By risk culture, we mean employees’ understanding of and attitude towards risk in everyday business. Risk culture is also an integral part of Deutsche Bank’s wider Risk Management Framework and its associated processes, policies, and governance structures.
Launched in 2010, our Risk Culture program continues to reinforce the importance of positive and responsible employee behavior for Deutsche Bank’s long-term success. The program highlights five expected behaviors:
- Place Deutsche Bank and its reputation at the heart of all decisions
- Be fully responsible for Deutsche Bank’s risks
- Invite, provide, and respect challenge
- Be rigorous, forward-looking, and comprehensive in the assessment of risk
- Troubleshoot collectively
To foster these behaviors, we further developed our Risk Culture Framework in 2015. The framework now includes an assessment tool which defines the criteria required to build a strong risk culture. It will be rolled out of the framework across Deutsche Bank during 2016.
Through our established risk culture initiatives, we are helping our employees to adopt behavior that supports and strengthens our risk culture, thereby enabling every employee to contribute to risk management across the organization.
Risk culture training has been mandatory for all employees since 2010. By the end of 2015, there had been over 550,000 risk culture training enrollments since the launch of the curriculum.
Throughout 2015, and into 2016, we have increased the effectiveness of training by adding new messages to existing courses. For example, the Risk Awareness course will be further enhanced in 2016 to include updated messages on non-financial risk and risk appetite, while two previously separate courses on information security and information classification will be merged into one. In 2016, we will also launch an updated training on New Product Approval.
Communication and engagement
Visible messages at group and divisional levels ensure employee awareness of Deutsche Bank’s risk culture standards. To drive staff understanding and knowledge, we have set up a dedicated risk culture library of industry reports and articles on our internal social media platform.
A key priority in 2016 will be to embed a “speak-out” culture. As part of this, we launched a pilot project in the Risk division in 2015, whereby regional working groups held focus groups with over 400 people. The learning will be shared across all divisions, supported by a dedicated communications campaign.
The Red Flags initiative continues to provide a link between risk-related conduct and performance management. Through Red Flags, we are able to monitor adherence to certain risk-related policies and processes, whereby a breach leads to an appropriately risk-weighted Red Flag. Individual Red Flag results are considered in promotion, compensation, and performance management decisions. In 2015, the initiative was extended to all divisions and functions.
As well as linking conduct and performance management, Red Flags also help us to strengthen controls. Before a certain control process is considered for inclusion in the Red Flags initiative, we conduct a thorough evaluation of the control process to identify and implement potential improvements. In 2016, we will significantly enhance the process for the identification of new indicators, and it is expected that more improvements to controls will be identified.