Open access peer-reviewed chapter

Risk Management Practices Adopted by European Financial Firms with a Mediterranean Connection

Written By

Simon Grima and Frank Bezzina

Submitted: 01 May 2018 Reviewed: 01 August 2018 Published: 05 November 2018

DOI: 10.5772/intechopen.80640

From the Edited Volume

Perspectives on Risk, Assessment and Management Paradigms

Edited by Ali G. Hessami

Chapter metrics overview

1,097 Chapter Downloads

View Full Metrics


Following the economic and financial crises, any activity involving internal controls, especially risk management, has been given more attention. With this study, we aim to contribute further to the existing literature on risk management by looking at practices adopted by financial services firms licenced in Europe with a Mediterranean connection. We used parts of a questionnaire adopted by two of the authors in another study on risk management practices adopted by Maltese financial services firms and sent it to prospective candidates who work closely within risk management, to collect our data. This resulted in 1635 participants. This data was used to (1) bring to light the mechanisms and strategies used in risk management by these organisations to maximise their opportunities, manage their risks, and maintain stability in their financials. Also, (2) we check if this is perceived as contributing to ‘principled performance’. Finally, (3) we examine the extent to which risk management capabilities offer a competitive advantage to these firms. Our findings evidence that the objective by EMP and the EU, that is to ensure that members operate ‘on the same level playing field’ within risk management, in financial services of firms with a Euro-Mediterranean connection, has been achieved.


  • risk management
  • financial services industry
  • risk management frameworks
  • Euro-Mediterranean
  • principled performance

JEL code

G2, G3


1. Introduction

Although risks have been present since the beginning of mankind, explicit attention to them has differed over the passage of time. Early civilisations attributed unexpected events to the gods. This made it pointless for mankind to intervene and manage. This continued till today with some tribes in some parts of the world and was even the case until the middle ages when Christianity was strong in the current Western Europe. The word “risk” itself is derived from ancient Arabic word “rizq” and used till today in the Maltese Language, translated to mean prosperity granted by God (Allah) to a person. However, during the Renaissance, in Europe this was given the meaning of an uncertain loss or danger Doff, [1].

Following the economic and financial crises of this century, any activity involving internal controls, especially risk management has been given more attention and importance. This, as noted in the World Economic Forum [2], was due mainly to the successful results of effective risk management during periods of global economic turbulence [8]. In fact, as Ghoshal [3] highlighted, one of the main objectives of any organisation is to manage their risk.

However, the treatment and understanding of risk and as a consequence its management, varies both in literature and in practice. Moreover, as March and Shapira [4] note, the strategic management field does not provide us with one specific accepted definition of risk and highlight that most managers view risk as a negative outcome.

Hillson [5] defines risk as an “uncertainty that matters because it can affect one or more objectives”. Also, literature by [6], show that one needs to distinguish between the known, unknown and unknowable uncertainties before defining what constitutes a risk and as a consequence managing it under the risk management process. Unknowable uncertainty is when the missing information is unavailable to all known uncertainty is when the probability is an objective chance and is generally agreed upon and unknown uncertainty is when the probability may be or is known by somebody [6].

The strategy of any organisation has to deal with the alignment to its uncertain environment and to rebalance its strategic choices to determine the exposure to this uncertain environment, which impacts performance. To this effect various studies have focussed on understanding the risk management discipline and practices of firms in specific activities, areas and countries. Moreover, the effectiveness and efficiency of appropriate practices in risk management is critical for the continued existence, industry profitability and for the continual development and growth of the whole economy. It is imperative that all organisations adopt good quality practices and measures when managing risks [7].

With this study, we aim to contribute further to the existing literature on the risk management by looking at practices adopted by financial services firms licenced in Europe with a Mediterranean connection, specifically Cyprus, France, Italy, Spain, Croatia, Greece, and Slovenia extending and comparing to the work of Bezzina et al. [7] on Malta. We chose members, which although, have inherent country and cultural diversity and are joined by their geographical border with the Mediterranean Sea, aim for a level regulatory and economic playing field through their union in the European Union (EU) and the Euro-Mediterranean partnership [8].

When dealing with financial services firms, in the EU, this regulatory level playing field is much more pronounced, since financial firms are required to abide by common directives such as the Capital Requirement Directive (CRD) in banks and investment firms, Solvency II (SII) in Insurance firms and other soft laws. This is likely to make the sample more representative and the empirical results more generalisable. It will also shed light on whether European Union within the Euro-Mediterranean region and the Euro-Mediterranean Partnership (EMP), has brought these countries closer together in practices, specifically when dealing with risk and its management.

We use part of the questionnaire adopted by Bezzina et al. [9] in their paper on risk management practices adopted by Maltese financial services firms, to collect our data and (1) bring to light the mechanisms and strategies used in risk management by these organisations to maximise their opportunities, manage their risks, and maintain stability in their financials. Also, (2) we check if this is perceived as contributing to ‘principled performance’ (defined in the chapter in Section 2.2). Finally (3) we examine the extent to which risk management capabilities offer a competitive advantage to these firms.


2. Literature

We can cite various studies dealing with risk management practices in different areas, industries, regions and countries. For example, a study on risk management practices carried out on the Ghanaian insurance industry by [7] revealed that companies insuring life, different from companies insuring non-life, have their risk appetite levels statements recorded. This enables the identification of those risks to on-board and those ones to transfer. Moreover, they exposed that the industry lacks adequate skilled personnel and risk management is reactive as a response to regulatory directives. Other surveys carried out about the UK insurance industry showed that the response by most insurance firms to risk management regulations was perfunctory, rather than being seen as good business practice [10].

Another study by [11] on risk management practices of German firms revealed that participants showed no difficulty in developing a risk management system and rated business survival as the top risk management goal. Moreover, they showed that respondents are more risk-neutral than risk-averse for financial risks, and that 88 percent use derivatives.

Bankers operating in Barbados perceived risk management as critical to the performance of their banks; with operational risk, credit risk, country/sovereign risk, market risk and interest rate risk being their greatest exposures [12], while those operating in Bahrain show a clear understanding of both risk and risk management and have efficient risk assessment analysis, risk identification processes, credit risk analysis, risk monitoring and risk management practices with credit, liquidity and operational risk being the most prominent risks faced by both conventional and Islamic banks [13].

A study on Islamic banks in Pakistan showed that they are efficient in managing their risks. Revealing that the most influencing variables in the risk management process were that of understanding risk and risk management, risk monitoring and credit risk analysis [14]. On the other hand, Hassan [15], found that the Islamic banks in Brunei Darussalam consider foreign-exchange risk, followed by credit risk and then operating risk, as the 3 most important risks. He also noted that Islamic banks are very efficient mainly in risk identification, assessment and analysis.

A further study by Sifumba et al. [16] revealed that manufacturing SMEs personnel in Cape Town are not aware of the elements that make risk management effective. While in Malta, Bezzina et al. [8], found that financial firms have a strong culture of efficient and effective risk management practices that add value and are linked to well-defined objectives with corporate social responsibility embedded within the organisations’ risk management corporate strategies and corporate culture. Miloš Sprčić et al. [17], in a study on Croatian companies, find that the risk management system development is dependent only on value of the growth options and the size of the company.

2.1 Risk management strategies and mechanisms

Any organisation’s strategy needs to deal with an uncertain environment. Therefore, organisational strategic choices will determine the organisation’s exposure to an uncertain environmental and constituents that impact their performance. “Exposure” defined as the sensitivity of an organisation’s cash flows to changes in interrelated uncertain variables. The emphasis of organisation on specific particular (particularist view) rather than multidimensional uncertainties is a significant shortcoming. The former view of isolating specific uncertainties, excludes other interrelated uncertain variables. In fact, literature in financial services emphasises uncertainties for which hedging or insurance instruments can be designed to manage organisation exposures, however omitting some uncertainties that are encountered in the overall management strategic decisions. The alternative view is where management takes a general approach to risk and gives explicit consideration to numerous uncertainties (integrated risk management perspective) [18].

Das and Teng [19], build on the latter and suggests that to effectively manage risks and reduce unwanted risks, organisations need to examine the inter-relationship between trust, control and risk using an integrated framework which examines the inter-relationship between the three constructs. They note that firms need to manage their risks by determining the conjoint roles of these constructs in the context of their objectives and strategies.

It has therefore always been a must for every leading firm to ensure that the process of identifying risk and managing it, is an explicit part of the strategic plan, and that there is a buy-in from all levels of their organisation. Risk management should be seen as a systematic effort that is pervasive through all operating units, be it in the front, mid or back office, right in line with growth areas targeted for investments or any critical support functions. Risk management must matter to the organisation and to the person whose occupation and responsibility is defined by it [20].

The risk manager or officer is responsible to initiate the process of determining the risks faced by the company, based on the strategy, determine the mandatory and voluntary barriers and put in place a risk management strategy to achieve objectives with the least of problems. That is the objective risk assessment process which depends on the organisation, and the plan and tactics to arrive at that objective [21].

Stulz [22] offers us theoretical evidence showing that risk management practice within firms is limited. Marshall and Heffes [23] report that only 11 percent of “more than 90 percent of the executives who say they are building or want to build enterprise risk management (ERM) processes into their organization report they have completed their implementation. The survey results indicate that more than two-thirds of both boards of directors and senior management staff consider risk management to be an important responsibility”. COSO’s recent survey [24] findings show unsatisfactory results for the implementation of ERM showing that “60 percent of respondents say their risk tracking is mostly informal and ad hoc or only tracked within individual silos or categories as opposed to enterprise-wide.”

2.2 Risk management and principled performance

As explained in Bezzina et al. [8] we again adopted the Open Compliance and Ethics Group’s (OCEG) standard’s concept of integrating internal controls “(the Governance, Risk Management and Compliance (GRC) capability model) into one main function [24]. This as suggested by these authors and OCEG, helps to “improve quality and performance, by providing tools that can measure and enhance corporate culture within an integrated environment.” This structure is said to be the main determinant of the achievement of ‘Principled Performance’ as defined by OCEG. That is “reliable achievement of objectives while addressing uncertainty and acting with integrity.” [21].

“OCEG in their definition of ‘Principled Performance’ emphasises the unambiguous articulation of a firm’s objectives in financial and non-financial form. It outlines the methods and boundaries that would be adhered to while achieving the set targets.” They continued to note that ‘Principled Performance’ in a financial firm can be achieved with clearly defined objectives, goals, values and a transparent, effective flexible mechanism, which enables continuous improvement to address risks and vulnerabilities within established boundaries [25].

Mitchell [25] continues by highlighting that, mainly if the existing structure offers a competitive advantage, GRC requires function integration without the need for operations consolidation. One can replicate the strengths of approaches, communication, technology used and reporting integration to the whole business to benefits from reduced errors, better information quality, and reduced costs. The GRC 360 Capability Model, 2009 specifies that, while culture, structure and the organisation play an essential role in the overall performance of a company; people, process and technology are crucial for principled performance.

2.3 Risk management abilities and competitive advantage

Creativity is lost if we only think of risk management as a way to minimise risk. We need to take risks and if and when they go in some unwanted unpredictable path, we need to be able to respond to them [26]. Kannan and Thangavel [27] note that every major advance in human civilization was possible because someone was willing to take a risk and challenge the status quo.

Enterprise risk management (ERM) promotes risk management as a more strategic responsibility and emphasises that if effectively implemented it can create a long term competitive advantage [28]. However, Slywotzky and Drzik [29] suggest, that many companies still treat ERM as an extension of their internal control processes, while only a few companies, use their risk management abilities as a source of competitive advantage. In fact these companies go beyond internal controls and cost-controlling (defensive and reactive approaches), taking a more aggressive and proactive stance towards risk. These have understood that managing risk is a source of leverage to gain competitive advantage [30].

Ehsan [30], limited risks faced by a company, to two major types: rewarded and unrewarded risks, and continues to note that the way through which capabilities of risk management can increase competitive advantage depends mainly on the type of risk exposure the company has. Rewarded risks are those risks that are expected to gain us some type of benefit, that is, risks taken to create value and are consequences of our decisions. Unrewarded risks usually brought about by external forces, such as natural disasters, industrial accidents, theft, pandemics, etc. which have no potential value in them. The ability to effectively deal with these risks has an important impact on the company’s performance and thereby its competitive advantage.

In his seminal book, Porter [31] argues that “there are two major ways that a company can gain competitive advantage over its competitors: cost advantage, and differentiation”. Risk management capabilities can help to affect the company’s costs and the value it creates for stakeholders. Moreover, in theory, since risk management is a proactive activity, it can help create preparedness and advanced warnings for disruptions (i.e., to ensure business continuity). This differentiates these companies from their competitors giving them a competitive advantage [30].


3. Method

A questionnaire adopted from a previous study by Bezzina et al. [8] to determine the risk management practices by Maltese financial firms, was used to extend this study to other Euro-Mediterranean countries. This questionnaire was administered to persons working in, or with a connection to the field of risk management within the financial services industry. Participants for the questionnaire were recruited with the help of one of the authors who is an active participant in European risk management associations. The survey was administered using an online questionnaire which was opened in January 2017 and closed in November 2017. In the introduction page we outlined our aims and objectives, while in the next four sections we posed closed-ended statements, which related to four main themes: (i) strategies and mechanisms adopted in risk management; (ii) the perceived purpose, scope and benefits of risk management; (iii) risk management and competitive advantage; and (iv) CSR influences on the corporate risk management strategies. The participants were asked to choose from a five-point Likert scale mainly ranging from ‘strongly disagree’ (coded as ‘1’) to ‘strongly agree’ (coded as ‘5’), and some others ranging from ‘very unimportant’ (coded as ‘1’) to ‘very important’ (coded as ‘5’). The final section (Section 5) was dedicated to the collection of the demographic data about the participant and their organisations. This data was collected in the form of labels or a scale and presented in aggregate, so as not to enable identification of the organisation or the participant. The responses (1635 respondents) were then subjected to statistical analysis using SPSS. When summarising the data, the median and interquartile range (lower quartile to upper quartile) were used for the ordinal scales while the mean and standard deviation were used with the interval/ratio scales. To test for differences in mean ranks, the Friedman test (a non-parametric alternative to one-way ANOVA) was used. Participants were guaranteed that their identity and that of the firm they are representing will be maintained anonymous.


4. Research questions

As noted above, being an extension of a previous study by Bezzina et al. [8], and since we adopted the same questionnaire, we also maintained the same research questions and the new responses were used to investigate and compare to the findings in that study.

4.1 RQ1

What are the risk management strategies and mechanisms adopted by financial services firms within countries with a Euro-Mediterranean connection in order to manage their risks, strengthen their opportunities and retain financial stability?

4.2 RQ2

Do the financial services firms in countries with a Euro-Mediterranean connection perceive risk management as just an authority imposed obligatory requirement or do they see it as critical for the achievement of ‘principled performance’?

4.3 RQ3

Do risk management abilities offer a competitive advantage to financial services firms in countries with a Euro-Mediterranean connection?


5. Results

5.1 RQ1

The respondents reported (on average), that they strongly agree their institution has a strategic risk management plan in place (Md = 5, IQR = 4–5). Furthermore, they agreed (Md = 4), that they have systems in place to strengthen the risk management process (see Table 1).

The strategic risk management planMedianIQR
Is clearly communicated and understood43–5
Is a contribution of all team members43–5
Is a responsibility of top management44–5
Is in sync with individual risk management plans44–5

Table 1.

Summary statistics.

N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’).

Furthermore, we asked the respondents to rate their level of agreement with seven statements related to the scope of their institution’s strategic risk management plan is. Table 2 shows that there were significant differences in mean ranks based on the Friedman test, although they strongly agreed (Md = 5) or agreed (Md = 4) with all the statements.

The scope of the strategic risk management planMedianIQRMean rank
Is to provide a framework for the risk management process of identification, monitoring, control and decision54–54.76
Is to provide the appropriate setup to enable risk assessments in terms of costs and benefits of identified risks54–54.73
Is to help maintain stability in financials44–53.94
Is to allow for innovation to maximise opportunities and cost reduction44–53.68
Is to provide a framework with roles and responsibilities to enable better risk identification44–53.66
Is to record declared aims and objectives and ensure a systematic identification of risks relating to each44–53.62
Is to provide a defined structure to sustain business growth and continued profitability within objectives, appetite and tolerance.44–53.60

Table 2.

Summary statistics and Friedman test output.

Friedman test: χ2(6) = 1777.37, p ≤ 0.001; N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’).

We then delved into the quality requirements of risk management, the procedures/processes/policies of risk management, and the risk culture adopted by the financial services institutions. Details of the items used and a summary of statistical output are provided in Table 3. The responses exhibit empirical evidence of a strong risk management within the institutions investigated.

StatementMedianIQRMean rank
In our institution…a
The risk manager is an active member of the risk management committee44–52.76
The risk management committee members communicate the risk appetite and tolerance of the firm44–42.52
The risk management committee members are Knowledgeable44–42.37
The risk manager makes use of bottom up methodologies in developing the strategic risk management plan44–42.36
Which of the following initiatives are embedded within the firm’s risk management strategy?b
Risk reporting and information systems54–53.67
Enterprise risk management practices54–53.64
Ongoing improvements in risk management practices54–53.62
Risk measurement and monitoring in non-financial terms54–53.59
Risk measurement and monitoring practices in financial terms54–53.47
Identification and quantification of risks and controls44–53.01
To what extent does your institution map its risks (identification, description and prioritisation)?c
Top down approach and bottom up approach54–53.53
On a global corporate level only (strategic, financial and operational)44–53.43
Risks are managed at group level or are silo based*43–52.92
Only for certain business units/areas*42–52.56
Only for certain categories of risks*42–52.56

Table 3.

Risk management quality requirements, risk management procedures/process/policies and risk culture: summary statistics and Friedman test output.

χ2(6) = 749.48, p ≤ 0.001.

χ2(5) = 749.48, p ≤ 0.001.

χ2(4) = 1028.64, p ≤ 0.001.

Reverse coded.

N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’); Friedman tests: χ2(3) = 391.16, p ≤ 0.001.

Finally, we wanted to know how important each of 12 established frameworks were for the institutions when implementing risk management. Table 4 shows that four frameworks were overall rated as ‘important’, (Basel Accords, COSO 2, IAS and Interest Rate Risk Management), and the remaining eight as ‘neither important nor unimportant’.

Our institution makes use of the following frameworks when implementing risk managementMedianIQR (range)Mean rank
Basel Accords44–59.14
COSO 243–58.72
International Accounting Standards (IAS)43–47.91
ISO 3100043–57.79
Interest Rate Risk Management (e.g., duration or gap analysis)43–46.70
National Risk Management Standards (NRMS)33–35.55
Value at Risk (VAR)33–45.46
Prince 233–45.37

Table 4.

Risk management frameworks: summary statistics and Friedman test output.

N = 1635; scales are ordinal and range from very unimportant (‘1’) to very important (‘5’); Friedman test: χ2(11) = 5906.88, p ≤ 0.001.

5.2 RQ2

The respondents reported (on average) that risk management practices play a vital role in their institutions (M = 4.00; SD = 0.51) and have a positive perception of risk management practices in achieving principled performance (M = 4.10, 0.64). Table 5 provides a summary of the responses and statistical output pertaining to the individual items that make up these two constructs.

Risk management practices play a vital role in ensuring that our institution
Clearly defines its goals and values44–4
Outlines how these goals are achieved44–4
Identifies and demonstrates how risks and vulnerabilities would be addressed44–4
Allows for transparency with stakeholders43–4
Implements an effective mechanism for change, enabling continuous improvement to achieve the desired outcomes44–5
Perceived purpose of risk management practices
Critical factor in achieving principled performance44–5
Vital to the performance and success of our institution’s objectives43–5
No link between principled performance and RM practices*44–5
Principled performance does not form part of our institution’s risk management practices benefit realisation plans*44–5
Puts a strain on resource effort for compliance’s purposes without providing added value*43–5

Table 5.

Role and perceived purpose of risk management practices: summary statistics.

Reverse coded.

N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’).

Furthermore, they agreed (Md = 4) that they give sufficient attention to all the risks that we outlined when designing strategies and objectives, bar ‘health and safety’ (Md = 3). Table 6 exhibits the 14 risks in order of decreasing attention as rated by the respondents.

Our institution gives sufficient attention to the following risks when designing strategies and objectivesMedianIQRMean rank
Credit risk44–59.41
Financial risk44–59.01
Liquidity risk44–58.96
Fraud risk44–58.52
Operational risk44–58.48
Strategic risk43–58.23
Market risk44–47.73
Reputation risk44–57.64
External risk44–57.46
Corporate governance risk43–46.52
Legal/ethical risk43–46.33
Administrative risk43–46.00
Information risk43–45.75
Health and safety risks33–45.28

Table 6.

Risks when designing strategies and objectives: summary statistics and Friedman test output.

N = 1635; scales are ordinal and range from very low (‘1’) to very high (‘5’). Friedman test: χ2(13) = 3839.11, p ≤ 0.001.

5.3 RQ3

In this research question, we wanted to better understand the capabilities of risk management practices in achieving competitive advantage. We first sought to determine the institutions’ intention behind the risk management strategy for the financial services (see Table 7).

The risk management strategy was implemented…MedianIQRMean rank
To abide by legal, regulatory or compliance requirements53–56.11
To formally define the institution’s risk appetite53–55.92
To formalise the governance structure43–55.84
For catastrophic events or major crises (reaction to unexpected losses)43–55.81
For corporate social responsibility43–55.51
Due to pressure from analysts and/or rating agencies43–55.32
Due to pressure from the market (e.g., competitors, suppliers, etc.)43–55.28
To instil a consistent strong risk culture focussed on optimising understood risk return trade-offs within the defined risk strategy43–55.13
To ensure full transparency across all risks and across the organisation43–55.08
For competitive advantage43–55.01

Table 7.

Intention behind the risk management strategy: summary statistics and Friedman test output.

Friedman test: χ2(9) = 1057.85, p ≤ 0.001; N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’).

We then wanted to examine the extent to which continuous risk impact assessments strengthen the competitive advantage in each of 8 factors. Table 8 shows that the respondents agreed (Md = 4) with all the factors bar political and legal factors (Md = 3).

Our institution’s risk management strategy requires that continuous risk impact assessments are conducted in order to strengthen the competitive advantage in:MedianIQRMean rank
Financial capabilities44–55.79
Economic factors44–55.64
Marketing capabilities43–54.40
Competitive factors43–54.38
Cultural and societal factors43–54.18
Human resource capabilities43–53.74
Political and legal factors33–43.90

Table 8.

Factors strengthening competitive advantage: summary statistics and Friedman test output.

N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly (‘5’); Friedman test: χ2(7) = 2095.78, p ≤ 0.001.

Furthermore, we examined the benefits risk management capabilities provide to institutions. These respondents agreed (Md = 4) that risk management infuses a risk culture in the institution (IQR = 3–5), sustains future profitability (IQR = 4–5), provides visibility of economic and financial environment (IQR = 3–5) as well as long term profitable growth (IQR = 3–4) and provides competitive advantage (IQR = 3–5). Furthermore, we asked the respondents to rate their level of agreement with six factors aimed strengthening core risk management functions. The findings are exhibited in Table 9.

In order to strengthen the core risk management functions,
our executives seek to…
MedianIQRMean rank
Carry out continuous risk analysis of its credit portfolio43–53.74
Adjust credit policies and revise mandates and incentive systems43–53.73
Strengthen the internal information markets to make information available to decision makers on credit and sources of finance43–53.65
Continuously strengthen internal capital efficiency and capital planning for the coming years to reflect potential market scenarios43–53.45
Carry out strategic re-adjustment of liquidity intensive businesses43–53.26
Refine the risk management tools to optimise usage of liquidity and improve transparency43–43.17

Table 9.

Strengthening core risk management functions: summary statistics and Friedman test output.

N = 1635; scales are ordinal and range from strongly disagree (‘1’) to strongly agree (‘5’); Friedman test: χ2(5) = 483.38, p ≤ 0.001.


6. Conclusion

Our findings evidence that although authors such as Youngs [9], show strong scepticisms on the works and challenges of the EMP and the EU legislation; mainly to ensure that members operate on the same level playing field; within risk management in financial services of firms with a Euro-Mediterranean connection, this objective has been achieved. In fact, results show that similarly to the findings by Bezzina et al. [8] on Maltese financial services firms, personnel working or are involved in/with risk management of financial services firms with their head offices operating from Cyprus, France, Italy, Spain, Croatia, Greece, and Slovenia report that they have a strategic risk management plan in place with systems to enable the strengthening of their risk management processes to reach clearly identified objectives. They note various reasons that have helped to ensure this, with the strongest reasons being that of abiding to legal, regulatory and compliance requirements and the need to have a framework for systematic risk identification, mitigation, management, monitoring and control.

Findings, also show that the risk manager in these firms, similar to that of Maltese financial services forms, is highly active and involved, very knowledgeable and uses both top-down and bottom-up approaches to communicate the risk appetite of the company. This is facilitated by the fact that the quality and importance of risk management is embedded within their risk management strategy and seen as part of the firms’ growth road map and a way to meet objectives. Moreover, in carrying out and designing their risk management strategy and processes these institutions tend to favour the use of frameworks/recommendations with the most followed being that provided by the Basel Accords. However, although, they give attention to practically all known risks identified, they are neutral on ‘health and safety’ issues, maybe because this might fall out of the competence of the respondents.

Finally, findings show that risk management practices play a vital role in ensuring that institutions reach their objectives (principled performance), add value and create a competitive advantage. This , with these practices, goals and values, is being clearly recorded and communicated; the roadmap to successfully reaching objectives is transparent and clear, enabling appropriate, identification of risks, growth, profitability, flexibility for improvement and change and quick response to uncertainties.


  1. 1. Doff R. Risk Management for Insurers, Risk Control, Economic Capital and Slvency II (3rd ed). Risk Books; 2015. pp. 11-13
  2. 2. Schwab K, Sala-I-Martin X. The Global Competitiveness Report 2009-2010. In: Schwab K, editor. World Economic Forum. 2009. [Accessed 21st August, 2018]
  3. 3. Ghoshal S. Global strategy: An organizing framework. Strategic Management Journal. 1987;8:425-440
  4. 4. March JG, Shapira Z. Managerial perspectives on risk and risk taking. Management Science. 1987;33:1404-1418
  5. 5. Hillson DA. What is risk? Towards a common definition. Journal of the UK Institute of Risk Management. 2002;2002:11-12
  6. 6. Chua CC, Sarin RK. Known, unknown, and unknowable uncertainties. Theory and Decision. 2002;52(2):127-138. DOI: 10.1023/A:1015544715608 [Accessed 23rd June, 2018]
  7. 7. Akoteyl JO, Abor J. Risk management in the Ghanaian insurance industry. Qualitative Research in Financial Markets. 2013;5(1):26-42. DOI: 10.1108/17554171311308940
  8. 8. Bezzina F, Grima S, Mamo J. Risk management practices adopted by financial firms in Malta. Managerial Finance. 2014;40(6):587-612
  9. 9. Youngs R. 20 years of the Euro-Mediterranean Partnership. Mediterranean Politics. Carnegie Europe. 2015. [Accessed 22nd June, 2018]
  10. 10. Dowd K, Bartlett DL, Chaplin M, Kelliher P, O’Brien C. Risk Management in the UK insurance industry: The changing state of practice. In: CRIS Discussion Paper Seroes – 2007.II. 2007. pp. 5-29
  11. 11. Fatemi A, Glaum M. Risk management practices of German firms. Managerial Finance. 2000;26(3):1-17
  12. 12. Wood A, Kellman A. Risk management practices by Barbadian banks. International Journal of Business and Social Research. 2013;3(5):22-23
  13. 13. Hameeda AH, Jasim A-A. Risk management practices of conventional and Islamic banks in Bahrain. The Journal of Risk Finance. 2012;13(3):215-239
  14. 14. Khalid S, Amjad S. Risk management practices in Islamic banks of Pakistan. The Journal of Risk Finance. 2012;13(2):148-159
  15. 15. Hassan A. Risk management practices of Islamic banks of Brunei Darussalam. The Journal of Risk Finance. 2009;10(1):23-37. DOI: 10.1108/15265940910924472
  16. 16. Sifumba CM, Boitshoko Mothibi KB, Ezeonwuka A, Qeke S, Matsoso ML. The risk management practices in the manufacturing SMEs in Cape Town. Problems and Perspectives in Management. 2017;15(2):386-403
  17. 17. Miloš Sprčića D, Kožula A, Pecina E. State and perspectives of enterprise risk management system development—The case of Croatian companies. Procedia Economics and Finance. 2015;30:768-779
  18. 18. Miller KD. A framework for integrated risk management in international. Journal of International Business Studies. 1992;23(2):311-331 [Accessed 23rd June, 2016]
  19. 19. Das TK, Teng B-S. Trust, control, and risk in strategic alliances: An integrated framework. Organisation Studies. 2001;22(2):251-283. DOI: 10.1177/0170840601222004 [Accessed 23rd June, 2018]
  20. 20. Lowers M. 3 risk management practices of industry-leading organisations. In: The Risk Management Blog. 2015 [Accessed 22nd June, 2018]
  21. 21. Mitchell SL, Stern Switzer C. GRC Capability Model (OCEG Red Book). 2013.
  22. 22. Stulz RM. Rethinking risk management. Journal of Applied Corporate Finance. 1996;9(3):8-25
  23. 23. Marshall J, Heffes EM. Most firms agree: ERM is a challenge. Financial Executive. 2005;21(8):10
  24. 24. Beasley MS, Branson BC, Hancock BV. COSO’s 2010 Report on ERM. Committee of Sponsoring Organizations of the Treadway Commission; 2010
  25. 25. Mitchell SL. GRC360: A framework to help organizations drive principled performance. International Journal of Disclosure and Governance. 2007;4(4):279-296
  26. 26. Catmull E. How pixar fosters collective creativity. Harvard Business Review. 2009;87(1):109
  27. 27. Kannan L, Thangavel H. Risk management lessons worth remembering from the credit crises of 2007. The Journal of Portfolio Management. 2008;2008:21-44
  28. 28. Nocco BW, Stulz RM. Enterprise risk management: Theory and practice. Journal of Applied Corporate Finance. 2006;18(4):8-20
  29. 29. Slywotzky AJ, Drzik J. Countering the biggest risk of all. Harvard Business Review. 2005;83(4):78-88
  30. 30. Ehsan E. Risk management: The next source of competitive advantage. Foresight: The Journal of Futures Studies, Strategic Thinking and Policy. 2013;15(2):117-131. DOI: 10.1108/14636681311321121
  31. 31. Porter ME. Competitive Advantage. New York, NY: The Free Press; 1985

Written By

Simon Grima and Frank Bezzina

Submitted: 01 May 2018 Reviewed: 01 August 2018 Published: 05 November 2018