management and is taken into account in the context of remuneration, performance appraisal and career development. Performance and talent management promote and strengthen the maintenance of the desired risk management behavior of the financial institution. Financial and non-financial incentives thus support the corporate values and risk culture at all levels of a financial institution.

To this end, suitable systems and processes must be created with which the costs for risks incurred can be appropriately priced and allocated. In addition, the control functions (risk management, compliance, internal auditing) must be granted a corresponding status within the institute so that they can influence remuneration practices, succession planning, talent promotion, promotions / recruitment and performance assessment within the various company areas.

Individual evidence

↑ Ira Steinbrecher: Risk Culture: Requirements for Responsible Corporate Management. Retrieved April 27, 2018 .
↑ Directive 2013/36 / EU of the European Parliament and of the Council of June 26, 2013 on access to the activity of credit institutions and the supervision of credit institutions and investment firms, amending Directive 2002/87 / EC and repealing Directive 2006/48 / EG and 2006/49 / EG ( CRD IV ) , accessed on April 16, 2018
↑ BCBS: Corporate governance principles for banks. Retrieved April 26, 2018 .
↑ BaFin: Circular 09/2017 (BA) - Minimum requirements for risk management - MaRisk. Retrieved April 27, 2018 .
↑ BaFin: MaRisk amendment 2017 - publication of the final version (cover letter). Retrieved April 27, 2018 .
^ FSB: Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. (PDF) Retrieved April 27, 2018 (English).

[1] Ira Steinbrecher: Risk Culture: Requirements for Responsible Corporate Management. Retrieved April 27, 2018 .

[2] Directive 2013/36 / EU of the European Parliament and of the Council of June 26, 2013 on access to the activity of credit institutions and the supervision of credit institutions and investment firms, amending Directive 2002/87 / EC and repealing Directive 2006/48 / EG and 2006/49 / EG ( CRD IV ) , accessed on April 16, 2018

[3] BCBS: Corporate governance principles for banks. Retrieved April 26, 2018 .

[4] BaFin: Circular 09/2017 (BA) - Minimum requirements for risk management - MaRisk. Retrieved April 27, 2018 .

[5] BaFin: MaRisk amendment 2017 - publication of the final version (cover letter). Retrieved April 27, 2018 .

[6] FSB: Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. (PDF) Retrieved April 27, 2018 (English).