Risk culture

As the importance of non-financial risk continues to grow across the financial sector, financial institutions increasingly focus on protecting themselves against the risks associated with the misconduct of individual employees and with ineffective processes. Inherently, this means fostering a strong risk culture across the organization.

Launched in 2010, Deutsche Bank’s dedicated Risk Culture Initiatives program emphasizes that a strong risk culture depends as much on robust processes and controls as it does on employee awareness and conduct.

Shared responsibility

The program promotes five essential behaviors that are consistent with Deutsche Bank’s values and beliefs (see Deutsche Bank’s Values and Beliefs) and that are necessary to maintain a strong risk culture:

• Place Deutsche Bank and its reputation at the heart of all decisions
• Be fully responsible for Deutsche Bank’s risks
• Invite, provide and respect challenge
• Be rigorous, forward-looking and comprehensive in the assessment of risk
• Troubleshoot collectively

The Risk Culture Initiatives program develops and supports a variety of initiatives to foster the required behaviors and corresponding risk awareness. These initiatives include targeted communication campaigns and training programs, as well as consistent monitoring through the Red Flags process.

Training and communication

The 2014 risk culture training curriculum included seven mandatory training modules:

• Risk Awareness
• Code of Conduct and Business Ethics
• Minimum Requirements for Risk Management (MaRisk)
• New Product Approval
• Information Security Awareness
• Information Classification
• Tone from the Top

The content of our training courses is tailored to meet the needs of different groups. For example, the newly revised Risk Awareness training course uses case studies that were based on the relevant division to make the issue of risk more tangible to employees. In addition, some courses are rolled out to specific employee groups only. For instance, the Tone from the Top course is applicable to employees with a Corporate Title of Vice President, Director or Managing Director.

All risk culture training courses follow a defined refresher cycle; hence not all courses are offered in any given year. Therefore, in 2014, approximately 62,000 employees completed at least one risk culture training course.

In addition to our comprehensive training courses, communications from management continually reinforce the importance of a strong risk culture. This is emphasized at events for new employees and graduates, and at regional promotion events. In 2014, we enhanced our risk culture page on Deutsche Bank’s internal social media platform (myDB). Open to all employees, this platform helps stimulate discussion and awareness.

Monitoring and assessing risk-related conduct

Introduced in 2010, the Red Flags process uses objective measures to assess employees’ adherence to behaviors, policies, procedures and control processes.

For Example, Red Flags are assigned for:

• Breaches against the Gifts & Entertainment Policy
• Breaches against the Employee Trading policy
• Non-compliance with mandatory absence requirements
• Non-compliance of mandatory training

In addition, employees can receive Red Flags for types of breaches that are specific to the risk profile of each division and function. Red Flag results are one of the factors taken into account during the year-end performance process.

As of January 2015, we have extended the Red Flags process to all divisions and infrastructure functions as well as Regional Management. This tripled the number of employees covered by the process to approximately 38,200 by Q1 2015.

In addition to monitoring risk-related breaches, the Red Flags process also helps to strengthen controls. We evaluate controls thoroughly before including them in the Red Flags process, and we use this as an opportunity to improve them. This is followed by extensive communications to employees, emphasizing the importance of the control process and encouraging them to work through the details and the associated risk.

Further development of the Risk Culture Initiatives program

Deutsche Bank engages in regular discussions with regulators, who are becoming increasingly interested in the topic of risk culture. We are also actively participating in university and industry studies in order to jointly extend the concept of risk culture.

Our dialog with regulators and our engagement with academia and industries assist us in developing and prioritizing our initiatives and projects. We also take into consideration the results of employee surveys, which include questions on risk culture. (See Employees)

One of the most recent initiatives involves measuring risk culture at the division level. We developed this approach over the past year and refine it further out in 2015. We will also focus on initiatives that promote active exchange of ideas among employees in the coming year.