APRA Risk Culture survey results for Banks – Some improvements, more to do and no room for complacency.

APRA Risk Culture survey results for Banks – Some improvements, more to do and no room for complacency.

Ian Holding, Principal Consultant – Mosaic Financial Services Infrastructure

17 January 2023, Ian Holding, Principal Consultant – Mosaic Financial Services Infrastructure

In mid-November 2022, APRA released the results from their most recent Risk Culture surveyThe survey was provided to 18 authorised deposit-taking institutions (ADIs) between October and December 2021. The 18 ADIs comprised the five largest banks (Major ADIs) and 13 smaller entities, consisting of regional banks, foreign bank subsidiaries/branches, mutual banks, credit unions and building societies (Other ADIs). The survey invited all employees in these selected institutions to share their views on their organisation’s risk management practices and culture.

As an experienced Risk practitioner (largely in the UK) the results only serve to reinforce my view that organisations still have much to do in terms of improving their risk culture and supporting risk framework, and this is especially relevant in Aotearoa !

Key Risk Culture survey insights

In summary, APRA identified five key Risk Culture survey insights:

    1. Executives were overconfident regarding their entity’s risk management capabilities.
    2. Risk management practices vary widely.
    3. Executives are prone to blind spots.
    4. Risk management roles and responsibilities require further clarity.
    5. Executives and individual staff experience decision-making and constructive challenges differently.

Why you need to take notice of these results?

Clearly, like any survey, APRA’s report only reflects one set of data points from a limited reference point (18 ADI’s) and thus cannot be viewed in isolation or be applied universally. BUT what it does do is ask the question and prompt organisations to examine these results in conjunction with other data points, such as their internal risk culture reviews/assessments and other risk management metrics, to create a more informed and specific perspective of their organisations risk culture. The Board and Senior Executive should be asking the right questions to gain tangible and factual risk intelligence that provide assurance, or not that they are on the right track, or not and then react and manage appropriately.

The initial Risk Culture pilot survey in early 2021 raised some key risk areas that have arguably been chronic global risk issues for many years. Namely,

  • Poor or ineffective Risk Governance and Controls.
  • Poor or ineffective Decision-making and Challenge (internally) ; and
  • Responsibility and Accountability.

What has changed in my view and is to a certain extent reflected in these latest survey results, is that the awareness of these key factors has improved and so risk maturity and the need for real risk uplift has moved up the Board, Executive and importantly Client priorities list. The expectations from Boards, shareholders, clients, and auditors have increased, meaning there really isn’t anywhere to hide when it comes to delivering real and measurable risk management uplift and maturity. To be fair, APRA do give credit to the industry on this point however go on to advise caution there is “No room for complacency”. See APRA link: No room for complacency on bank risk culture | APRA

So how does an organisation assess its current state risk maturity and then develop an effective risk strategy and risk management uplift program to improve their organisations risk culture and supporting risk framework?

This is where, we at Mosaic can help you – in the last year Mosaic has built an expanded team of experienced and seasoned Governance, Risk and Compliance professionals who have deep lived experiences from within the financial services industry, both here in New Zealand but also internationally. Please contact us to find out more about how we can support you in pursuit of your organisations risk management excellence.