Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 120

1 – Large European Commercial Bank A large commercial bank working across the EU has set up the Level 3 metrics tolerance thresholds, and the related escalation paths, as follows: The breach of the target level activates an early warning signal, entailing: notification and request for a deep dive to investigate the reasons for the threshold breach; close monitoring of the indicator; evaluation of potential mitigating actions, involving the business functions in case of need. The breach of the caution level requires: notification and request for a deep dive to investigate the reasons underlying the threshold breach; increment of the monitoring frequency from the business-as-usual context, on at least quarterly basis; definition of potential mitigating actions (review of existing or new ones), with involvement of central compliance along with all the relevant stakeholders; reporting of the trigger breach to the local top management. A limit level breach requires: notification and request for a deep dive to investigate the reasons underlying the threshold breach; monthly monitoring frequency, increased vs. the base case and in case of trigger breach; mandatory definition of immediate mitigating actions to bring the specific indicator below the limit threshold, jointly defined by the compliance function, involving all key stakeholders; reporting of the limit breach to the local top management.

When a specific indicator breaches the limit threshold:

 the relevant business functions are involved and informed in a timely manner, in order to focus attention on the critical situation and induce a more prudential approach, even before the design and adoption of remedial actions;

 potential remedial actions are proposed and jointly defined with the impacted structures/divisions/entities;

 agreed remedial actions are promptly activated and monitored;

 further points of attention are escalated to relevant senior management;

 the indicator is subject to periodic updates and monitoring by internal control functions;

 after completion, the remedial action is reviewed by internal audits before the actions are closed.

The institution’s management bodies are responsible for validating the methodology and are constantly informed about threshold breaches. Many advanced institutions have developed aggregated and consolidated risk appetite dashboards, in which they monitor the risk exposure and limits with respect to the firm’s appetite for non-financial risks. These dashboards are regularly presented to the group-wide risk committee (e.g. monthly, quarterly) as well as to the management board and the supervisory board (at least quarterly for larger institutions) to support monitoring and to provide an overview of the institution’s risk profile.