Shaping Risk Management in Banks

Abstract: The recent financial crisis of 2007-08 was a watershed moment in the history of banking. The unprecedented event led to severe scrutiny by standard setters and regulators on how the business of banking is run. As a result of this strict scrutiny, a wide variety of reforms aimed at the second line of defense (risk management) ensued globally. These reforms stirred debate among the five actors (regulators, standard setters, normalizers, consultants, and implementers – banks and their interest organizations) that affected not only the shaping of risk management standards but also their implementation in banks. Motivated by these contemporary events, this thesis examines the shaping of risk management in the banking sector.Through the three exploratory field studies in Sweden and Italy, the thesis posits two important contributions. First, the thesis posits a framework, demonstrating how the dynamic shaping of risk management is changing the conceptions of risk management in the banking sector. More specifically, the thesis (in Paper I) demonstrates how the definition of liquidity was changed from its traditional notion of a match between cash inflow and outflow to managing net cash outflow demands by keeping high-quality liquid assets. Furthermore, the thesis (in Paper II) shows how non-convergence of operational risk practices forced regulators to change their activity and detail-oriented advanced approach of risk measurement that (unintentionally) allowed the variation of practices to flourish. In a similar vein, the thesis (in Paper IV) demonstrates how the extension of internal audit to the non-tangible domain of “risk culture” raises doubts about the notion of “verification” and “control” attached to the practices of internal audit in lending credibility to risk management practices.Second, the findings indicate the different participation approaches of various interested actors in the shaping of risk management practices. Here, the thesis (in Paper IV) demonstrates how the five actors (regulators, standard setters, normalizers, consultants, and implementers – banks and their interest organizations) influenced the conception of internal audit of risk culture. On the issue of internal audit of the Basel risk models (in Paper III), the thesisi demonstrates the filtering approaches of multiple institutional demands via the internal organizational conditions that enable full or partial agency of low-level internal auditors in shaping their practices of lending credibility to risk management.Given the findings, the thesis explicates two important implications for practitioners. First, the findings of the thesis indicate that reformulations of risk measurement and internal audit would require standard setters, regulators, normalizers, consultants, and implementers to understand a balance between what to control and whom to empower. Second, banks would need to carefully design the level of freedom to be given to internal audit and risk control teams in managing the complex institutional demands through organizational structure and skilling initiatives.