Risk Culture is defined as institution's norms and attitudes related to risk awareness, risk taking, and risk management. In PwC's globally recognised methodology, the Risk Culture is described by 6 Focus Areas. Within each Focus Area there are attributes formulated on the level of individual risk categories or processes. There are separate attributes for attitudes and norms (technical aspects of risk management).
The initiative is unique in covering all types of risks (credit, market, operational, liquidity) and related processes (stress testing, capital management).
By performing the initiative, a collection of improvement opportunities and recommendations are formulated towards reaching regulatory compliance and leading market practice. The initiative delivers targeted projects designed to implement the recommendations. It usually defines the risk management agenda for the next 1-3 years, supporting the strategic goals of the institution.
Overview of PwC Risk Culture initiative phases
Key Questions
- What is the current culture?
- What are the improvement opportunities and recommendations for Risk Culture improvement?
Key Activities
- Assess the Current State
- Deep Dive into technical aspects
Detailed description of Phase 1
Two layers (attitudes-focused and norms-focused) define the extent to which a deep dive into the technical aspects of managing risks is performed during the assessment. The Risk Culture Assessment report aggregates information gained during each step. The report provides (i) maturity levels for each Risk Culture attribute, (ii) improvement opportunities identified, and (iii) mitigation actions formulated as recommendations (see Examples).
Risk Culture Survey
- An online survey for all employees using PwC dedicated web tool
- Results are benchmarked to the PwC Global Risk Culture Survey done in 2018 amongst financial institutions.
Desktop Research
- Study of key internal documents of the institution related to risk management in a broader term (Risk Appetite Statement, policies, procedures)
Targeted Interviews
- Interview with the key Risk Culture stakeholders across the institution covering all 3 Lines of Defense representatives.
Example Questions
➤
Focus Groups
- The initial assessment is presented and discussed with Risk Culture stakeholders. The discussion includes commenting on regulatory background and market practise. The purpose is to transfer the knowledge and create buy-in amongst future project owners.
Key Questions
- What does the desired culture look like?
- What are the benefits for the institution?
- What are the next steps?
Key Activities
- Burning Platform
- To-Be Vision Creation
- Roadmap Design
- Organisation Structure Design
Detailed description of Phase 2
Improvement opportunities and recommendations from Assessment phase are processed to deliver the Master Roadmap – a collection of projects, grouped by focus areas (or risk categories), considering the institution's priorities, capacities, and interdependencies amongst the projects.
Master Roadmap is submitted to project Sponsor and Board of Directors for approval.
Aggregation of Recommendations in project
- Description of targeted end state, benefits, design of Project Charter (see Example)
Grouping of projects
- Individual projects are grouped per area, creating an agenda for the particular team. Prioritization of projects with regards to the team capabilities.
Design of Master Roadmap
- Compiling final report by aggregating and mapping the projects, considering project interdependencies.
Board of Directors approval
- Project Sponsor approves Master Roadmap, and Board of Directors approves projects selected for the implementation phase.
Key Questions
- What is the necessary set of experiences leadership needs to deliver a transformational project?
- Which expertise and capacities are required to implement the proposed changes?
Key Activities
- Project Management
- Progress Measurement
- Application of Expertise
- Reporting to the Board
Detailed description of Phase 3
Implementation support in the execution of selected Risk Culture projects - project owners, objectives, deliverables, timeline defined in Phase 2.
Subject-matter experts from the area of transformational projects and Risk Management will provide the necessary capacities needed for implementation activities and their rapid acceleration.
Designing the controls identified as missing and implementing them to business as usual operations.
Our tools
Risk Culture Survey Tool
- On-line tool used to collect anonymously responses from survey participants
- Easy and quick overview of survey results
- Segmentation of responses per divisions, departments
- Universal www link for all respondents (or tailor-made link)
Risk Maturity Tool
- Focus on implementation of the 3 Lines of Defense model
- Addresses approx. 30 attributes of the Risk Culture
- Based on the regulatory requirements
Risk Governance Tool
- Focus on the 2nd Line of Defense
- Addresses 31 attributes of the Risk Culture
- 3 areas of assessment:
- Risk environment
- Approval process
- Control and Oversight
Risk Global Tool
- Based on observed supervisory expectations and requirements of leading central banks
- Organized per risk areas (credit risk, market risk, liquidity risk,…)
- Deep dive into technical aspects of the institution’s risk management
