Risk Awareness at All Levels for Sustainable Business Success
Risk Culture and Risk Strategy
We help you build a strong risk culture and a clear risk strategy — from assessment through risk appetite framework design to sustainable organizational embedding. MaRisk-compliant and proven in practice.
- ✓Strengthening organizational resilience through lived risk culture at all levels
- ✓Strategic decision support through clear risk appetite definitions
- ✓Optimized resource allocation through risk-adjusted performance consideration
- ✓Improved stakeholder communication through transparent risk attitude
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
- Your strategic goals and objectives
- Desired business outcomes and ROI
- Steps already taken
Or contact us directly:
Certifications, Partners and more...
Strengthening Your Risk Culture and Risk Strategy
Our Strengths
- Extensive experience in cultural change and strategic risk management
- Proven methods and tools for risk culture assessment and development
- Industry-specific know-how and understanding of regulatory requirements
- Pragmatic approach with focus on sustainable implementation
⚠
Expert Tip
A strong risk culture cannot be mandated but must be lived and continuously developed. It requires clear commitment from management, transparent communication, and consistent alignment of incentive systems with risk-oriented behavior. Successful cultural change takes time and requires patience and perseverance.
ADVISORI in Numbers
11+
Years of Experience
120+
Employees
520+
Projects
We pursue a systematic and comprehensive approach to developing and strengthening your risk culture and risk strategy.
Our Approach:
Assessment of current risk culture and identification of strengths and development areas
Development of target risk culture and risk strategy aligned with business objectives
Design of implementation roadmap with clear milestones and responsibilities
Implementation of cultural change measures and governance structures
Continuous monitoring and adjustment of measures based on progress
"A strong risk culture and clear risk strategy are essential for sustainable corporate success. Through our structured approach, we help organizations develop a risk-aware culture that enables proactive risk management and strategic decision-making while meeting regulatory requirements."
Melanie Düring
Head of Risk Management
Our Services
We offer you tailored solutions for your digital transformation
Development and Implementation of Risk Strategy
We develop a comprehensive risk strategy that is aligned with your business objectives and defines clear risk appetite and risk tolerance.
- Analysis of strategic objectives and risk landscape
- Development of risk appetite and risk tolerance framework
- Definition of risk limits and escalation mechanisms
- Integration into strategic planning and decision-making processes
Risk Culture Assessment and Development
We assess your current risk culture and develop targeted measures to strengthen risk awareness and risk competence.
- Comprehensive risk culture assessment through surveys and interviews
- Identification of cultural strengths and development areas
- Development of target culture and transformation roadmap
- Implementation of cultural change measures and monitoring
Risk Management Governance and Leadership
We design risk-oriented governance structures and support management in their role as risk culture ambassadors.
- Design of risk governance structures and committees
- Definition of roles, responsibilities, and decision-making authorities
- Development of risk-oriented leadership principles and behaviors
- Training and coaching for management and risk owners
Risk/Return Optimization and Strategic Risk Management
We support you in integrating risk considerations into strategic planning and performance management to optimize risk-adjusted returns.
- Development of risk-adjusted performance metrics (RAROC, EVA)
- Integration of risk considerations into strategic planning
- Optimization of capital allocation and resource deployment
- Alignment of incentive systems with risk-oriented behavior
Looking for a complete overview of all our services?
View Complete Service OverviewOur Areas of Expertise in Risk Management
Discover our specialized areas of risk management
Strategic Enterprise Risk Management
Develop a comprehensive risk management framework that supports and secures your business objectives.
▼
Operational Risk Management & Internal Control System (ICS)
Implement effective operational risk management processes and internal controls.
▼
Financial Risk
Comprehensive consulting for the identification, assessment, and management of market, credit, and liquidity risks in your company.
▼
Non-Financial Risk
Comprehensive consulting for the identification, assessment, and management of non-financial risks in your company.
▼
Data-Driven Risk Management & AI Solutions
Leverage modern technologies for data-driven risk management.
▼
Frequently Asked Questions about Risk Culture and Risk Strategy
What is risk culture and why does BaFin require it from banks?
Risk culture describes the totality of norms, attitudes, and behaviors that shape risk awareness and risk handling within an organization. MaRisk (AT 3) requires management to develop, promote, and integrate an appropriate risk culture across all levels. BaFin emphasizes that risk culture is not a side issue but must permeate the daily thinking and actions of all employees. The 9th MaRisk amendment
2026 further tightens these requirements.
What is a risk appetite statement and how is it developed?
A Risk Appetite Statement (RAS) defines the type and extent of risks an institution is willing to take to achieve its strategic objectives. It derives from the business strategy and includes quantitative metrics (capital ratios, VaR limits, concentration thresholds) and qualitative guidelines (reputational risk tolerance, compliance principles). The RAS bridges business strategy and risk strategy and is approved by the executive board and endorsed by the supervisory board.
What is the difference between risk strategy and risk appetite?
Risk strategy is the overarching document defining objectives, principles, and measures of risk management, consistent with business strategy per MaRisk AT 4.2. Risk appetite is a subset that quantifies how much risk the institution is willing to accept. The Risk Appetite Framework (RAF) operationalizes risk appetite through limits, thresholds, and escalation mechanisms. The risk strategy contains risk appetite but also governance, processes, and reporting channels.
How do you measure and assess an organization's risk culture?
Measurement covers three dimensions: First, quantitative indicators such as risk report escalations, limit breaches, compliance violations, and whistleblower reports. Second, qualitative assessments including structured leadership interviews, tone-from-the-top analysis, and decision process observation. Third, employee surveys on risk awareness perception, psychological safety, and error handling. ADVISORI uses a proprietary risk culture assessment approach with benchmark comparison.
What role does the board play in risk culture?
Under MaRisk, the board bears overall responsibility for risk culture. It must actively demonstrate it (tone from the top), define the risk strategy, and monitor its implementation. This means: regular communication on risk appetite, incorporating risk considerations in strategic decisions, fostering an open error culture, and including risk behavior in performance evaluations. BaFin explicitly examines board involvement in risk management during SREP assessments.
What requirements does the 9th MaRisk amendment 2026 place on risk strategy?
The 9th MaRisk amendment, consulted in April 2026, tightens requirements for risk strategy and culture. New focus areas include: stronger integration of ESG risks into risk strategy, expanded requirements for risk data management, deeper specifications for risk culture across all organizational levels, tighter requirements for business model analysis, and heightened expectations for IT governance in risk management. Institutions must review and adapt their existing strategies promptly.
What does developing risk culture and risk strategy cost?
Typical project budgets range from EUR 80,
000 to 250,
000 depending on institution size and maturity. The scope includes risk culture assessment (four to six weeks), risk strategy development including risk appetite statement (six to ten weeks), and implementation support with change management (eight to twelve weeks). ADVISORI offers modular packages from risk culture quick checks through complete strategy development to ongoing support for cultural anchoring.
Success Stories
Discover how we support companies in their digital transformation
Digitalization in Steel Trading
Klöckner & Co
Digital Transformation in Steel Trading
Case Study
Results
Over 2 billion euros in annual revenue through digital channels
Goal to achieve 60% of revenue online by 2022
Improved customer satisfaction through automated processes
AI-Powered Manufacturing Optimization
Siemens
Smart Manufacturing Solutions for Maximum Value Creation
Case Study
Results
Significant increase in production performance
Reduction of downtime and production costs
Improved sustainability through more efficient resource utilization
AI Automation in Production
Festo
Intelligent Networking for Future-Proof Production Systems
Case Study
Results
Improved production speed and flexibility
Reduced manufacturing costs through more efficient resource utilization
Increased customer satisfaction through personalized products
Generative AI in Manufacturing
Bosch
AI Process Optimization for Improved Production Efficiency
Case Study
Results
Reduction of AI application implementation time to just a few weeks
Improvement in product quality through early defect detection
Increased manufacturing efficiency through reduced downtime
Let's
Work Together!
Is your organization ready for the next step into the digital future? Contact us for a personal consultation.
Your strategic success starts here
Our clients trust our expertise in digital transformation, compliance, and risk management
Ready for the next step?
Schedule a strategic consultation with our experts now
30 Minutes • Non-binding • Immediately available
For optimal preparation of your strategy session:
Your strategic goals and challenges
Desired business outcomes and ROI expectations
Current compliance and risk situation
Stakeholders and decision-makers in the project
Prefer direct contact?
Direct hotline for decision-makers
Strategic inquiries via email
Detailed Project Inquiry
For complex inquiries or if you want to provide specific information in advance
