The recent global financial crisis exposed a number of governance weaknesses that resulted in firms' failure to understand the risks they were taking. In the wake of the crisis, numerous reports painted a fairly bleak picture of risk governance frameworks at financial institutions, which consists of the three key functions: the board, the firm-wide risk management function, and the independent assessment of risk governance. The crisis highlighted that many boards had directors with little financial industry experience and limited understanding of the rapidly increasing complexity of the institutions they were leading. The peer review found that, since the crisis, national authorities have taken several measures to improve regulatory and supervisory oversight of risk governance at financial institutions. Nonetheless, more work remains; national authorities need to strengthen their ability to assess the effectiveness of a firm's risk governance, and more specifically its risk culture to help ensure sound risk governance through changing environments.