Skip to Main Content

Evaluating Risk Culture Becoming Standard Procedure at Banks, Survey by RMA and Ncontracts Finds

Brentwood, TN and Philadelphia, PA (June 7, 2022)—A survey by The Risk Management Association and Ncontracts has found that more financial institutions are regularly evaluating their risk cultures—the messages, policies, behaviors, and other factors that determine how closely an organization’s decisions match its stated strategy, appetite for risk taking, and principles. But, the survey notes, the move to remote and hybrid work caused shifts in operating environments, and culture, that have prompted institutions to revise risk management incentive programs—and could shift risk culture in the future.

“We are in an age of risk, with pandemics, geopolitics, cyber warfare, and technology advancement producing a multitude of challenges for organizations,” said Nancy Foster, RMA president and CEO. “Creating and maintaining an appropriate risk culture provides employees with the solid foundation they need to take and manage risks in ways that fit their organization’s strategy and values.”

The survey of 57 community, regional, super-regional, money center, and investment banks headquartered in the U.S. and Canada shows the number of respondents that evaluate risk culture has been rising steadily: While about half the respondents regularly evaluated their risk culture five years ago, all do so today. The survey also found that:   

  • Two-thirds of respondents evaluate their risk culture annually: Ten percent evaluate more frequently, 10% evaluate less frequently, while the rest of the respondents specified other cadences.
  • Data used to assess risk culture includes loss and global risk rating trends, industry concentration evaluations, employee surveys and listening sessions, timeliness of risk identification, and other risk awareness measures.
  • The approach to incentivizing positive risk culture activities is related to asset size. Two-thirds of respondents below $10 billion in assets have no incentive program specifically for risk management, while 72% of those above $60 billion agreed that “any employee at any level is recognized or incentivized to participate in risk management.”
  • The organizations with the most mature approaches to culture and conduct use a consistent methodology to evaluate BSA/AML, Info Sec, ID Theft, and other programs—and leverage assessments for business decisions and strategic objectives.

“COVID-19 and the war in Ukraine are examples of how risks change rapidly,” said Rafael DeLeon, SVP of Industry Engagement at Ncontracts. “To keep up, banks are not only investing heavily in risk management capabilities, but also evaluating whether their risk cultures are being effectively communicated by leaders, reinforced with training, and encouraged by incentives.”

Read the executive summary of the survey here.

About Risk Management Association (RMA)
Founded in 1914, the Risk Management Association is a not-for-profit, member-driven professional association whose sole purpose is to advance the use of sound risk management principles in the financial services industry. RMA promotes an enterprise approach to risk management that focuses on credit risk, market risk, and operational risk. Headquartered in Philadelphia, Pennsylvania, RMA has 1,600 institutional members that include banks of all sizes as well as nonbank financial institutions. They are represented in the Association by 31,000 individuals located throughout North America, Europe, Australia, and Asia/Pacific.

RMA brings financial institutions together through a series of consortia, councils, committees, and working groups on key issues. This includes RMA's Climate Risk Consortia and the RMA Model Validation Consortium (MVC). Members of the MVC Advisory Council include Ally Bank, Forbright Bank, MUFG Bank, PNC Financial Services, U.S. Bank, and Zions Bancorporation.   


About Ncontracts:
Ncontracts provides comprehensive vendor, compliance, risk management, and lending compliance solutions to a rapidly expanding customer base of over 4,000 financial institutions in the United States. We help financial institutions achieve their compliance and risk management goals with a powerful combination of user-friendly, cloud-based software and expert services. Our solution suite encompasses the complete lifecycle of risk, including vendor management, enterprise risk management, business continuity, compliance, audit and findings management, and cybersecurity. The company was named to the Inc. 5000 fastest-growing private companies in America for the third consecutive year. For more information visit or follow the company on LinkedIn and Twitter


Media Contacts

Joe Flattery,, 917-474-2689

Kimberly Macleod,, 917-587-0069

Lori Nitschke,, 917-318-0246

Frank Devlin,, 215-446-4137