Skip to main content
Blog Post

3 drivers of epic risk culture failures

Risk & Analytics|Insurance Consulting and Technology
Risk Culture|Insurer Solutions

By Kenneth McIvor | May 29, 2019

Organizations that foster a positive risk culture tend to be those that thrive. This is an imperative of the strategic chief risk officer (CRO).

Examples of poor risk culture from Australia and Japan drive this discussion of three specific ways that culture can fail a company along with suggestions for how the CRO can help to repair. This is another part of the Year in the life of the Strategic CRO series.

All organizations need to take risks to achieve their objectives. The ones that do this most successfully are those that embody the ideas, customs and behaviors that ensure risks are identified, understood and acted on at all levels of the business. In short, organizations that foster a positive risk culture tend to be those that thrive. This is an imperative of the strategic chief risk officer (CRO).

Two high-profile failures of risk culture

Much light of late has been cast on the Australian financial services sector’s handling of risk culture. The diagnosis looks bad: It’s hard to read the final report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and not conclude that the risk culture has been dysfunctional. The commission’s findings shed some light on the “invisible hand” of culture that could lead an institution to charge fees to customers who are no longer receiving advice and try to hide the extent of it from the regulator.

Another case in point is Japan’s handling of its labor survey scandal, which centers on how incorrect jobs data from the Ministry of Health, Labor and Welfare from as far back as 2004 led to underpayments to around 20 million people. Even more concerning is the revelation that an official purposefully withheld information regarding a government-wide inspection into the issue. One cannot ignore the part played by risk culture, and culture more generally, in shaping statistical methodology to favor the incumbent leadership.

3 drivers of risk culture failure

Since we’ve covered risk culture in another article in this series, we’ll concentrate here on just three features of management that drive risk culture failings and indeed have played some role in the two failures described above:

Misaligned incentives: Conflicts of interest are produced by measures used for manager assessment and compensation. Negative outcomes from misaligned incentives are often most acute for listed financial services companies that are accountable for meeting shareholders’ expectations and treating customers fairly.

At the organizational level, no business can be sustainable without the right balance between these priorities. However, organizations are made up of individuals, and individuals, like the senior executives at the Australian banks, have targets to meet that can interfere with softer and less quantifiable commitments to customers.

Short-termism: An environment of passivity prevails or, in the other extreme, behavior that generates quick rewards. Keynes may have written that in the long run, we are all dead, but short-term thinking can be just as lethal at times.

Short-termism describes the behaviors that result from management operating in time-limited roles beyond which they are unaffected by negative repercussions. Political parties suffer most severely from this behavior brought about by the periodic cycles of government. Short-term appointments can, on one hand, allow fresh thinking to enter a team, but on the other, it can foster a mentality of “don’t rock the boat.” Just ask the Japanese ministers who served their time leading the Ministry of Health, Labor and Welfare from 2004 to 2017.

Entrenchment: People, tools or processes are so heavily embedded that any changes result in significant risk and uncertainty. In such cases, staff may have become key-person risks or are so invested in a way of doing things that change is futile or indeed dangerous. This type of risk appears frequently in the lives of actuaries, be it that one member of the valuation team who knows how everything fits together or that model that has been patched up countless times as owners have come and went and now strikes fear into the hearts of anyone bold enough to inspect the code.

If we are honest with ourselves and we weigh up the realities faced by today’s managers, asking them to go against the grain in these areas can be like asking them to deny their instincts of self-preservation.

Don’t leave it until it’s too late

All is not lost; the strategic CRO has a host of modern approaches to alleviate these common management issues.

These include:

Enterprise risk management — A sound risk culture is built on the foundation of a fit-for-purpose risk management framework. Having a dedicated risk management team that can design, build and maintain a risk management framework that is commensurate with the idiosyncrasies and sophistication of the company is an essential underpinning.

Enterprise technology — While never on its own a panacea, a smart implementation of the right type of tools can revolutionize an organization’s governance framework. There is a vast range of options around software and enterprise solutions for all aspects of the insurance value chain. Making the right choices for the strategic fit to the business is crucial.

Measure to manage — It’s easier to manage something that you can measure. Following the 2008 financial crisis, the Dutch regulator staffed up on organizational psychologists and invested heavily into efforts to assess the culture of financial services providers operating in The Netherlands. Many financial services providers now have a set of criteria for monitoring organizational culture and risk culture.

Break the status quo — Taking no action is making the decision not to act. Managers can be rewarded for clearing the skeletons from the cupboard, but they may need an independent third party to give them an honest assessment of the situation. Don’t leave it until it’s too late.

Choosing not to fail

Alignment between the risk culture existing within today’s financial services providers and individual self-interest will not happen overnight. Over time, regulatory pressures will take effect. In the near-term, companies that have recognized the value in fostering a positive risk culture, and have acted on it, that are choosing not to fail. These are the companies that are choosing to thrive.


Kenneth McIvor
Director, Insurance Consulting and Technology

Contact Us