“It’s the culture, stupid”: Risk culture as the key building block of NFR management – and why some banks have come through the Covid-19 pandemic better than others
Bodo Schmidt and Thorsten Scheibel
Foreword
Preface
Introduction
Introduction to Part I: The origins of non-financial risk management
The complete history of operational risk regulation (abridged)
Financial institutions and non-financial risk: Learning from the corporate approach
The painful financial side of NFR
“Risk management is about managing risk” and “It’s all about people”: Psychology might be more important than models
The confusion of Babel: What’s in the name NFR – taxonomy
Introduction to Part II: Governance of non-financial risk management
“It’s the culture, stupid”: Risk culture as the key building block of NFR management – and why some banks have come through the Covid-19 pandemic better than others
Do you know who is who? Three lines of defence in the context of NFR
Herding cats? NFR divisions as truly diverse units
“Just do it!”: Partially self-organising governance structures for NFR frameworks
Introduction to Part III: Tools and instruments for non-financial risk management
A risk by any other name: Identification, classification and agendas
Old but gold? Mastering the RCSA despite Covid-19
Biases in scenario analyses and how to mitigate them
When scenarios are not severe enough: Stress testing for non-financial risk
Ending NFR in NFR: From Excel sheets to professional IT systems for NFR management
Breaking up with risk management: Using the power of controls for good not the prevention of evil
Introduction to Part IV: Focus areas of non-financial risk management
It won’t be over after Covid-19: Pandemics and operational resilience
Dealing with IT complexity and innovation: Delivering business resilience and customer outcomes
Protecting the new gold: Information security
Conduct risk and the impact of Covid-19
From lawsuits to models: Compliance risk and financial crime
Others are doing it cheaper: But can they really? Opportunities and risks in outsourcing
Managing reputation and stakeholders
Introduction to Part V: The future of non-financial risk management
ESG risk as a new (and very important) trigger for NFR
Looking into the crystal ball: What will NFR management look like in 2030?
This time will be different: An alternative future of NFR management
Right time, right place: The drive for change in operational and non-financial risk
This chapter will highlight the relevance of an established risk and corporate culture in times of crisis, such as that experienced in the context of Covid-19. It will establish a link between requirements for a healthy risk culture from a regulatory perspective and provide practical examples to reinforce this connection. It is important to understand why some banks have come through the pandemic better than others in terms of the risks involved.
The management of non-financial risks, especially crisis and business continuity management (BCM), is of central importance during a pandemic, as we saw in 2020 and 2021. In this respect, the pandemic acts like a real-life stress test for which the organisation could hardly prepare. This kind of risk management was probably not simulated in this dimension in many companies. However, banks were more familiar with such a situation from their crisis and stress scenarios aimed at changing parameters or from operational risk scenarios with probabilities of occurrence every 100 years.
Nevertheless, this particular challenge was well-managed by many companies – one reason for which could be trained behavioural patterns for cooperation in
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net