Late last year, the Australian Prudential Regulation Authority (APRA) rolled out a risk culture survey to 18 regulated institutions after a successful risk culture survey pilot in early 2021. The survey asked employees to share their views on their organization’s risk management practices, enabling APRA to better assess the perceived effectiveness of risk management practices within participating entities and across industries.
For most organizations, there was a clear link between the risk culture survey results and APRA’s supervisory findings in that organization. For example, areas in which organizations did not score well on the survey were often areas APRA had already identified as needing improvement in its ongoing supervision activities.
The survey results also highlight banks’ work on communication and escalation of risk issues, as well as the cultivation and monitoring of sound risk culture. On the other hand, the survey revealed that employees believe some factors that hinder non-financial risk management, such as lack of clarity regarding roles and responsibilities and less-than-effective risk management frameworks and practices, are still prevalent today.
Additionally, the results reinforced the importance of a psychologically safe environment, where employees feel willing and safe to speak up. Executives, senior managers, and employees held similar, positive views about being encouraged to escalate risk issues promptly. However, 8% fewer individual contributors than executives felt that, in their part of the business, it is safe to speak up and that people admit when they have made mistakes. These findings point to a potential blindspot for executives.
In our 2022 Compendium, Wayne Byres, who served as APRA’s CEO until last month, wrote about the philosophy behind this work.
"Our ambition has been to expand our supervisory toolkit, build frameworks and approaches, and ultimately to deliver better insights on risk culture, "Byres wrote, “from which APRA is then better placed to target and pursue changes that are needed within financial institutions themselves, and strengthen the risk culture of the industry as a whole.”