Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 12

Three chapters describe the most essential components of a financial institution’s non-financial risk management lifecycle.

Sophisticated institutions apply a top-down approach to non-financial risk assessment, using risk-type agnostic criteria to evaluate their exposure to non-financial risks and derive the proper implications for bank-wide risk management. Chapter 7 elaborates on the methodology for a top-down non-financial risk assessment.

A key element of effective risk mitigation is the underlying internal control framework. Controls can take a variety of forms, ranging from automated/manual process controls to the conduct of training sessions and the definition of internal policies and requirements. A comprehensive internal control framework needs to combine a top-down approach (focusing on controls addressing the most relevant risk types) with a bottom-up approach (whereby individual risks and controls are identified based on a detailed review of the underlying processes). Chapter 7 comprises a deep dive on the top-down approach for the creation of an internal control framework.

Financial institutions are confronted with non-financial risks that are increasing both in number and severity, and they face non-financial risk exposure in almost every area of activity. In many institutions, this has resulted in a heterogenous reporting landscape for non-financial risks, with a variety of bottom-up, risk-specific reports from different functions and often diverging criteria for the measurement of risk. Hence, financial institutions are in an ever-stronger need of an overall non-financial risk reporting approach, spanning across risk types and consolidating the measurement of risk and the adequacy assessment of risk-mitigating controls. Only such a top-down report can give executive management the fact base and insights necessary to steer an institution effectively. Chapter 8 describes an approach to risk-agnostic non-financial risk reporting.

Chapter 9 is a deep dive into investigation capabilities, combined with root cause analysis. Alongside the on-going harmonisation of European corporate law, individual jurisdictions are increasingly requesting the strengthening of investigative capabilities to better understand root causes of corporate misconduct. This includes the establishment of risk oversight and reporting capabilities, the establishment of a dedicated organisational unit as well as of processes and methods, alongside communication with stakeholders. Particular emphasis is put on the root cause analysis to determine the underlying reasons for misconduct. These insights are then used to identify corresponding lessons learned.