Regulators are taking a heightened interest in organizations’ risk management and underlying cultures, with the spotlight shifting somewhat from banks to insurers. Organizations with mature risk cultures are more likely to make decisions that satisfy long-term business goals and meet regulatory demands.
The paper discusses the importance of risk culture. The point is made that there is no one right risk culture and that there is a co-dependence on organizational culture to create the environment that allows a risk culture to flourish. Specifically noted is the need for broad support from the board, executive management, through to the front lines, in message, tone and behavior to form and embed a sound risk culture. Although a risk culture starts at the top, all employees should see themselves as risk managers and consider the risks in their everyday decision-making.
The focus of the paper is on the practical side. The paper investigates essential hallmarks of a sound risk culture by providing examples of good and bad elements of risk culture. The early detection of these indicators, and (possible) red flags, enables organizations to respond to risks in an adequate and timely manner. These practical examples illustrate good case practices on how firms deal with designing, embedding, measuring and monitoring a sound risk culture.