The tightening of risk and compliance legislation and the need for more effective risk management guidelines and implementation are some of the more prominent challenges currently facing organizations. In response, many firms are redefining their approach to risk and compliance, moving away from traditional models that focus on processes and procedures to models that feature risk culture. While the topic of risk culture is receiving a fair bit of attention, the challenge remains to actually create it.

The trick is to build or influence an organizational structure that effectively supports and encourages behaviors that appropriately manage risk without compromising quality, commerciality or innovation. In this way, rather than representing an independent concept, risk culture is simply a reflection of the of an organization’s overall culture, a subset of behaviors and actions that make sure the firm is mindful of risk.

Organizational culture and effective risk and compliance

Having a strong organizational culture enables an organization to respond quickly to avoid risk or to take advantage of opportunities to grow and innovate. Not only this, a strong organizational culture leads to enhanced productivity and performance*.

In Fortinberry Murray’s work profiling and developing effective organizational cultures, we have found that the most successful organizations exhibit certain traits that create an overall commitment, engagement and focus on relationships. Conversely, a lack of strength in these areas inhibits robust success, particularly in the areas of governance, risk and compliance.

Consider the case of a large multinational insurance company. The firm was newly formed and an amalgamation of three medium-sized companies located in different jurisdictions. A new Head of Risk and Compliance had been appointed and was having problems getting employees to follow risk reduction procedures and to report situations of non-compliance. There was also an issue of over-caution in some areas which, in itself, was a risk since it was leading to a decrease in revenue growth.

When we assessed the situation, we discovered:

  • A significant lack of trust at all levels—between the employees of the three previously separate entities, between employees and their immediate supervisors, and in senior management generally. The lack of trust was leading to an under-reporting of risk violations on the one hand and excessive caution on the other.

  • There was little alignment between the various cultures within the business. In terms of risk and compliance, this meant that what was deemed acceptable in some parts of the business was seen as totally unacceptable in others.

  • The leadership had attempted a number of risk containment and culture-change initiatives, all of which had failed. There was an overall attitude of “this-too-will pass.” The leadership style of management at all levels was quite unsuitable for the purpose of uniting and changing an organization. In particular, people were not rewarded for initiative or innovation. Rather any risk-taking, even when appropriate, was frowned upon.

  • There was a lack of communication between the various parts of the business leading to a lack of clarity as to what was actually expected of employees.

Essentially, to achieve an effective and appropriate level of the risk, the firm needed to focus strategically on the essential elements of the organization’s culture – trust, leadership and the alignment of people and behaviors.

So, how can these cultural elements be shaped to influence risk and compliance?

In evolutionary terms an organizational culture’s purpose is to allow people to surround themselves with a nexus of what they feel are, or could be, supportive relationships. We are relationship-driven animals. In hunter-gatherer bands, the supportive relationships were the basis for our survival. And despite our so called progress, ranging from the internet to the 70 hour work week, our genes are still those of our ancestors. Most of our neurobiology, and even our genetics (about 80% in both cases**), is geared toward making decisions that we feel will strengthen supportive relationships.

This decision-making process is motivated by our neurochemical reward system, located in the emotional center of the brain (the limbic system) – a reward system far more intrinsic and powerful than any management remuneration or incentive scheme. This system controls two very powerful neurochemicals: dopamine (sometimes called the “happiness neurochemical”) and oxytocin (the “trust and bonding neurochemical”). To get a culture that is aligned and makes appropriate risk decisions, activating these neurochemicals is key.

As part of helping to implement a property development firm’s strategy more effectively, we re-focused the company’s operational activity on specific, actionable behaviors. For example, from the simple and obvious behavior “Get a GM’s approval before making an offer to a customer that is outside the company’s price guidelines,” or “Show interest in the client rather than rush in with a sales pitch,” to the more prosocial “Have a once-weekly meeting of area salespeople to exchange ideas.” With these and other specific behavioral expectations in place, the firm could start to build an organizational culture which was effective in supporting its strategic and risk initiatives and provide people with a basis with which to make decisions that strengthen relationships and positively activate the brain’s reward system.

Harnessing the human need for supportive relationships is fundamental to building a strong, united organizational culture that sustains risk, compliance and governance initiatives and should be the focus of any intervention.

Best approach

Overall there are three factors to bear in mind when looking to create an organizational culture which supports effective risk, compliance and governance:

  • Humans are relationship-forming animals
  • Change happens through shaping the cultural elements of the organization – trust, leadership and the alignment of people and behaviors
  • The most powerful reward is always a relationship reward

About the Authors

Dr Bob Murray MBA, PhD (Clinical Psychology), is a Principal for Fortinberry Murray, a global consultancy with offices in Australia, the UK, Hong Kong and the US. Bob is an internationally recognized expert in strategy, leadership, human motivation. Distinguished for his ability to uncover the core of issues, Bob has developed ground-breaking methods for measuring, benchmarking and improving an organization’s capacity for change and adaptation.

Bob’s insights are based on his wide experience and also on his deep knowledge of research in the areas of management, psychology, genetics and neurobiology.

Rachael Brady MPsyc (Org), is a Consultant with Fortinberry Murray. Her consulting experience covers a wide range of industries including engineering, professional services and education. Her experience includes assessment, leadership and talent development and driving organizational change.

Click on the image below to check out our Public Courses:


* Cole, M.S., Harris, S.G., & Berneth, J.B. (2006). Exploring the implications of vision, appropriateness, and execution of organizational change. Leadership and Organizational Development Journal, 27 (5), 352 – 367.
**Twenge, J.M., Baumeister, R.F., DeWall, C.N., and Bartels, J.M. (2007). Social exclusion decreases prosocial behavior. Journal of Personality and Social Psychology, 92, 56-66.
ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
Risk Culture Key Risk Indicators Internal Audit Risk Management Framework

Understanding Key Risk Indicators from a Personal Perspective

This is part 4 of our video series on "Difficulties in Engaging Staff in Risk Management". David Tattam provides an example of how you can explain...
Read more
feature image
Risk Culture Risk Management Videos

Difficulties in Engaging Staff in Risk Management: Making Risk Management Real

This is part 2 of our video series on "Difficulties in Engaging Staff in Risk Management". David Tattam provides an example of how you can make risk...
Read more
feature image
Risk Culture Risk Management

Difficulties in Engaging Staff in Risk Management: What, How and Why

This is part 1 of our video series on "Difficulties in Engaging Staff in Risk Management". In this video, David Tattam talks about why it's difficult...
Read more