Finastra is a leading provider of an open software platform that is changing the future of banking — and the company where Elona Ruka-Wright leads global risk management and governance practices, including enterprise risk management (ERM), to enable Finastra to successfully serve over 8,600 financial institutions worldwide.

Elona recently spoke with NC State ERM Initiative Director Mark Beasley about Finastra’s ERM processes, with an emphasis on the importance of managing “tone in the middle” as a crucial element of the company’s ERM strategy.

What is Tone in the Middle?

You may be more familiar with the concept of “tone at the top,” which refers to the important role of executive and board leadership in setting the ethical and cultural values for the organization.

Today’s chief risk officers are responsible for a growing body of enterprise risks, ranging from compliance and internal audit to strategy and governance to third-party due diligence and crisis management.

Elona says an effective ERM strategy considers the middle of the organization — those who are responsible for managing employees and initiatives — a crucial source to ensure a culture of risk management and compliance permeates throughout the enterprise.

Key Insights on Managing Tone in the Middle

  1.  Culture starts with tone at the top. It must be built into the company's vision, mission and values — and the executive team and the board must commit to those values.
  2.  Managing tone in the middle of the organization is crucial, but also hard. You have to help employees understand the value of risk management across the entire organization, including their roles. The challenge is tailoring the message and approach to the middle management, who may have a shorter-term, operational focus.
  3.  Shift the focus. Instead of only focusing on audit, compliance or “fixing past issues,” related to risk management, shift the focus toward proactive thinking and early risk identification.

Three Practical Tactics to Manage Tone in the Middle

  1.  Monthly themes. To build awareness of risk management issues across the company, Finastra creates a monthly theme. “Storm preparedness month” is one such example. Every part of the world is impacted by some type of weather event. During this theme month, Finstra employees explore the potential impact of and proactive planning for major weather events.
  2.  Knowledge boosters. Finastra methodically provides education and information to all employees on key topics, such as the importance of risk identification or monitoring third party service providers.
  3.  Business risk champions. Finastra established business risk champions — liaisons embedded throughout the business who act as risk “culture carriers.” They tend to have more influence with their peer group because they are not part of executive leadership.

Elona wrapped up the conversation by saying Finastra’s efforts are moving the needle in terms of building trust across the company. She pointed to a key metric indicating that more than two-thirds of risks across the organization are self-identified by employees, rather than by an internal audit or external party.

Interested in this topic?

You may also like this article, Five Actions to Build a Resilient Organization, which explores collaboration and trust as key elements to building a resilient organization.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

Related Resources

ERM Enterprise Risk Management Initiative 2023-03-30