Open Access

Dürst, Niclas

• Ever since the last global financial market crisis starting in 2007, the concept of risk culture and its importance for adequate bank management have become the focus of managers, regulators, and research in the financial sector (McConnell, 2013; Power et al., 2013; Financial Stability Board, 2014). In response, regulators have sought to enforce the implementation and monitoring of an adequate risk culture in financial institutions (Financial Stability Board, 2014; Basel Committee on Banking Supervision, 2015; Australian Prudential Regulation Authority, 2016; European Banking Authority, 2017; European Central Bank, 2024). A well-developed risk culture helps organizations to minimize risk, align behavior, and support informed strategic decision-making (Osman and Lew, 2020). It supports behavioral alignment with risk policies and strategic objectives by fostering shared norms and compliance (Sheedy et al., 2019), and it provides a cultural foundation for effective risk governance andEver since the last global financial market crisis starting in 2007, the concept of risk culture and its importance for adequate bank management have become the focus of managers, regulators, and research in the financial sector (McConnell, 2013; Power et al., 2013; Financial Stability Board, 2014). In response, regulators have sought to enforce the implementation and monitoring of an adequate risk culture in financial institutions (Financial Stability Board, 2014; Basel Committee on Banking Supervision, 2015; Australian Prudential Regulation Authority, 2016; European Banking Authority, 2017; European Central Bank, 2024). A well-developed risk culture helps organizations to minimize risk, align behavior, and support informed strategic decision-making (Osman and Lew, 2020). It supports behavioral alignment with risk policies and strategic objectives by fostering shared norms and compliance (Sheedy et al., 2019), and it provides a cultural foundation for effective risk governance and threat mitigation (Agnese and Capuano, 2021). Moreover, a strong risk culture increases firms’ resilience to crises and uncertainty and is associated with improved organizational performance (Fritz-Morgenthal et al., 2016; Bianchi et al., 2021). Thus, a strong organizational risk culture can create substantial value for firms (Bockius and Gatzert, 2023). However, a major challenge remains: risk culture is a qualitative, complex, and multidimensional construct, making it difficult to measure and assess in a standardized way (Sinha & Arena, 2020). Despite these regulatory efforts, organizations struggle to translate risk culture principles into sustainable practices. Although there is increasing recognition, the literature on risk culture assessment highlights several gaps: the lack of a standard definition, diverse measurement approaches, and the need for comprehensive frameworks that capture its multidimensional nature (Bockius and Gatzert, 2023; Cimini, 2021; Wiedemann et al., 2020). Traditional quantitative tools often fail to account for the complexity and dynamism inherent in risk culture (Agarwal et al., 2019). Moreover, existing theoretical models do not adequately address the intricate interdependencies that characterize risk culture within organizations (Palermo et al., 2017). The current methodologies used to assess risk culture, such as surveys, interviews, and text analysis, each have their advantages and limitations depending on the context (Gatzert and Bockius, 2023; Agarwal et al., 2019). Furthermore, while traditional risk management relies heavily on metric-based controls, it often neglects the value-driven cultural dimensions that shape risk perceptions and decision-making within organizations (Jarzabkowski et al., 2025). To address these gaps, this dissertation develops a comprehensive approach that integrates measurement, methodological refinement, and institutionalization of risk culture. Essay 1 focuses on developing a granular measure of risk culture that aligns with the FSB's regulatory guidance while ensuring practical applicability. Essay 2 addresses methodological challenges in developing risk culture assessments by using the Gioia Method to analyze qualitative feedback gathered during the validation of the survey-based risk culture measurement tool. Lastly, Essay 3 examines the institutionalization of risk culture, utilizing an Action Research approach to bridge the gap between formal governance structures and participatory cultural change. This integrated perspective provides a holistic contribution to both academic research and practical risk governance, offering financial institutions guidance on assessing, managing, and embedding risk culture in a way that enhances both organizational resilience and regulatory compliance.…