Community Banking

What is Your Bank’s Risk Culture?

written by Josh Beaird

The culture at Wells Fargo Bank has received a lot of attention in the press since the fake accounts scandal broke in 2016. The press has heavily reported the details of how bank employees opened fraudulent customer accounts, due largely to intense pressure they felt to meet aggressive sales goals. This scandal highlights an issue that all banks, regardless of size, should make a top priority: Cultivating the appropriate risk culture within the bank.

Risk Appetite + Risk Tolerance = Risk Culture

Risk culture is derived from a bank’s risk appetite and risk tolerance. A disconnect in this risk continuum can cause problems, as happened at Wells Fargo and among many subprime lenders before the financial crisis. Banks often think of risk within the context of credit risk. However, risk should be viewed from a much broader perspective, including liquidity, market, compliance operations, and reputational risk. Furthermore, the COSO Internal Control – Integrated Framework starts with the Control Environment, which includes demonstrating a commitment to integrity and ethical values, proper oversight by the board of directors, and appropriately designed structures, reporting lines and responsibilities in the pursuit of organizational objectives. A good place to start is by drafting a risk appetite statement, similar to your organization's mission statement. This is a formal document that forms the foundation of your bank’s risk management program. It should be closely integrated with your bank’s overall strategy and clearly communicated to all bank employees, enlightening them to their role in risk management and organizational success. Regulators expect banks to draft a formal risk appetite statement that spells out their level of risk tolerance. Specifically, Enhancements to the Basel II Framework states that “it is the responsibility of the board of directors and senior management to define the institution’s risk appetite and to ensure that the bank’s risk management framework includes detailed policies that set specific firm-wide prudential limits on the bank’s activities which are consistent with its risk-taking appetite and capacity.”

Culture Above All

Your risk appetite statement will help you develop risk assessments, establish control activities, enhance communication, and implement monitoring activities designed to manage risk within your defined parameters. If your risk appetite and risk tolerance don’t translate into a sound risk culture, all your efforts could be for naught — because culture usually trumps everything else. For example, if a bank’s risk culture encourages cutting corners to boost new account openings and sales, employees will likely find ways around policies, procedures and controls to accomplish this. Boards and Executive Officers also need to be aware of powerful managers who can create subcultures that are out of line with accepted bank practices. The Financial Accounting Standards Board (FASB) has specified several different indicators of a sound risk culture, including the following: • It starts at the top with bank management and the board of directors and flows down from there. • Employees are held accountable for understanding the risk culture and how their actions impact it. • Challenges and feedback to the risk culture are welcome and encouraged from employees at all levels. • Employees are incented financially for exhibiting desired risk behaviors. • The risk culture message is continually reinforced, as are policy and portfolio limits designed to manage line of business growth prudently.

What did your mother tell you?

As you strive to create the right kind of risk culture within your bank, try to remember the “do right” rule. Does your risk culture encourage and incentivize employees to do the right thing for stakeholders every time? Stakeholders include your customers, community, shareholders, vendors and other employees. The “do right” rule should lie at the heart of how your bank conducts business. Make it the foundation of your risk culture as well. Give us a call if you’d like to discuss cultivating the appropriate risk culture at your bank 417-881-0145.

Lending Risk2

View Similar Blogs

Other blogs about cybersecurity and your business

  • Istockphoto 184939771 612x612

    How to Minimize Tax Liability: Practical Strategies for Individuals and Businesses

    When it comes to financial planning, one of the most effective ways to protect your income and assets is by understanding how to minimize your tax liability. Whether you’re a business owner or an...
  • Congressional building on a bill

    Congress Passes Landmark Tax Legislation: What the New Bill Means for You

    On July 3, 2025, Congress passed the most sweeping tax legislation since 2017. Known unofficially as the One Big Beautiful Bill Act, this new reconciliation bill permanently extends key elements of...
  • Business owner calculating revenue

    Our Cost Accounting Services and How They Lead to Actionable Profit Strategies

    Do you understand how costs affect your business strategy? The Whitlock Co. leverages our cost accounting expertise to help you analyze expenses. We give you the data you need to make...