Menu

Credit Edge

The ECB’s Fresh Approach for Improving Culture and Risk Governance at European Banks

Traditionally, when providing guidance on risks related to culture and governance, regulators have emphasized positive attributes that banks should adopt. But in a recent paper, the European Central Bank highlighted the red flags that firms should be wary of, demonstrating the value of a so-called negative checklist.

Friday, October 11, 2024

By Marco Folpmers

Advertisement

Governance and risk culture remain insufficient at European banks, even though progress has been made in these important areas. That, at least, is the perspective offered by the European Central Bank (ECB) in a recent report.

The ECB’s “Draft Guide on Governance and Risk Culture” states that banks are expected to define their culture, including their “values and code of conduct.” While the supervisor has previously provided governance and culture guidance (emphasizing positive attributes), its latest paper yields a different spin, citing a list of red flags that could be indicators of poor culture.

Signs of Trouble

According to the ECB, risk culture can be operationalized with the help of four components: tone from the top, proper incentives, effective communication, and accountability for risks. Each component leads to expected behaviors. One example of “tone from the top” is when the board rigorously evaluates a new credit product, ensuring it meets duties of care and prudential safety standards.

marco-folpmersMarco Folpmers

The central bank’s new guidelines not only highlight positive examples of culture and behavior but also, importantly, illustrate negative ones. Much like how a movie villain can be more intriguing than the hero, these examples make for engaging and informative reading.

Examples of poor governance include: (1) insufficient management body oversight of internal control functions; (2) deficiencies in the whistleblowing process; (3) insufficient documentation of a variable remuneration framework; and (4) low stature and understaffing of internal control functions.

Risk culture red flags include: (1) unsatisfactory tone from the top from management  to promote good behaviors among staff; (2) a dismissive attitude among staff towards compliance, regulation and supervision; (3) a lack of challenge and debate within  management; (4) wrong incentives – e.g. remuneration of the CRO linked to commercial objectives; and (5) perceiving risk management as a barrier to achieving business objectives.

It's a major step forward for the ECB to explicitly identify these red flags (within a structured governance framework), because they can serve as critical early warning signals.

Given that no bank is perfect, credit risk professionals might recognize some of these red flags in their institutions. Just think about, for example, how often colleagues in sales regard risk management as impeding their commercial objectives. The new ECB guidance, though, should help eliminate – or at least minimize – this backwards way of thinking, via empowering risk professionals to more easily  escalate concerns, speak up, and draw attention to perceived deficiencies.

Management Actions: The Negative Checklist

To truly enhance risk culture and governance, banks should explore new methods to identify current deficiencies. Traditionally, this involves using a "positive checklist" that evaluates the presence of "virtuous" traits within the bank or its units. But supplementing this with a negative scoring system could become an invaluable tool for risk managers who are looking to strengthen a firm’s culture and risk governance.

A bank, after, could meet all its virtuous checklists while still harboring dangerous cultural elements that could increase risk costs or threaten its survival. Sales staff, for example, could remain dismissive of risk management boundaries and risk-based pricing.

Given that culture and governance are intangible, it’s crucial to also evaluate them from the perspective of a so-called negative checklist that considers all red flags – many of which are cited in the ECB report. An example of one item on such a checklist is a “dismissive attitude among staff towards compliance, regulation and supervision,” according to the central bank.

Banks committed to serious risk culture and governance improvement should avoid biases and assess risk culture through various lenses. The negative checklist could be a valuable part of this toolkit.

Fix the Roof When the Sun is Shining

Today, in a relatively low macro-risk environment, the timing seems to be good for the ECB to embark on efforts to improve governance and risk culture at European banks.

Inadequate governance and culture can eventually lead to increased costs related to risk management and portfolio write-downs. When risk costs are below average (as shown in Figure 1), it presents an ideal opportunity to enhance tools for assessing these intangible elements of the risk management system.

Figure 1: Quarterly Cost of Risk – Significant European Financial Institutions

f1-quarterly-cost-risk-241012

Source: ECB

In the past, the ECB’s principles surrounding governance and risk culture emphasized the board's responsibilities, as well as the role of senior management, which operates just below the board. Additional principles pertained to risk, compliance units and internal audit.

The new ECB guidance confirms that European banks are assessed for compliance with governance and risk culture principles as part of the central bank’s Supervisory Review and Evaluation Process (SREP). Based on these assessments, the ECB has determined that there is currently still much room for improvements in culture and governance at European banks.

Parting Thoughts

For supervisors, issuing new guidance is essential for prioritizing governance-related topics for both supervisory teams and bank management. The challenge lies in providing fresh insights into governance and risk culture, despite their inherent stability.

In its news guidelines, the ECB introduces an important additional layer of criteria that financial risk managers can use to evaluate a bank’s risk culture. While it doesn’t provide a comprehensive description of a "bad bank," it offers insight on potential red flags, enabling FRMs to incorporate a valuable new tool: the negative checklist. This is a significant advancement on previous guidelines, and should enhance the dialogue between the ECB and the banks it supervises.

Notably, the ECB has also invited comments on its guidelines from banks. However, if you wish to provide feedback, you need to act quickly, as the consultation period ends on October 16.

Dr. Marco Folpmers (FRM) is a partner for Financial Risk Management at Deloitte the Netherlands.




Advertisement

We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals