Reports abound of companies straining under the weight of the regulatory burden over the last years, as intensifying scrutiny increased costs and changed the business environment.

However, for Keith Attard, Risk Leader (Malta) and Head of Operational Risk (Global) at Convera, which was previously known as Western Union Business Solutions, ensuring that a company’s risk culture is adequate does not need to be a zero sum game.

“There is no doubt that risk management, particularly in financial services, has been given a lot of prominence since the 2008 crisis and the subsequent strong regulatory drive,” he said. “However, at times it feels that the regulatory pressures have not necessarily developed risk management as a practice to its most effective nature.”

In his social media post, Mr Attard argued that the certain governance frameworks that have grown in popularity in recent years may lead to adverse consequences on the operational culture of a company.

He pointed out that risk management should not take place in isolation, with limited visibility and knowledge by the control functions and minimal contribution from the business functions.

“While the segregation of duties is called for from a proper governance perspective, this should not come at the price of having integrated yet flexible risk-based decision making, which is sensitive to the business environment and the strategic objectives of the company,” he said.

Using an analogy with a car race to illustrate his point, Mr Attard says that, in a race, the event organiser sets the terms of the race (like a regulator), the team owners (or shareholders) set their vision and expectations, and the team principal (or CEO) brings together a team of technical people (those working on product, risk, compliance and operations) to deliver a balanced, capable, yet compliant car.

Ultimately, however, it will be a driver (businessperson) who is tasked with driving the car to its full potential.

“The team will make the driver aware of all the car limitations and develop a practical dashboard with warning indicators. However, they will be constantly taking decisions during the race, based on various factors such track, weather and competition (regulatory environment and macro-economic conditions), which involve varying elements of risk,” noted Mr Attard.

Meanwhile, “a car which complies with all the rules to the letter but is undrivable is a useless car while an over-powered car is not eligible for the race”. Similarly, “a reckless driver can drive the car into a wall while a very conservative driver will not deliver decent results.”

His argument is that risk culture starts starts from the top and cascades down.

“A company should have clear yet realistic strategic objectives. Unreasonable expectations will only lead to failure.”

Additionally, for Mr Attard, compliance is achievable without killing the business: “Pragmatism rules....always!”