One of the root causes of the crisis was a lack of recognition of the importance of a risk management culture in ensuring the long running financial stability of an organisation. Accordingly, institutions are now expected to develop an effective risk management framework and a sound risk culture. The increasing focus on these topics as well as their relevance for regulators at global level are asserted in the Financial Stability Board (FSB) consultative document: Guidance on Supervisory Interaction with Financial Institutions on Risk Culture: A Framework for Assessing Risk Culture, issued in November 2013.
The risk management framework is the combination of elements that encourage and maintain risk management throughout an organisation. It includes risk management policies, objectives, commitments and organisational arrangements (plans, accountabilities, processes and tools). Risk culture, on the other hand, is the set of norms and behaviours that determine the way in which individuals and groups identify, understand, discuss and act on risks. By influencing actions and decisions, risk culture is a powerful driver to support the implementation of a robust risk management framework.