Banking Exchange Magazine Logo

Vigilance—essential to a strong risk culture

Part 1 of a series: Risk management depends on consistent effort

Vigilance—essential to a strong risk culture

Successful risk management requires an organizational culture that encourages and reinforces good risk management decisions throughout the company.

Easily said.

Building such a culture is hard work. Cultural change—a real shift in attitude—is not produced from thin air by occasional pep talks or by posting colorful motivational posters in the company cafeteria. A strong risk culture emerges only after top management has committed the time, the resources, and the incentives to make it happen.

It is a management crusade, not a special project run by the HR department.

Build up your weak points

But what does a strong risk culture look like and how do you build one? 

In a prior blog post I asserted that a strong risk culture has observable attributes that foster better risk decisions. If some of these attributes are weak, there are specific, pragmatic steps you can take to strengthen them.

These attributes are:

Vigilance—Being alert to emerging threats and opportunities.

Agility—Deciding and acting in time.

Collaboration—Being able to work together effectively on risk issues.

Communication—Sharing information and ideas about risks.

Discipline—Knowing and doing what is right from a risk perspective

Talent—Attracting and motivating people who have the necessary risk knowledge and skills.

Leadership—Inspiring, supporting, practicing and rewarding good risk management.

In future posts I will discuss each of these attributes in more detail. We will start with Vigilance—being alert to emerging threats and opportunities.

Vigilance, and its deepest, strongest roots

Vigilance requires the continuous gathering and analysis of unbiased, timely, and relevant intelligence about what is going on in the company and what is going on in the outside world.

This high-quality intelligence is rarely available to companies that rely solely on informal or traditional sources of information.

Yes, you need the usual reports: financials; operating stats; market data; customer activity; and so on.

And yes, you should pay attention to the trade press, the internal rumor mill, and to the anecdotes that flow in from employees, management consultants, investment bankers, directors, important investors, and customers.

But if that is all you do, your intelligence is likely to be average quality, at best,  and it will provide no competitive edge in identifying emerging opportunities and threats.

You need to be one step ahead of your competitors.

And you must avoid unnecessary surprises.

Avoiding key pitfall of risk intelligence

One big problem with the usual sources of intelligence is bias.

Because of the way the information is gathered and evaluated, management may draw conclusions that are way off the mark.

There are many sources of bias: taking too narrow a view of how the company may affected by a changing business environment; being myopic about longer-run scenarios; being complacent about potential threats; looking for confirmation of one’s pre-existing beliefs and rejecting contrary views; relying too heavily on advisors with an axe to grind… the list is long.

There is no way to completely eliminate bias in the decision-making process, but there are ways to reduce it substantially. For example:

1. Actively seek out diverse sources of credible intelligence that are truly independent. Be wary of advisors with an axe to grind.

Look to independent think tanks and research firms, academics, prominent business leaders that are not your competitors or customers, and so on.

Cast a wide net to include many differing disciplines and points of view.

Make sure to include some qualified advisors whose views you may not find congenial.

2. Build a systematic, disciplined process for continuously gathering and evaluating intelligence.

Develop an explicit framework for prioritizing and communicating this intelligence to those who need to know. Get in the habit of holding frequent intelligence briefings.

3. Build a framework for relating this intelligence to the business of the company.

This means that you understand the main drivers of your business and how trends and events will affect them and thus change the value of the company.

4. Identify the business decisions that are needed to make the most of this intelligence.

Make valuable intelligence actionable.

5. Make it clear to managers and employees that bearers of bad news or heretical ideas will not be shot.

Avoid group-think at all costs. Reward those who provide valuable intelligence.

Taking steps like these will equip senior management and the board with a continuously operating “radar screen” that will provide an early warning capability for emerging threats and opportunities.

Dan Borge

Dan Borge is the author of The Book of Risk and a consultant on strategy and risk management.  He was the principal architect of the first enterprise risk management system, RAROC (Risk Adjusted Return On Capital), at Bankers Trust, where he was head of strategic planning and a senior managing director. Prior to his banking career, he was an aerospace engineer at The Boeing Company. You can also read a review of The Book of Risk here, "A Risk Management Book That Doesn't Make You Snore."

back to top


About Us

Connect With Us


CSI: Hawthorn River
Lending Regulatory Compliance

WEBINAR: Tuesday, May 21st, 2024, 2:00 CT / 3:00 ET

Join us to learn more about leveraging technology in Hawthorn River to support your lending process and its regulatory compliance. From 1071, TRID, HMDA, CRA and more in the sea of regulatory acronyms, our end-to-end loan origination solution creates efficiency for financial institutions.

Join this session for an overview of the platform, an interactive Q&A and information about:


This webinar is brought to you by:
OneSpan logo