Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 21

The term non-financial risk is not yet commonly used by regulators. While there are definitions for individual risk types, such as operational risk or AML risks, even with a somewhat widespread base, no catalogue of risk types has been summarised under non-financial risks by regulators. Thus, no clear regulatory definition of non-financial risk has been established.

On a global level, BCBS does not provide a definition of non-financial risk. The Basel Committee has, however, updated the principles for the sound management of operational risk and published a linked paper on operational resilience in March 2021. As with Basel, regulators more frequently advise on operational risk management and in part reference some of the non-financial risk types within those policies.

In Europe, Banco de España mentions certain examples of non-financial risks, such as misconduct, non-compliance, IT, reputational, cybersecurity or operational challenges. The basis for the delineation against financial risks is that the mentioned non-financial risks are not linked directly to financial decisions and have nothing but a downside. Also, according to Banco de España, a further defining element of non-financial risk is that it is hard to quantify precisely. Finally, there is a reference to operational risk as the specific part of the Basel Accord included a capital charge for these types of risk.[25] The ECB annually publishes a report on the outcome of the Supervisory Review Process (SREP) IT Risk questionnaire, which specifically deals with findings and weaknesses of IT-related risks.[26]

US regulators do not explicitly provide a definition of non-financial risk. However, in its November 2019 Supervision and Regulation report, the Federal Reserve Board (FED) gives examples of risk-management weaknesses for US banks with less-than-satisfactory supervisory ratings. These examples include compliance, internal controls, model risk management, operational risk management and/or data as well as information technology infrastructure. Further weaknesses mentioned concern the Bank Secrecy Act (BSA) and anti-money laundering (AML) programmes.[27]

Among Asian-Pacific regulators, the Australian Prudential Regulation Authority (APRA) refers to non-financial risks in its information paper on governance, culture, remuneration and accountability. However, it does not provide an explicit definition of non-financial risk.[28]