Three tips for managing behavioural risk at your company

2 min read
Apr 21, 2022

To understand and change your organisation’s culture, it is important to consider the behaviour of different teams and employees, but how should behaviour be defined in a risk management context and how can you monitor and improve this risk?


Download now [Case Study]: Introducing risk culture to the board: turning theory into practice

Behaviour is the tangible part of culture. If company culture is an iceberg, behaviour can be seen as the part that’s visible above the water line, while everything underneath is actually driving that behaviour.

So, how can you see below the water line?

A key priority for many risk functions is to be able to measure, monitor and change this behavioural element within their organisation. Members in the network, as part of our risk culture series of collaborative member meetings, have been comparing their tried-and-tested approaches to tackling this element of risk culture that can often feel vague and hard to pinpoint.

Here is a taster of some of the tips members have shared with their peers for better behavioural risk management:

1. Consider both formal and informal drivers of behaviour

The formal drivers of behaviour within an organisation tend to be easier to identify. They are the tangible elements of an organisation such as methods of communication (emails, messaging platforms etc), policies and organisational structure.

Informal drivers can be more difficult to both discover and monitor but are just as important when it comes to assessing risk culture. They include, for example:

  • Group dynamics: how do people collaborate with other groups; how do first and second line employees interact?
  • Team climate: this relates to psychological safety and trust, and can be measured by asking questions about whether people feel they can speak up or raise concerns.
  • Beliefs: this covers shared convictions on issues such as integrity, for example, or the role of the organisation in the world.

2. Establish ownership as a key behaviour

Ownership should be one of the key behaviours that risk managers look for when establishing a behavioural risk management framework. However, it can be a particularly challenging behaviour to instil, according to our members. Even if employees are happy to take ownership of risks, a lack of clarity around roles and responsibilities can cause confusion. Our members suggested the following solutions:

  • Develop clear, written guidelines based on workshop sessions in which these issues are discussed alongside potential barriers, challenges, problems and solutions.
  • Consider having the business or teams own the risk, rather than assigning ownership to specific roles or employees.
  • Get leaders involved by asking them to nominate employees, participate in workshops and generally set the tone from the top.

3. Divide behavioural risk management into diagnosis and intervention

One particularly mature member within our network divides their behavioural risk management process into two sections with different teams completing each element:

  • Diagnosis involves activities such as fieldwork and reporting. The aim of this process should be to identify patterns with respect to decision-making ownership, communication and learning, but to also take a position in relation to undesirable behaviours that pose a risk to the organisation.
  • Intervention involves the risk team – or, ideally, behavioural change experts – working with business owners and risk owners to address undesirable patterns. They use methods and tools suggested by the risk team, but the business should take ownership of the process.

Conversations between members in the network continue to shape their approaches towards the challenge of managing behavioural risks, as well as empowering them to enhance risk culture programmes across all levels of their organisation.


Keen to find out what else we offer members aside from collaborative member meetings and content? Click here to find out more.

Get new posts by email