Your message has been sent, thank you!

Print the page

Risk Management

Taking the holistic approach

Risk Management

Internal Audit

Five major drivers

Internal Audit

Islamic Banking and Finance

Interpretation & Implementation

Islamic Banking & Finance


Banking Regulation and Business


Treasury and Capital Markets

Market and Liquidity Risk

Treasury & Capital Markets

Financial Crime

Don't be scared, be prepared

Financial Crime
Click here for the New Standards for Risk Management – Governance and Risk Culture Article   Click here for the New Standards for Risk Management – Governance and Risk Culture Article


New Standard for Risk Management (Part 1) - Governance and Risk Culture

Dennis Cox is the Chief Executive of Risk Reward Ltd, the Global Risk Forum and chairs the Chartered Institute of Securities and investment Risk Forum based in London. In this first in a series of articles on this subject he proposes what he believes are the new standards for risk management in light of the plethora of recent reviews and papers generated by international regulators, national governments and the banks themselves.


On 16 February 2010 the Committee of European Banking Supervisors (CEBS) issued their High Level Principles of Risk Management. This followed the declaration of the G-20 leaders on 15 November 2008 to "develop enhanced guidance to strengthen institutions' risk management practices, in line with international best practices, and encourage financial firms to re-examine their internal controls and implement strengthened policies for sound risk management."

As a result of conducting a gap analysis and developing a road map, the CEBS identified the following gaps that required addressing:

  • 1. Governance and risk culture
  • 2. Risk appetite and risk tolerance
  • 3. The role of the Chief Risk Officer and risk management functions
  • 4. Risk models and integration of risk management areas; and
  • 5. New product approval policy and process

Of course only some of these were actually related to the crisis and as with any series of rules development the opportunity has been taken to look at a range of issues. In this series of articles we will look at some of the key elements of these new principles.

Governance and Risk Culture

The Risk Culture

The principles state that "A strong institution-wide risk culture is one of the key elements for effective risk management. One of the prerequisites for creating this risk culture is the establishment of a comprehensive (covering all risk types, business lines and relevant risks) and independent risk management function under the direct responsibility of the Chief Risk Officer (CRO), or the senior management if a CRO is not appointed, following the principle of proportionality."

So what actually is a risk culture and how can one be created? Can you just buy one from a consultancy firm? We often get asked to provide a standard version of a document that can be tailored to any bank - in this case no such document can really exist. A risk culture is driven from the tone of senior management and inculcates all of the employees and operations of the bank. It is all embracing and drives behaviour.

From our point of view it drives from the Goals and Missions of the firm and sets out the parameters within which risk management operates. The risk culture is higher level than individual risk elements and needs to be applied across the entire profile of the bank's risk framework. Are there any risks where the risk culture is not relevant? I cannot think of any - any risk can be transformed, controlled, accepted or mitigated. Accordingly we view the risk relevant test as being relevant to the bank.

Click here for the New Standards for Risk Management – Governance and Risk Culture Article