The European Central Bank's (ECB) new guidance on governance and risk culture will help address one of the supervisory priority areas for 2024-2026, complementing the European Banking Authority’s (EBA) 2021 Guidelines on Internal Governance and replacing the 2016 Single Supervisory Mechanism Statement on Governance and Risk Appetite. The new guidance goes into greater detail on risk culture and the role and responsibilities of the internal control framework. It also provides clearer supervisory expectations and a list of observed best practices by topic based on supervisory experience.


Draft Guide on Governance and Risk Culture

Watch video

Executive summary

The ECB has published a draft Guideline on Governance and Risk Culture. This draft comes in the context of improving the governance and risk appetite frameworks (RAFs) of significant financial institutions in the euro area, following the shortcomings evidenced during the financial crisis. The new Guideline, which is aligned with EBA guidelines and other international standards, underlines the importance of a robust risk culture and effective governance, and seeks to promote consistent supervisory practices across the euro area, while respecting national specificities.

The ECB will host a stakeholder meeting on 26 September 2024. The public consultation on the Risk Culture and Governance Guide will end on 16 October 2024, after which the ECB will publish comments, a feedback statement and the final version of the Guide.

Main content

On risk culture:

  • Link to governance. Integration of collective mindset, norms and behaviors with organizational structure and policies. Emphasis on management attitude, effective communication, risk accountability and incentives such as remuneration.
  • Link with remuneration. Remuneration should be aligned with the risk culture, linking variable remuneration frameworks to the bank's risk appetite and strategy, setting clear KPIs and applying malus and clawback clauses.
  • Link with accountability. Establishing a clear link between remuneration and the RAF, ensuring that non-compliance with the RAF impacts on performance appraisals and variable remuneration, defining clear responsibilities and establishing effective accountability, thereby promoting prudent risk management.

In relation to the RAF:

  • Scope of application. The RAF should be integrated into the bank's decision-making and strategic processes, be clearly documented and involve the management body, providing a comprehensive view of financial and non-financial risks through a consolidated scorecard.
  • Limits. Risk appetite limits should be set at a level that allows the organization to effectively manage risk-taking, should reflect the bank's risk profile and should be adjusted infrequently. Organizations should strengthen risk monitoring, especially during crises.

Download the technical note on Draft Guide on Governance and Risk Culture.