Beyond the Risk Register: engendering a risk-aware culture
Date: On a date of your choice
Location: Delivered as an interactive briefing
Event Code: BRR
Regulators and activist investors are using recent advances in behavioural
science to demand that public companies to give ‘better answers’ to control
challenges. These include looking again
at how the Board determines what is ‘acceptable’ conduct in protecting a
commercial interest; and making each Director criminally liable for allowing
any form of ‘customer detriment’.
A new wave of cyber threat is rising meanwhile, as hackers use
skilful mapping of your staff’s behaviour to mount ‘social engineering’
attacks, rendering conventional IT defences (such as firewalls) almost useless.
This unique event demonstrates how a properly ‘risk-aware’ Board
can respond to all of these varied disruptions with a simple change of focus,
transforming the efficacy of risk governance.
Since all staff engage in risk-taking, they all have a stake in
collective management of risk.
Over time, every one of them can put new
insights to work: strengthening the first line of defence, giving earlier warning
of strategic risk and uncertainty, averting disruptive challenges, and
increasing the Board’s central capacity for sensing risk.
Sharing private insights from many years of Board-level risk
research, Dr Roger Miles will show
how Boards can lead the way in harnessing hidden resources to engage all staff
in ‘working risk-aware’, for a more productive and resilient business.
1. Why conventional control systems fail - why
today’s approach doesn’t work
- Regulators’ poorly conceived early
attempts to control behavioural risk
- Where modern regulators get their
and other impacts of “bad behaviour”
most businesses are looking in the wrong place for cyber risk
wisdom and the perverse incentives created by a “no
surprises” approach that excludes uncertainty
of these claims is true?: (1) More detailed risk data reports improve
decision-making; (2) Balanced Scorecards and KPIs improve risk culture; (3)
Government and regulatory “crackdowns” improve conduct; (4) Impact Assessments
make legislators design control interventions more carefully
case study behavioural research returns the clear answer: NONE OF THE ABOVE.
What are we to do, now we know this?
2. What ‘risk-aware working’ is; how to
identify and manage behavioural risk
behavioural research findings recognized the limits of rationality in
decision-making; identifying various forms of bias that contribute to
‘reframing’ and that compromise rational decision-making
new methods are now emerging to assess, monitor and adjust for behavioural
- Five ways that we may inadvertently switch any stakeholder from normal tolerance of
risk into an intolerant / challenging / hostile stance. How to anticipate and avoid such switching.
- How identifying and managing behavioural risk allows you to protect
business value and lower cost of capital
- As a leader, how to overcome your reliance on econometric models,
MI reports and IT systems. Which preconceptions you can change, for your
organization to perceive risk more clearly and manage it more robustly.
3. Using alternative forms of risk insight to overcome
the regulatory and behavioural hazards to your business
past three big fallacies: econometrics, rational actor, expert view
risk: the new behavioural threat frontier
- Separating risk from uncertainty; the
different ways to engage with each of these aspects
- Three types of risk conversation and why we
must sustain all three
- How to introduce more powerful,
behaviour-based predictors of risk hotspots: what a “behavioural lens” reveals,
that the conventional risk picture doesn’t reveal
this to work: adding business value by promoting a culture of risk-aware
- What stakeholders are now looking for in
firms: the new common ground between regulators, customers and investors
- Release value by allowing and encouraging
everyone to “work risk-aware". Curing risk-reporting
diarrhoea (checklist-vision, data dumps and ritual
audits): Getting everyone to see
routinely beyond recorded, systemically controlled risks
- The benefits of keeping pace with a moving
target: consumers’ subjective sense-making of risk. How to achieve this; where to look.
- Embodying the Board Director’s function of challenging accustomed
behaviour, leading a culture that properly values risk-awareness
- Understand and limit your
personal liability, as regulators look more closely at individual Directors in
banking, insurance and asset management.
- Find out where your firm stands
on a scale of risk-aware working, from fully competent to ‘box-ticking’, and
how the whole organisation benefits from engaging the risk-sensing capacity of
- Value the difference between
simply reading MI and engaging a higher intuitive level of judgement – as any
good Board would wish to do.
- Identify the shortcomings of conventional
risk assessments; how to avoid letting these limit the vision of Board
decisions on risk; and to bring the Board to a deeper understanding of many
forms of risk.
- Dispel false assumptions that Boards and
regulators make about risk culture initiatives; which forms of intervention
work and which should you avoid?
- Learn from case examples of others’ successes
and failures; what actions should Boards take to demonstrate their grasp of
behavioural risks to their business?
Consultant: Dr Roger Miles
Dr Miles leads forum groups for the CRO and Conduct principals of many regulated financial firms at UK Finance, where he heads Conduct and Culture indicator research across the sector.
He regularly debriefs with leaders of UKF’s 300+ member organisations on their progress with ‘dashboarding’ behavioural risk factors, guiding as to how to set up indicators to ensure best practice in modern governance of risk.
He also lectures on risk perception and behavioural regulation (Cambridge University; UK Defence Academy; London Institute of Banking and Finance). His latest book is Conduct Risk Management: A behavioural approach (Kogan Page, 2017).
Keep Up To Date
Subscribe to our newsletter,