Opportunities for risk functions to develop more trusted partnerships with the front office

Trusted partnerships between the risk functions and the front office are fundamental to effective risk management – you cannot run a control function without trust and mutual confidence in each other’s professional judgement. It takes time to develop and nurture effective partnerships – this is partly because trust is a relational characteristic that evolves over time, and as a consequence of the mutual experiences of each stakeholder’s behaviour. It is also something that can be quickly eroded if these experiences are negative.

Some of the factors involved in trust are professional credibility, technical competence and power differentials. These areas therefore represent the biggest opportunities to develop more trusted partnerships. For example, people need relevant practical experience that encompasses not only risk competences but also regulatory awareness, an understanding of strategic priorities and a good appreciation of business-specific factors. Professional credibility is also influenced by hierarchy. For instance, if the seniority gap between a business leader and a risk professional is too wide, the ‘voice of risk’ may not be heard as clearly. Likewise, if front office personnel lack risk awareness or do not value risk processes highly enough, their credibility in the eyes of risk professionals will be degraded. Conversely, if trust is high, people are more likely to pick up the phone to raise or discuss potential risk issues because there is an expectation of valuable input and advice. This culture of healthy engagement and collaboration is highly influenced by trust and is crucial to cultivating a more preventative mindset towards risk.

Clarity of mandate and appreciation of each party’s role in delivering overall business purpose are also important and there is always scope to improve in this area. Both business and control functions need to know and understand not only their roles, but how they need to interact and overlap in discharging their duties. This clarity is affected by how well control functions are perceived to be aligned to the wider strategy of the firm in general and the specific business areas in particular. Perception is important here – they need to be recognised as aligned rather than, for instance, being seen as putting unnecessary brakes on the business.

Participants in the partnership also need to have a mutual knowledge of their formal and informal boundaries. Trust extends informal boundaries and strengthens psychological safety, which then positively influences the degree of challenge or pushback people are comfortable debating. Equally, awareness of the red lines and clear demarcation in responsibilities are important in promoting empowerment, accountability and independence.

One way to appreciate the value of trust is to imagine or experience its absence. It’s not hard to see how problematic and difficult risk management would be regardless of the quality or maturity of processes, governance, taxonomies and reporting structures. While complete absence of trust is rare (and a clear red flag), it is helpful to see it as existing on a weak to strong continuum. In the middle of that continuum there is often a band of grey where sub-optimal behaviours might occur. This grey area is dynamic and sensitive to the changing environments within different organisational sub-cultures, for example due to shifts in organisational structure, leadership, regulatory focus, business objectives and degree of change. To prevent these sub-optimal behaviours, trust must be continuously developed, fostered, renewed and, in some cases, re-built in response to the context within which stakeholders work.

This commitment to renewal is arguably a key cultural characteristic indicative of both effective risk management and sound business performance. It is also recognised as a characteristic of any high-performing team. Its value is in contributing to predictability and consistency in relationships. For instance, business leaders need to trust that they will get the same answer and receive similar challenges regardless of who they speak to in the risk functions. This leads to a confidence in developing more consensual decision-making and prevents a temptation to arbitrage between different risk functions in order to get the most business-friendly answer.

Finally, there needs to be trust in risk management processes and practices as well as in people and relationships. The proof in the pudding here is clear evidence that risk management is working in keeping the business safe, protecting customers and helping to drive better day-to-day business performance. Nothing builds trust better than evidence that the systems, and the relationships that drive them, are delivering the intended outcomes.