Did you know that from 2025 onwards, DSI will explicitly include risk culture in its professional competence requirements for compliance professionals? And for good reason. Risk culture plays a major role in how employees handle integrity dilemmas and regulatory requirements. The recent tightening of DSI’s standards underlines just how important it is to no longer view risk culture as a “soft topic”, but as a core element of sound and ethical business operations.
DSI’s professional competence requirements
From 2025, risk culture will no longer be optional knowledge: every compliance professional must be able to explain what risk culture is, how it influences day-to-day practices, and provide examples of organisations where things went wrong. The fact that DSI has incorporated this into its competence framework highlights its importance — risk culture is an essential part of the profession.
But what does this mean in practice for your role as a compliance professional? And how can you effectively put risk culture on the agenda of the board and senior management?
How compliance professionals can influence risk culture
As a compliance professional, you’re not just a guardian of rules — you’re also expected to have a clear view of organisational integrity. You play a key role in identifying behavioural patterns, raising awareness of risks, and translating policies into practical actions. This requires more than policy knowledge; it demands influence, reflection, and at times, confrontation.
To bring risk culture onto the agenda, it's vital to engage executives in both the “why” and the “how”. What are the behavioural drivers behind non-compliance? What signals do you observe that point to excessive risk appetite — or, conversely, a paralysing level of caution? And how can culture be measured or made visible? Think, for example, of conducting a risk culture assessment or analysing real-life dilemmas within the organisation.
In the remainder of this article, you'll find practical tools, real-world examples of where an unhealthy risk culture led to issues, and actionable tips for compliance professionals — at strategic, tactical and operational levels.
Risk culture in practice: in the news every day
Anyone who follows the news will regularly come across examples of organisations where things have gone wrong. Think of situations where employees look the other way for years, internal warnings are ignored, or where the pressure to meet commercial goals outweighs integrity. Often, it's not a single major error, but a build-up of small decisions and incidents that no one dares to question. We could list many examples — but most people will recognise them. And strikingly, many still think: "That won’t happen here."
That won't happen here
Whether it involves financial sector scandals, fraud in public institutions, or inappropriate behaviour within organisations — the common thread is almost always a culture where it's difficult to raise concerns, ask critical questions, or act ethically under pressure. These scenarios are, in fact, very familiar to many employees.
Culture eats strategy for breakfast - Peter Drucker
A strategy on paper isn’t enough. Only when the risk culture supports the right behaviours does integrity become truly effective — and visibly contribute to achieving strategic goals.
Strategic tips for the board and executive team
- Link risk culture to strategic objectives
Show how a healthy risk culture contributes to long-term value, reputation, and sustainable success. Use internal or sector-specific incidents as a starting point for discussion. - Map the current state of risk culture
Begin with a baseline assessment (e.g. interviews, surveys or dilemma workshops) to evaluate awareness, behaviour and decision-making within the organisation. The results provide a solid basis for meaningful conversations with leadership. - Embed risk culture in governance
Advocate for structural attention to risk culture within the risk management framework and compliance cycle. Ensure it is a recurring item in compliance reports and evaluations — for example, by including it in board meetings or as a fixed topic in board packs.
Tactical tips for middle management and policy
- Train managers in their role-model function
Managers shape culture. Organise sessions where they practise discussing dilemmas and risks. Use real cases or create peer learning groups. - Incorporate risk culture in compliance monitoring
In addition to hard controls, include behavioural indicators: how are escalations handled, how open is the feedback culture, are dilemmas discussed or avoided? - Make dilemmas visible
For instance, introduce a monthly “dilemma of the month”, where employees anonymously share real-life examples. Use these to spark discussion and raise awareness in teams.
Everyday practice for yourself as a compliance professional
- Be visible and approachable
Join business teams in their day-to-day activities, attend team meetings, ask open questions. Only by truly listening can you uncover the underlying behavioural patterns. - Use language that resonates
Avoid jargon. Talk about “how we do things here”, “when do you hesitate”, or “what happens when you make a mistake”. People connect more easily with stories than with policies. - Make it small and concrete
Show how risk culture plays out in small decisions: how meetings are held, how targets are discussed, how mistakes are dealt with. Focus on behaviour, not intention.
By approaching risk culture not just as a compliance issue but as a fundamental part of business strategy, you lay the foundation for a resilient and future-proof organisation. At Projective Group, our consultants have extensive experience in this field across the financial sector. We are happy to support your organisation in embracing and strengthening this process — helping you not only to manage risks, but to be genuinely ready for the future.
Interested in learning more?
Feel free to contact to us