Issues in International Risk Management: Credit Suisse, Svb and Implementing the Right “Risk Culture”

Edward Bace

Abstract

“Risk culture” can be defined in a number of ways and there are a number of ways of looking at it. Much formal literature has been written on this topic. Risk culture is part of the firm’s culture, which are the beliefs and attitudes about something that people in a particular group or organisation share, and/or a system of shared values (that define what is important) and norms that define appropriate attitudes and behaviours for organisational members (how to feel and behave). Some common beliefs and traits run through these: behaviours of our leaders, or “tone from the top”, existing accepted practices within the organisation, culture of people brought in from outside of the organisation; and practiced and lived Vision, Mission and Ethos of the organisation. Culture affects the way people and groups make decisions and interact with each other, with clients, and with all stakeholders. At Board level risk management and control must be given adequate time; ideally at Board level there is an appetite to ensure that the risk framework “front runs” the business growth and agenda; at Executive level the picture should be similar, with C-suite reflecting the approach above. Lessons for us all speak to having the right “Risk Culture” in the organisation: policies only protect you if follow the policies; and having three lines of defense only works if you act on the first two lines of defense. Well functioning teams assist an effective risk culture. A team that works well together will see a common, shared objective in their endeavour – being part of a well-managed institution– and this generates a sound risk culture. The key to well-functioning teams is effective leadership, and this presentation cites some case studies from 2023 in risk culture and competence, including Silicon Valley Bank and Credit Suisse, delivering some recommendations.

Presentation