Magazine article The RMA Journal

Building a Strong: Thirdparty Risk Management Culture

Magazine article The RMA Journal

Building a Strong: Thirdparty Risk Management Culture

Article excerpt

When Greg Carmichael took the helm as president and CEO of Fifth Third Bank in late 2015, he powered the institution's risk management practices on a journey of transformation. In Carmichael's words, the years of "go-go growth at any cost are well behind us."

As banks came out of the financial crisis, Carmichael saw many of them struggling. Some didn't survive insurmountable shortfalls in capital and liquidity. Of those that did survive, some won't make it in the long run. The predominant reason is misalignment between their business models and the current environment.

Leaders everywhere are recalibrating the direction of their institution and the sector. "Senior leadership needs to have a mindset of being strong through every cycle," Carmichael said. "Strong in good times, and strong under adverse economic conditions."

Regulations are intended to ensure that all financial institutions are strong through every cycle and operating in a manner consistent with the principles of safety and soundness. But the regulatory burden is a heavy one.

A 2014 study by the Federal Reserve Bank of St. Louis revealed that "governance practices may not be as critically dependent on direct expenditures as they are on the ability of management, boards, audit committees and internal auditors to work together to properly focus oversight attention, and larger banks have an edge in focusing that attention more efficiently." These practices are referred to as "tone at the top."

The phrase has been widely adopted by the financial services industry to describe appropriate business behaviors that align with a strong risk management culture, which is demonstrated by the behavior of senior management and by the rewards and consequences throughout the organization.

Compliance and risk management are not interchangeable terms, however, and investments in compliance-related activities and processes may not translate into sound risk management practices. Compliance with regulations and laws should not be the endgame. Effective risk management is reliant on a strong risk culture, communicated through the tone at the top, and good corporate governance.

At Fifth Third Bank, tone at the top is supported by the North Star program. North Star is a set of interconnected strategic initiatives to strengthen competitiveness while de-risking the bank. Embedded in every North Star initiative is a strong regulatory core, which ensures decisions are aligned with tone at the top and the bank's risk appetite. Every employee knows what's important and where the bank is going.

Consistent communication across a large, dispersed population of employees is hard to achieve, however. So to address this issue, Carmichael expanded Fifth Third's operating committee to the bank's "Top 100." The group meets in person every quarter and returns to their offices armed with a complete communication toolbox consisting of talking points for local town hall meetings, prepared communications, and a corporate video. This approach ensures that bank employees remain aligned with the bank's tone at the top, strategic initiatives, goals, and progress.

To deliver its strategic three-year plan, Fifth Third made significant investments in people, processes, and tools to strengthen the bank's tone at the top, risk culture, and risk management practices.

To quote a publication of the Office of the Comptroller of the Currency, "Among the elements of a strong culture and an effective tone at the top are

* A strictly enforced code of ethics that applies to everyone.

* Open and candid communications throughout the organization.

* Clear lines of authority and responsibility.

* Transparency.

* Strong internal controls." (1) Effective third-party risk management can only be achieved when there is a risk-centric "tone at the top" corporate culture combined with sufficient investment in expertise, processes, tools, experienced people who work well together, and sufficient time invested by senior management and the board in governance activities. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.