How can the risk function ensure a sound risk management within organizations, while still being anchored in both effectiveness and client centricity?
There are four principles that I have developed on my risk journey which I believe have made a significant positive impact to organizational risk management and culture.
Select your leadership carefully. People want to work and accomplish goals with individuals they can relate to, and organizations they can trust. First and foremost, integrity-based leadership is paramount. Companies whose leaders are committed to fundamental values always take major steps to support sound risk management, because a healthy risk culture is a natural consequence of trustworthiness and supportive leadership. Risk frameworks cannot endure an ethics breach or violations of responsibility or disloyalty. Furthermore, leaders must be well-rounded with breadth and depth, meaning that senior management is required to challenge divisions on both local and international levels. Finally, organizations need to set the right incentives because this is a helpful instrument to direct the right risk-taking behavior.
Influence through collaboration. Successful risk management is not solely about key risk indicators, processes and policies. Although these are important, how you actually influence stakeholders is also crucial. The inspiration and motivation of partners is imperative to the pursuit of risk function goals. Confining risk professionals to their formal job descriptions – for example, setting risk frameworks and monitoring limits – is not best practice. Risk professionals should always be collaborating to address the question “Why do I need to comply with this framework?” because a combined effort is the best strategy to fully explain rationale behind each risk framework to teams.
One objective of risk management should always be to develop partnerships within its scope of influence. The subsequent outcome is that business areas will not only adhere to provisions but will also recognize the added-value that a risk framework provides to their products and services. The ultimate outcome is an organization more likely to comply with regulations and internal provisions.
Be prepared. Build a strong foundation in moments of success. I try to apply key lessons from my experience in the military to my daily professional activities, and often recall the saying: “There’s nothing so good that cannot be improved and nothing so bad that cannot get worse.” I have found these following two strategies central to building resilience and trust in good times.
Firstly, going beyond the minimum required business continuity management is essential to ensure resilience. This exercise is not only about fulfilling regulatory requirements, but rather triggering self-assessment in all business areas. This means that not only critical processes ought to be considered. In other words, sound non-critical processes can prevent negative impact on those considered critical.
Secondly, always work in tandem with the first line of defense so that they better understand business processes and mitigation measures. By applying this principle, relationship managers can definitely build a more solid foundation, enabling them to provide clients with clear and reliable information. This ultimately leads to more trust and the consolidation of long-term relationships.
Continuous learning. Stay open to learning from a variety of sources, such as books, articles and business publications to keep up with new trends and to hone your skills. Listen to the frontline enables risk functions to set efficient risk frameworks – for instance, straightforward key indicators. Uncomplicated frameworks prevent the unfortunately all too common “illusion of control” and ensure efficiency. Additionally, key indicators and limits help the frontline to understand the relevant procedures. As a result, they embed the risk management element into their activities and are better equipped to take the decision that is best for both the client and the bank.
From my perspective, these four principles can be pursued while simultaneously preserving the independence of the second line of defense. Risk functions working in silos can create unhealthy risk culture, fragmented ecosystems, the ineffective deployments of risk frameworks, a lack of understanding of business activities and gaps in risk assessments. This is a lose-lose situation for all concerned within an organization.
As a final note, I recommend that risk professionals seize the opportunities as they present themselves and take risks consciously. High performing risk managers do not allow opportunities to drive positive change to slip through the cracks, and always seek to cultivate a sustainable growth mindset.