An interesting study on the internal "Risk Governance Culture and Behaviour" of Australian and Canadian banks has recently been published by Elizabeth Sheedy and Barbara Griffin from the Faculty of Business and Economics at Macquarie University [LINK].
There are some curious insights to be found after surveying 22,145 employees of 222 various business units in six major banks headquartered across two countries and, I have plucked out some of these findings or perhaps their interpretations in this short blog posting.
It has been identified from the study that a strong risk management framework generally played a significant role in how internal bank staff perceived risk management structures such as policy and training. This is encouraging but it was also noted that remuneration and performance measurement systems in Australian and Canadian banks potentially contributed to a lack of prudent risk behavior. As we all know, this is a major contributing factor for the Global Financial Crisis.
Adding to the causality mix of potential risk management misalignment was the prevalence of specific individualistic risk appetites. Although staff seniority generally had a positive behavioural outcome that evidences how important it is to have a strong risk culture from the top, it was also noted by a third of respondents that policy breaches by top performers were unfairly excused. To complicate matters further, 95% of the surveyed referenced a perception that risk culture was heavily influenced by colloquial business unit practices which may differ from the host institution as a whole.
The executive summary of this study makes for a fascinating read in its own right.
For ISO 31000 practitioners, there is a solid reference to the Global Risk Management Standard on page 5 of the report that states:
Risk management refers to coordinated activities to direct and control an organisation with regard to risk with the aim of ensuring that the firm meets its objectives.
Yet the study also claims that a typical risk management framework constructed inline with ISO 31000 principles may not guarantee that risk management will be effective if a bank's risk management culture is weak.
In a typical business environment there are natural tensions between the objective of short-term profit maximisation and risk management with its longer-term perspective. While many FIs might espouse a commitment to risk management, the priority that is enacted may be much closer to short-term profit maximisation.
In a world of moral hazard and taxpayer-funded bailouts there are obvious reasons why a FI may intentionally overstate its commitment to risk management in order to avoid unwelcome scrutiny. This gap between what is espoused and what is enacted explains how culture develops and is experienced.
The study was performed by using the Macquarie University Risk Psychometric Culture Scale that assesses four factors of risk culture taking in Risk Value, Staff Pro-Activeness, Risk Avoidance and Management. These factors are passed through a model that then measures the relationships between risk structures and culture. There are seven propositions that were tested in this study using the Macquarie University conceptual model and all key aspects of the system have been explained in the paper.
This is a fantastic read for risk management practitioners in banking, it's a well researched and presented piece of work that can be downloaded from the following LINK.