Strict regulation alone is no guarantee of preventing a new banking crisis

During the banking crisis of 2008, it became painfully clear that excessive risks could remain under the radar far too often and for far too long. However, the tsunami of regulations that was triggered by said crisis in response to the instability in the financial sector is no guarantee that it could not happen again in the future. “After all, decisions are made by people. And while a bank or insurance company can comply with all the formal rules, you also need a healthy risk attitude. Which requires a change of mindset and an open dialogue”, according to Regine Slagmulder, Professor Accounting & Control at Vlerick Business School. She asks attention for the development of a risk culture that goes beyond ticking boxes.

Good risk management is vital for the financial sector, even more so than for other sectors. “Risk is at the heart of their core tasks”, says Regine. “If you don’t properly manage these risks, this has consequences not only for the individual institutions, but also for the sector as a whole, and by extension it may even affect the entire economy.” That is why so much attention is paid to the proper organisation of risk governance. Are the risk management policies, processes, organisational roles and responsibilities defined in such a way that they help create healthy banks or insurance companies.

The role of the Board of Directors?

The Board of Directors plays an important supervisory role in terms of risk management. Board members were the first to be targeted during the crisis as they bear the final responsibility for what goes on within an organisation. According to Regine, the crisis revealed several shortcomings. “On the one hand, there was the lack of transparency and of a proper flow of information. When board members are insufficiently aware of the risks that have been taken, they are unable to intervene in an adequate manner. On the other hand, some board members did not always have the right level of expertise to correctly assess complex risks. By relying too much on the management and on each other, they neglected to take the appropriate course of action at times. Even if some employees knew things were not as they should be, they often lacked sufficient authority to bang their fist on the table and be heard.”

Enhanced supervision

Following the fall-out of the crisis, the financial sector was flooded with an avalanche of rules. Not only at a European level, but also from the national supervisors, which, as is the case in Belgium, are sometimes even stricter than Europe. Who should be involved in risk governance? Which expertise should these people have? How independent are they really? The position of Chief Risk Officer (CRO) is now compulsory as is the presence of a specialised Risk Committee at board level. In short, a long list of rules that banks and insurers must comply with.

No other sector is this heavily regulated. So has the balance tipped over too far to the control side? “The new regulations have definitely had a positive impact in terms of the professionalisation of risk management”, says Regine. However, more and more stakeholders have been suggesting that too much emphasis is placed on compliance. “The constant monitoring of their activities against the rules is costing banks and insurers huge amounts of time and money. This is a challenge, especially for the smaller market players. The strong emphasis on managing the classic risks also takes away time from financial institutions to focus on emerging strategic risks. The landscape is radically changing due to increased digitisation, technological developments such as blockchain and new entrants in the market. We must see to it that financial institutions do not lose sight of the real competitive threats by focussing excessively on rules and compliance.

An open culture

Currently, enormous quantities of risk-related information are being collected and reported. Banks and insurers are obsessively focussing on compliance with the regulatory requirements because of the tight controls. But we should also dare to ask ourselves whether stricter rules alone could prevent a new banking crisis. Regine is firm on this point. Rules alone won’t suffice. “Before the crisis, we also had rules and yet several banks veered off course. Mindset and an open discussion are equally important. There must be a healthy risk culture, because in the end risk is the outcome of human behaviour and decisions.”

How are this culture, these values and norms expressed in practice? Regine points to the importance of openness. “Obviously, it is more exciting to talk about increasingly high profits and growth than about risks and threats. However in a mature organisation, all relevant information should be able to openly flow through to the board of directors. And they should be able to discuss this critically. The CRO should not be considered as a mandatory staff function, but should also be involved in defining the company’s strategy. Senior management and the board of directors play an important role in setting the right ‘tone at the top’. Attitude is much softer than rules and also more difficult to enforce. The regulator also plays an important role in terms of risk culture. You could measure it with surveys or interviews, but to date, no decision has been made about what is the right approach.”

For the time being, the emphasis is mainly on regulations. “I don’t believe that the rules will be relaxed in the near future. The challenge for financial institutions, however, is to ensure that they can keep the cost of compliance to a manageable level. More dialogue would be welcome, as opposed to merely focusing on control and fulfilling the requirements, which is also proposed by the regulator. The time has come for a comprehensive, existential discussion about how the financial sector must deal with one of its most fundamental aspects, namely a holistic and effective risk management.”


Within the Centre for Financial Services, Professor Regine Slagmulder is currently working on a study on the risk governance practices of European banks and insurance companies, together with Professor Freddy Van den Spiegel. The initial results demonstrate that the new rules have had positive consequences. Progress has clearly been made in terms of the presence, expertise and independence of the CRO and the Risk Committee within the Board of Directors, as well as the level of attention being paid to risk appetite and reputational risk. There are noticeable differences between banks and insurance companies and across European countries. The Anglo-Saxon countries appear to use stricter risk governance practices than the rest of Europe. The type of shareholder structure (powerful owners and state control) and the independence of the Board of Directors also have a significant impact on the organisation of risk governance. The second part of the study will delve deeper into risk culture, interactions at board level, risk reporting to the Board of Directors and how banks and insurers deal with these regulations in practice, by means of in-depth interviews. The final results of the study are expected to be available by the end of 2017.

Do you work in the financial sector and are you interested in participating? Contact for further information.


Related news

  1. Banks as digital conductors

    Date: 27/06/2017
    Category: Opinions
    According to Professor Bjorn Cumps it is time to renew the core and motor of the bank and transform it into a gigantic digital connector, because the banks of the future will have to be open and platform-driven if they are to exist at all. The bank must be a large digital connector to which third parties can connect to deliver better services for clients, together with the bank.
  2. BaaS promotes radical customer experience

    Date: 30/05/2017
    Category: Opinions
    Banking as a Service (BaaS) puts customers at the centre of the financial services ecosystem. It’s fast becoming a popular concept – and was the topic of discussion at the latest edition of our FinTech Futures event. Our guest speakers shared their experiences of radical customer experience and how it works in their own organisations.
All articles