While focus of the Financial Services Royal Commission extends to further aspects of misconduct, it is interesting to note the former Chief Risk Officer of ANZ indicates "The royal commission had exposed risk management failures across the industry. He said the key to good risk management is culture."
While we agree with many aspects of this perspective, the Royal Commission has identified a number of serious gaps in the armour of financial services enterprise risk management.
Cultures of sales at all costs, personal gain over customer services, misappropriation of charging for services, etc. all lead to both a breakdown in culture and a breakdown in the three lines of defence.
Mark Lawrence continues to state;
"When you work on culture over many years you understand that in banks where the risk culture is strong, there is a force acting within the organisation that mitigates and works to actively prevent much of what we're seeing."
Is the force Mark is referring to frontline assurance, second line governance and third line Internal Audit?
The risk culture paper published by APRA in October 2016 indicate the 2008 financial crisis overseas revealed a poor risk culture and weak risk management led to unbalanced and ill-considered risk-taking, to significant losses and, in some cases, to institutional failures."
So perhaps risk culture is only part of the equation, perhaps the multitude of excel worksheets and emails pivotal to Enterprise Risk Management are not necessarily appropriate or effective in monitoring and managing the risks they are intended to mitigate.
Perhaps a digital re-think of the three lines of defence alongside a risk culture push from above is going to be more effective than bullet points in a report pinned to the wall.
To speak with the global leaders in Three Lines digitisation, contact QC-Technology