The last few years have been anything but smooth sailing for financial services (FS) companies. They’ve weathered a global pandemic, strained supply chains, geopolitical crises, stubborn inflation, and countless other disruptions. And while a new year is usually a time for fresh starts, all signs seem to show that volatility will continue to be a dominant theme in 2024.
Right now, risks are all around – and they’re only getting more complex and commonplace. To stay ahead of them, a risk function can’t continue to rely on the same old strategies and solutions. The moment we’re in demands a different approach. Here are three key questions FS firms should ask to make sure their organisational culture is prepared to meet it.
1. How clear are peoples’ roles and responsibilities?
The Three Lines of Defence (3LOD) framework has long been the holy grail of risk management, ensuring there is clear independence across all three lines. But as the risk landscape becomes more complex and fast-moving, it has exposed weaknesses in the traditional framework.
In certain cases, the 3LOD model can give rise to a silo mentality, leading to poor collaboration and communication between the front-office and the risk management unit – the first and second lines of defence. This can go on to create duplication of effort, disputed accountabilities and misaligned goals around risk management.
To improve coordination across the 3LOD, everyone needs to have clearly defined roles within the framework. All team members should know how their individual roles fit into the overall framework and where their responsibilities lie and avoid grey areas. Otherwise, it can lead to situations where, for example, the first line stops performing certain activities, because they believe they are covered by the second line, when in fact this is not the case.
This becomes crystallised during times of crisis. When individuals know the role that they must play and the actions they must take, it helps the entire organisation co-ordinate its response in a more proactive and effective way.
2. Is your culture helping or holding you back?
Reflecting on recent banking crises, we notice a clear degree of interconnectedness, where risk in one area quickly spills over to others. At the same time, however, this connectivity does not extend across the business itself. Functions remain siloed, goals are not clearly defined or understood and there’s a lack of transparency between different teams.
To deal with increasingly interconnected risks, everyone needs to work together – and that’s where risk culture becomes key.
We know that over the next year, more organisations are going to embark on culture programmes. Why? Because they recognise that breaking down barriers is going to be really important to deal with the current and emerging risk landscape.
To drive this transformation, FS firms need to ask deeper questions about their risk function and the business as a whole. Does the organisational culture empower people to speak up and challenge the status quo? Or are there strong forces which prevent this and lead to group think? Are people encouraged to raise concerns or are they advised to keep their head down and to stick to what they know?
If everyone works together in a spirit of trust and transparency, this lends itself to greater accountability and more effective decision-making. For this, it’s absolutely vital to set the right tone from the top. Here, senior management must lead by example, showing the right behaviour and right actions themselves.
3. Do you have the right tools and technology to support you?
Technology can be a great enabler to improve the efficiency of and insight from risk management activities. But many financial institutions find themselves weighed down by legacy systems and processes, which can stand in the way of digital transformation.
We see many organisations using technology that was first introduced many years ago, in a very different landscape. They spend considerable time and money maintaining a web of complex, often disjointed systems that have been built up over decades, often as a result of legacy mergers and acquisitions. It’s also difficult for them to make updates to these systems and integrate next generation tech including opportunities to harness artificial intelligence (AI).
There’s no easy way to overcome the barrier posed by monolithic legacy tech. For many firms, it’s like tearing up the foundations to a house and rebuilding them while you’re still living in it. But, at some point, modernisation becomes inevitable, and organisations will have to decide on what path they take to get there. With advances in technology and approaches to implementation, we are seeing exciting options for effective and cost sensitive transformation to take place with both the use of existing applications whilst improving overall architecture and moving to cloud.
Ultimately, an organisation’s risk framework, culture and technology are closely intertwined. It takes all three working in harmony to drive effective mitigation of and response to risks. Plus, with the nature of that risk continually changing, FS companies can’t see these elements as a monolith either. Their approach to oversight and management needs to be flexible and adaptable in order to take on today’s threats and tomorrow’s opportunities.
The importance of culture for risk management
When we ask Chief Risk Officers (CROs) what they are worried about, they usually mention specifics like geopolitical risk, credit risk, and cybersecurity risk. But their biggest blind spot is often the most important factor that influences how these risks are managed: culture.Read more
Staying the course: strategies for managing intra-day liquidity
We take a deeper look at how organisation can apply Formula 1 strategies to manage their intra-day liquidity needs more effectively.Read more
Four steps to building a firmer risk framework
What steps does an organisation need to take to evolve its risk framework? We share four key areas to focus on to build a firmer risk management framework.Read more
Steering your risk management in the right direction
What can financial organisations do to steer a safe course through a complex, fast-moving risk landscape? It all starts with a resilient risk framework.Read more
Related Case Studies
Delivering regulatory change for UK building society
How can a UK building society deliver regulatory change while ensuring a great customer experience?Read more
Keeping large-scale capital investment on track
How do you independently assess the governance and maturity of a multi-billion program?Read more
Equipping a UK building society to fight financial crime
How do you create a technology platform that can stay one step ahead of financial criminals?Read more
Using regulatory change as an opportunity to strengthen and rationalise internal controls
As UK regulators plan an Internal Controls and Governance directive, this major insurer seized the opportunity to achieve its long-term ambition.Read more