Non-financial Risk Management in the Financial Industry

Non-financial Risk Management in the Financial Industry
Автор книги: id книги: 2353546     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 7170,63 руб.     (70,57$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Зарубежная деловая литература Правообладатель и/или издательство: Bookwire Дата добавления в каталог КнигаЛит: ISBN: 9783956471896 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Managing environment, social and governance (ESG) risk, compliance risk and non-financial risk (NFR) has become increasingly critical for businesses in the financial services industry. Furthermore, expectations by regulators are ever more demanding, while monetary sanctions are being scaled up. Accordingly, ESG, Compliance and NFR risk management requires sophistication in various aspects of a risk management system.
This handbook analyses a major success factor necessary for meeting the requirements of modern risk management: an institution-specific target operating model (TOM) – integrating strategy, governance & organisation, risk management, data architecture and cultural elements to ensure maximum effectiveness. Also, institutions need to master the digital transformation for their business model to be sufficiently sustainable for the years to come. This book will offer ways on how to achieve just that.
The book has been written by senior ESG, Compliance and NFR experts from key markets in Europe, the U.S. and Asia. It gives practitioners the necessary guidance to master the challenges in today's global risk environment. Each chapter covers key regulatory requirements, major implementation challenges as well as both practical solutions and examples.

Оглавление

Группа авторов. Non-financial Risk Management in the Financial Industry

N. Gittfried G. Lienke F. Seiferlein. J. Leiendecker B. Gehra (eds.) Non-financial. Risk Management. in the Financial Industry

Inhaltsverzeichnis

Editors

Contributors

Foreword

1 Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG

1.1 New risks and challenges

1.2 A forward-looking solution for non-financial risk management in the financial industry

1.3 Defining and aligning non-financial risk categories

1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking

1.5 Building key governance and organisational pillars for non-financial risk management

1.6 Generating excellence in the non-financial risk management lifecycle

1.7 Using data, IT and artificial intelligence

1.8 Putting conduct and ethics at the centre of sustainable non-financial risk management

1.9 Environment, social and governance: Implications for effective risk management

2 Definition of Non-Financial Risk in Financial Institutions

2.1 Introduction

2.2 History of non-financial risk and specifications by key regulators

2.2.1 A short history of non-financial risk

Figure 1: Development of non-financial risk

2.2.2 Existing non-financial risk specifications by key global and regional regulators and associations

2.3 Differentiation of financial and non-financial risk

2.3.1 Financial risk definition

2.3.2 Non-financial risk definition

2.4 Specific clusters of non-financial risk

Figure 2: Risk taxonomy in financial institutions

2.4.1 Operational risk

2.4.1.1 Financial crime risk

2.4.1.1.1 Money-laundering/terrorist financing risk

2.4.1.1.2 Sanctions and embargoes risk

2.4.1.1.3 Bribery and corruption risk

2.4.1.1.4 Facilitation of tax evasion

2.4.1.2 Conduct risk

2.4.1.2.1 Market conduct risk

2.4.1.2.2 Client conduct risk

2.4.1.2.3 Employee conduct risk

2.4.1.3 Regulatory compliance risk

2.4.1.4 Fraud risk

2.4.1.4.1 Account-opening fraud risk

2.4.1.4.2 Debt/credit card fraud risk

2.4.1.4.3 Fraudulent paper-based payment transactions risk

2.4.1.4.4 Online banking fraud risk

2.4.1.4.5 Credit fraud risk

2.4.1.4.6 Theft risk

2.4.1.4.7 Embezzlement/breach of trust risk

2.4.1.4.8 Antitrust violation risk

2.4.1.4.9 Balance sheet manipulation

2.4.1.5 Information, Communication & Technology (ICT) and Cyber risk

2.4.1.5.1 Data confidentiality risk

2.4.1.5.2 Data availability risk

2.4.1.5.3 Data integrity risk

2.4.1.5.4 Information security risk

2.4.1.6 Data privacy and bank secrecy risk

2.4.1.6.1 Data privacy risk

2.4.1.6.2 Bank secrecy risk

2.4.1.7 Resilience risk

2.4.1.8 Outsourcing and vendor risk

2.4.1.8.1 Intragroup outsourcing risk

2.4.1.8.2 External outsourcing risk

2.4.1.8.3 Vendor risk

2.4.1.9 Tax reporting risk

2.4.1.10 Other operational risk

2.4.1.10.1 Human resources risk

2.4.1.10.2 Legal risk

2.4.1.10.3 Physical damage risk

2.4.1.10.4 Execution, delivery and process risk

2.4.1.10.5 Reporting risk

2.4.1.10.6 Accounting risk

2.4.1.10.7 Project risk

2.4.1.10.8 Competition law risk

2.4.1.10.9 Model risk

2.4.2 Strategic risk

2.4.2.1 Reputational risk

2.4.2.2 Sustainability risk

2.4.2.2.1 Climate change risk

2.4.2.2.2 Human rights risk

2.4.2.3 Business risk

2.4.2.3.1 Forecasting risk

2.4.2.3.2 Inorganic growth risk

2.4.2.3.3 New business risk

2.4.2.3.4 Investor relations risk

2.5 Conclusion and outlook

3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks

3.1 Introduction. 3.1.1 Regulatory requirements

3.1.2 RAF in practice

Figure 1: Three levels in risk appetite frameworks

3.2 RAF Level 1: Overall Risk Appetite Statement

3.2.1 Overall statement

Table 1: Examples of risk appetite statements for non-financial risks (focus: compliance risks)

3.2.2 Prohibited activities

Table 2: Examples of prohibited activities in risk appetite statements

3.3 RAF Level 2: Risk Appetite metrics

3.3.1 Defining appropriate metrics

Table 3: Example of Level 1 overall statement and related guidance for Level 2 metrics

3.3.2 Metrics: setting the thresholds

3.3.2.1 Thresholds based on benchmark and historical internal loss data for a metric based on operational losses

Figure 2: Definition of thresholds for a Level 2 metric based on operational losses

3.3.2.2 Thresholds based on residual risk levels for a metric based on risk assessment

Figure 3: Definition of thresholds for a Level 2 metric based on risk assessment

Figure 4: Aggregate Level 2 metric based on risk assessment results

3.4 RAF Level 3: Key Risk Indicators

3.4.1 Selecting key risk indicators

Figure 5: Drivers for key risk indicators selection

3.4.1.1 Candidate indicators identification

3.4.1.2 Appetite tracking suitability

3.4.1.3 Expert judgement

Table 4: Example of KRI selection process in three steps

Table 5: Examples of KRIs monitored in the RAF

3.4.2 KRIs: setting and calibrating the thresholds

3.4.2.1 Threshold calibration based on historical data analysis and percentiles

Figure 8: Example of thresholds calibration applying a percentile-based approach

3.4.2.2 Threshold fine-tuning based on benchmarking and backtesting

Table 6: Example of KRI threshold calibration and fine-tuning

3.5 RAF Governance

Figure 9: Annual RAF cycle

3.5.1 RAF design and update

3.5.2 RAF monitoring and reporting

Table 7: Example of RAF monitoring and reporting

3.5.3 RAF threshold breaches and escalation

Tabelle 8: Example of RAF monitoring & reporting

3.5.4 Action plan definition

Table 9: Example of RAF thresholds breaches prioritisation (Findings Severity Matrix)

4 The Three Lines of Defence Model: Key Success Factors for Effective Risk Management

4.1 Introduction

4.2 Regulatory framework in selected key jurisdictions

4.2.1 European Union

4.2.2 United States of America

4.2.3 Hong Kong

4.2.4 Singapore

4.2.5 Risk-type-specific qualifications of the 3LoD model: financial crime prevention

4.2.5.1 EU: remaining country-specific variation in 1st and 2nd LoD mandate

4.2.5.2 United States of America: BSA Compliance officer

4.2.5.3 Hong Kong: Money Laundering Reporting Officer and Compliance Officer

4.3 Key roles and responsibilities of 1st, 2nd and 3rd LoD

Figure 1: Overview key mandates 1st, 2nd and 3rd line of defence

4.3.1 The first line of defence: risk owner

4.3.1.1 Scope of 1st LoD mandate

4.3.1.1.1 Risk ownership

4.3.1.1.2 Implementation and execution of 1st LoD controls

4.3.1.2 Allocation of 1st LoD responsibility

4.3.1.3 1st LoD risk-coordinating function (1.5th LoD)

4.3.1.3.1 Coordination of risk management activities

4.3.1.3.2 Interface to 2nd LoD

4.3.1.3.3 Regulatory advisor

Figure 2: Key mandate 1st LoD risk-coordinating function

4.3.2 The second line of defence: internal control functions

4.3.2.1 Scope of 2nd LoD mandate

4.3.2.1.1 Standard setting

4.3.2.1.2 Testing of 1st LoD controls

4.3.2.1.3 Risk assessment

4.3.2.1.4 Training and advisory

4.3.2.2 Risk materiality and corresponding intensity of 2nd LoD risk oversight

4.3.2.3 Independence of 2nd LoD risk oversight

4.3.2.3.1 Organisational independence

4.3.2.3.2 Functional independence

4.3.2.3.3 Internal control functions performing 1st LoD activities

Role as genuine 1st LoD for generalist risk types

Financial crime prevention: possible outsourcing of specific 1st LoD controls to AML team

4.3.2.4 Key success factors for effective 2nd LoD risk oversight

4.3.2.4.1 Methodology consistency across 2nd LoD functions

4.3.2.4.2 Bodies and committees: adequate 2nd LoD participation and information sharing

4.3.2.4.3 Appointment of primus inter pares non-financial risk governance function

4.3.3 The third line of defence: internal audit as provider of independent assurance

4.3.3.1 Independent assurance

4.3.3.1.1 Adequacy of risk management framework

4.3.3.1.2 Design and operating effectiveness

4.3.3.1.3 Compliance with regulatory requirements and internal standards

4.3.3.2 Advising the board of directors

4.4 Common pitfalls of the 3LoD model and precautionary measures

4.4.1 Insufficient risk ownership by 1st LoD

4.4.2 Lack of 2nd LoD expertise

4.4.3 Inadequate assurance by 3rd LoD

4.5 Conclusion

5 Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and. Integration in Complex Organisations

5.1 Introduction

5.2 Regulatory framework in select key markets

5.2.1 European Union

5.2.2 United States of America

5.2.3 Hong Kong

5.2.4 Singapore

5.3 Global functional lead: individual corporate parameters to consider

5.3.1 Corporate culture

5.3.2 Organisation’s complexity

5.3.3 IT landscape

5.3.4 Geographical footprint

5.4 Major components of global functional lead in non-financial risk management

Figure 1: Major GFL components

5.4.1 Operating model: striking a balance between global standards and regional execution

5.4.1.1 Regulatory horizon screening

5.4.1.2 Setting of risk-specific standards

5.4.1.3 Training and advisory

5.4.1.4 Controls by the 1st and 2nd line of defence

5.4.1.5 Non-financial risk assessment

5.4.1.6 Non-financial risk reporting

5.4.1.7 Group risk oversight

5.4.2 Reporting lines: establishing implementation accountability in vertical functions

Figure 2: Reporting lines under GFL

5.4.2.1 Solid reporting lines into local legal entity and branch

5.4.2.2 Dotted reporting lines into global risk management organisation

5.4.3 Meeting governance: supporting effective management of a global risk function

Figure 3: GFL meeting governance

5.5 Conclusion

6 Policies and Procedures: Framework and Governance Requirements in the Financial Sector

6.1 Introduction

6.2 Regulatory framework in selected key jurisdictions

6.2.1 European Banking Authority (EBA)

6.2.2 US regulators. 6.2.2.1 The Federal Reserve

6.2.2.2 Office of the Comptroller of the Currency

6.2.3 Hong Kong Monetary Authority

6.2.4 Monetary Authority of Singapore

6.3 Policy framework: key implications for a target concept

6.3.1 Status quo: need for structured approach

6.3.1.1 Lack of a harmonised approach

6.3.1.2 Policy gaps and redundancies

6.3.2 Policy framework: design concept and hierarchies. 6.3.2.1 Design concept: key hypotheses for an effective policy framework

6.3.2.1.1 Harmonised design approach

6.3.2.1.2 Completeness

6.3.2.1.3 Uniform naming convention

6.3.2.1.4 Precise wording

6.3.2.1.5 Assignment of responsibilities

6.3.2.1.6 Governance rules

6.3.2.1.7 Linkage to internal processes and controls

6.3.2.2 Suggested hierarchy levels: key criteria and examples

Figure 1: Example for four-tiered policy hierarchy

6.3.2.3 Level one: overarching risk strategies, policies and documents – risk and business segment agnostic. 6.2.2.3.1 Key criteria

6.3.2.3.2 Key risk type and business segment agnostic topics

6.3.2.4 Level two: risk-type-specific policies and procedures. 6.3.2.4.1 Key criteria

6.3.2.4.2 Risk-type-specific documents

6.3.2.5 Level three: customer-related and business-specific policies and procedures. 6.3.2.5.1 Key criteria

6.3.2.5.2 Customer-related and business-specific topics

6.3.2.6 Level four: policies and procedures in international locations

6.3.2.6.1 Scope of applicability: subsidiary companies and branch offices

6.3.2.6.2 Key criteria

Figure 2: Financial crime policy hierarchy (example for a corporate and retail bank)

6.4 Policy governance, repository and workflow tool

6.4.1 Approval of policies and procedures

6.4.1.1 Level one: board of directors

6.4.1.2 Level two: responsible board member

6.4.1.3 Level three: senior management on N-1 level

6.4.1.4 Level four: general manager or 2nd LoD N-1

6.4.2 Authorship, ownership, creation as well as update of policies and procedures

6.4.2.1 Document authorship

6.4.2.2 Document ownership

6.4.2.3 Document creation process

6.4.2.4 Stringent management of update process

6.4.2.4.1 Regular validation based on time intervals

6.4.2.4.2 Ad hoc updates

6.4.3 Policy repository, including workflow tool: centralised management of policies and procedures

6.4.3.1 Facilitation of access

6.4.3.2 Document lifecycle management

6.4.3.2.1 Regular validation of documents

6.4.3.2.2 Ad hoc updates

6.4.3.2.2.1 Changes in business and operating model

6.4.3.2.2.2 Changes in regulatory framework

6.4.3.3 Audit-proof change log

6.5 Conclusion

7 Top-Down Risk and Control Assessment: A Forward-Looking Approach to Evaluate Company-Wide Non-Financial Risk Exposure

7.1 Introduction

7.2 Top-down vs. bottom-up: different approaches based on desired outcomes

7.2.1 Approaches: risk-specific focus vs. overarching non-financial risk coverage

7.2.1.1 Bottom-up approach: risk-specific, granular focus

7.2.1.2 Top-down approach: overarching, holistic non-financial risk coverage

7.2.2 Potential outcomes: different scope of risk-coverage and level of granularity

7.3 Key success factors: maximising the effectiveness of top-down risk and control assessments

7.4 Regulatory framework, best practice and standard setter guidelines

7.4.1 COSO ERM framework

7.4.2 Bank for International Settlements

7.4.3 EBA and ECB

7.5 Methodology of top-down risk and control assessment: evaluation of inherent risk, control adequacy and residual risk

7.5.1 Non-financial risk taxonomy as a starting point

7.5.2 Measurement of inherent risk

7.5.2.1 Calculation of severity

7.5.2.1.1 Organisation-specific risk indicators

7.5.2.1.2 Industry adjustments

7.5.2.1.3 Weighting of risk indicators based on data source reliability

7.5.2.2 Calculation of likelihood

7.5.2.3 Inherent risk matrix

7.5.3 Measurement of internal control adequacy

7.5.3.1 Control indicators

7.5.3.2 Weighting of control indicators

7.5.3.3 Control rating

7.5.4 Determination of residual risk

7.6 Breakout: building an institution-wide internal control system

7.6.1 Introduction

7.6.2 Alternative path to building an internal control framework: top-down, risk-based approach

7.6.3 Five-step approach: building an internal control framework

7.6.3.1 Step 1: determination of NFR criticality

7.6.3.2 Step 2: mapping of key risks to process landscape

7.6.3.3 Step 3: definition of control objectives, key controls and control repository

7.6.3.4 Step 4: assessment of controls

7.6.3.5 Step 5: design NFR control report

7.7 Approach to handling residual risk

7.7.1 High residual risk: project and investment imperative to mitigating residual risk

7.7.2 Medium-high residual risk: action plan to reduce inherent risk exposure

7.7.3 Medium-low residual risk: continuous control testing and selected action requested

7.7.4 Low residual risk: periodic, risk-based controls

7.8 Integrated process to perform annual top-down risk and control assessment

7.8.1 Phase 1: pre-assessment by control functions

7.8.2 Phase 2: assessment by business senior management

7.8.3 Phase 3: validation and reporting

8 A Top-Down Approach to Non-Financial Risk Reporting: Collaboration Across Risk Types for Sustainable Risk Steering

8.1 Introduction: the imperative of top-down non-financial risk reporting

8.2 Regulatory framework in selected key markets

8.2.1 European Union

8.2.2 United States

8.2.3 Hong Kong

8.2.4 Singapore

8.3 Current state of non-financial risk reporting: formats with inconsistent scopes and methodologies

8.3.1 Operational risk reports

8.3.2 Additional 2nd LoD reports on specific non-financial risk types

8.3.3 Reports on internal control system

8.4 Key parameters of top-down non-financial risk reporting: methodology, required input and results

8.4.1 Identification and evaluation of key risk indicators

8.4.1.1 Determination of key risk indicators, thresholds and potential input sources

8.4.1.1.1 Step 1: understand risk factors

8.4.1.1.2 Step 2: identify key risk indicators

8.4.1.1.3 Step 3: derive institution-specific thresholds

8.4.1.2 Example KRIs: financial crime risk, outsourcing risk and human resources risk

8.4.1.2.1 Key risk indicators for financial crime risk

Table 1: Financial crime risk key risk indicators

8.4.1.2.2 Key risk indicators for outsourcing risk

Table 2: Outsourcing risk key risk indicators

8.4.1.2.3 Key risk indicators for human resources risk

Table 3: Human resources risk key risk indicators

8.4.1.3 Evaluation of key risk indicators

Figure 1: Evaluation of key risk indicators

8.4.2 Assessment of key controls as risk-mitigating measures

8.4.2.1 Step 1: capturing and allocation of controls

Table 4: Examples of key controls to mitigate financial crime risk

8.4.2.2 Step 2: assessment of controls

Figure 2: Control assessment on aggregated levels

8.4.3 Determination of residual risk and required risk-mitigating actions

Figure 3: Representation of residual risk levels

8.4.3.1 High level of residual risk

8.4.3.2 Medium level of residual risk

8.4.3.3 Low level of residual risk

8.5 Reporting process and governance

8.5.1 Governance arrangements

8.5.1.1 Board of directors

8.5.1.2 Chairman of the supervisory board

8.5.1.3 Central reporting unit

8.5.1.4 2nd LoD control functions

8.5.1.5 Operational risk department

8.5.2 Reporting process

8.6 Conclusion

9 Internal Investigations into Corporate Misconduct: Applying an Investigative Approach to Enable Proactive Risk Oversight

9.1 Introduction

9.2 Selected laws, regulations and standards

9.2.1 Supervisory sanction relief based on voluntary investigation and cooperation

9.2.1.1 Jurisdictions potentially reducing sanctions and enforcement actions due to effective investigation and cooperation

9.2.1.2 Jurisdictions not explicitly providing a bonus for self-disclosure and cooperation

9.2.1.3 Jurisdictions where investigations and cooperation do not change assessment of law enforcement

9.2.2 Statutory disclosure requirements

9.2.3 Investigation standards and requirements

9.3 Concept for proactive risk oversight using an investigative approach

9.3.1 Investigation process

9.3.1.1 Proactive risk management

9.3.1.2 Strategic and tactical investigations

9.3.1.3 Example: sanctions-driven investigations

9.3.2 Information sharing and global risk management

9.3.2.1 How to connect needles in the same haystack (in a financial institution)

9.3.2.2 How to connect needles in different haystacks (between different financial institutions)

9.4 Success factors and common pitfalls

10 Technical Application and Data Architecture for Non-Financial Risk Management

10.1 Introduction

10.1.1 A fragmented IT landscape

Figure 1: Illustrative decentralised NFR IT landscape

10.1.2 IT’s impact on data availability

10.1.3 Data availability across borders

10.1.4 Additional challenges associated with group companies

Figure 2: Typical data availability by NFR risk type

10.2 Regulatory requirements

10.3 Six challenges in NFR management and reporting

10.3.1 Challenge 1: the lack of a defined NFR-IT strategy

10.3.2 Challenge 2: responsibility for and execution of NFR reporting-related activities (operational unit vs. NFR management)

10.3.3 Challenge 3: consistency and transparency of IT architecture

10.3.4 Challenge 4: alignment of data architecture for transparency on data lineage

10.3.5 Challenge 5: implementing a solid IT target architecture

10.3.6 Challenge 6: cost-benefit considerations

10.4 A target IT architecture for NFR

Figure 3: An illustrative target architecture

10.4.1 The NFR architecture ecosystem

10.4.2 Dashboards and reporting

10.4.3 Other key enabling technologies

11 Data Governance in Non-Financial Risk Management

11.1 Introduction

11.2 Regulatory requirements

11.3 Data governance to support NFR management

Figure 1: Key building blocks of data governance

11.3.1 Data structures

11.3.2 Target operating model (TOM)

11.3.3 Data policies

11.3.4 Data tools

11.4 Scaling up state-of-the-art NFR data governance

Figure 2: Scaling up NFR data governance

11.4.1 Specific roles and responsibilities

Figure 3: High-level roles and responsibilities in data governance

11.4.2 Tool optimisation

11.5 Conclusion

12 Optimising Effectiveness and Efficiency: Deployment of Artificial Intelligence in Non-Financial Risk Management

12.1 Introduction

12.2 Financial sector digitisation: the front-to-back case for AI

12.2.1 Digital transformation of business and operating models

12.2.1.1 Changed customer expectations and behaviour

12.2.1.2 Increasing efficiency challenges

12.2.2 Impact of COVID-19

12.2.2.1 Accelerator of digitisation

12.2.2.2 Modified risk environment

12.3 Regulatory approach to artificial intelligence

12.3.1 Overview

12.3.1.1 European Union

12.3.1.1.1 European Commission

12.3.1.1.2 European Banking Authority

12.3.1.1.3 National financial supervisors

12.3.1.2 United States

12.3.1.3 Hong Kong

12.3.1.4 Singapore

12.3.2 Summary of key regulatory expectations

12.3.2.1 Governance

12.3.2.2 Design and development

12.3.2.3 Ongoing maintenance

12.4 Machine learning algorithms: Key learning modes and examples

Figure 1: Volume of data/information created, captured, copied and consumed worldwide from 2010 to 2025 (in zettabytes)[19]

12.4.1 Supervised learning

12.4.2 Unsupervised learning

12.4.3 Reinforcement learning

12.4.4 Deep learning

12.5 Deployment of AI in non-financial risk management

12.5.1 Financial crime prevention: biometric customer identification, dynamic CRR calculation and AI-based transaction screening

12.5.1.1 Know your customer: automated biometric identification of customers

12.5.1.2 Dynamic calculation of customer risk ratings: faster reaction to material changes in client risk profiles

12.5.1.2.1 Automatic data import into the CRR system

12.5.1.2.2 Dynamic recalculation of customer risk ratings

12.5.1.3 Negative news screening: AI-supported reduction of screening efforts

12.5.1.3.1 Matching of customer names to negative news

12.5.1.3.2 Contextual pre-evaluation of news articles

12.5.1.4 Sanctions name screening: AI-supported reduction of false positive alerts and pre-assessment of screening alerts

12.5.1.4.1 Reduction of false positive alerts via feedback loop

12.5.1.4.2 Pre-assessment of generated alerts and optimisation of manual alert reviews

12.5.1.5 Sanctions transaction screening

12.5.1.6 AML transaction monitoring: deploying artificial intelligence to manual investigations

12.5.2 Prevention of market abuse: AI-based detection of irregularities in securities trading

12.5.2.1 Behaviour-based tracking of trading portfolios: AI-based detection of irregular transactions

12.5.2.2 AI-based assessment of trader’s voice and email communication

12.5.3 Management of AI (model) risk: key discipline for data-driven financial institutions

12.5.4 AI4ESG: tech-driven sustainable finance

12.5.5 AI infrastructure for non-financial risk management

12.6 Conclusion

13 Core Elements of Conduct and Ethics in the Context. of Non-Financial Risk

13.1 Conduct risk: definitions, characteristics and regulatory landscape. 13.1.1 Conduct and compliance, ethics versus integrity. 13.1.1.1 Finding common ground: definition of key terms

13.1.1.2 Conduct-based versus integrity-based ethics

13.1.1.3 An integrative approach for synthesising conduct-/compliance-based and integrity-based ethics

Figure 1: Definitions of key terms[30]

13.1.2 What is meant when we talk about conduct risk? 13.1.2.1 No universal definition

13.1.2.2 Three key topics: market, client and employee conduct risk

13.1.3 Conduct risk in the NFR taxonomy

Figure 2: NFR taxonomy

13.2 Regulatory landscape

Figure 3: Timeline and trends in the conduct risk regulatory landscape

13.2.1 European perspective. 13.2.1.1 European/UK regulators

13.2.1.2 Other European countries

13.2.2 US perspective

13.2.3 Asia-Pacific perspective

13.3 Why conduct risk matters. 13.3.1 Increased regulatory scrutiny. 13.3.1.1 Focus on regulatory oversight

13.3.1.2 Frequency of regulatory actions

13.3.2 Supervisory and legal actions. 13.3.2.1 Actions against firms

13.3.2.2 Actions against individuals

14 Managing Conduct Risk: Framework and Perspectives

14.1 Trends and perspectives in respect of conduct risk in the regulatory context

14.1.1 Treating Customers Fairly (TCF)

Figure 1: TCF’s six consumer outcomes

14.1.2 Senior management regimes as emerging global trends in conduct risk

14.1.2.1 UK

14.1.2.2 Hong Kong and Singapore

14.1.2.3 Malaysia

14.1.2.4 Australia

14.2 Conduct Risk Management as integral part of ESG. 14.2.1 G like conduct

14.2.2 New legislative focus and recent regulatory developments

14.2.3 Activities at the EU level

14.2.4 Optimising ESG risk management

Figure 2: Five pillars in ESG risk management

14.3 Managing conduct risk. 14.3.1 The Conduct Risk House. Figure 3: Conduct Risk House

14.3.2 Building a Conduct Risk framework

15 Successful ESG Transition: Implications and Challenges for Effective Risk Management

15.1 Introduction

Figure 1: Example ESG factors for corporate sustainability topics, defined in line with global sustainability definitions

15.2 Regulatory frameworks in selected key jurisdictions. 15.2.1 General overview

15.2.2 European Union

15.2.2.1 Non-Financial Reporting Directive & Corporate Sustainability Reporting Directive

15.2.2.2 Sustainable finance taxonomy

Figure 2: Overview of taxonomy-related document interdependencies

15.2.2.3 EU Disclosure Regulation

15.2.2.4 EU Prudential Regulations

Figure 3: EBA infographic showing a summary of Pillar 3 ESG disclosures (EBA 2022)

15.2.3 United States

15.2.4 Hong Kong

15.2.5 Singapore

15.3 Sustainable finance: upcoming challenges for companies

15.4 Target picture: effective management of ESG risk

Figure 4: ESG Compliance Target Operating Model (TOM)

15.4.1 ESG strategy

15.4.2 Governance and organisation

15.4.3 ESG risk steering

Figure 5: ESG Compliance Target Operating Model: 3. ESG risk steering

15.4.4 Identification of enabling factors

15.4.5 ESG as an opportunity

15.5 Conclusion

Bibliography

Beitrag: 2 Definition of Non-Financial Risk in Financial Institutions. Figure 1: Development of non-financial risk

Beitrag: 2 Definition of Non-Financial Risk in Financial Institutions. Figure 2: Risk taxonomy in financial institutions

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 1: Three levels in risk appetite frameworks

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 2: Definition of thresholds for a Level 2 metric based on operational losses

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 3: Definition of thresholds for a Level 2 metric based on risk assessment

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 4: Aggregate Level 2 metric based on risk assessment results

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 5: Drivers for key risk indicators selection

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 8: Example of thresholds calibration applying a percentile-based approach

Beitrag: 3 Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks. Figure 9: Annual RAF cycle

Beitrag: 4 The Three Lines of Defence Model: Key Success Factors for Effective Risk Management. Figure 1: Overview key mandates 1st, 2nd and 3rd line of defence

Beitrag: 4 The Three Lines of Defence Model: Key Success Factors for Effective Risk Management. Figure 2: Key mandate 1st LoD risk-coordinating function

Beitrag: 5 Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and Integration in Complex Organisations. Figure 1: Major GFL components

Beitrag: 5 Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and Integration in Complex Organisations. Figure 2: Reporting lines under GFL

Beitrag: 5 Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and Integration in Complex Organisations. Figure 3: GFL meeting governance

Beitrag: 6 Policies and Procedures: Framework and Governance Requirements in the Financial Sector. Figure 1: Example for four-tiered policy hierarchy

Beitrag: 6 Policies and Procedures: Framework and Governance Requirements in the Financial Sector. Figure 2: Financial crime policy hierarchy (example for a corporate and retail bank)

Beitrag: 8 A Top-Down Approach to Non-Financial Risk Reporting: Collaboration Across Risk Types for Sustainable Risk Steering. Figure 1: Evaluation of key risk indicators

Beitrag: 8 A Top-Down Approach to Non-Financial Risk Reporting: Collaboration Across Risk Types for Sustainable Risk Steering. Figure 2: Control assessment on aggregated levels

Beitrag: 8 A Top-Down Approach to Non-Financial Risk Reporting: Collaboration Across Risk Types for Sustainable Risk Steering. Figure 3: Representation of residual risk levels

Beitrag: 10 Technical Application and Data Architecture for Non-Financial Risk Management. Figure 1: Illustrative decentralised NFR IT landscape

Beitrag: 10 Technical Application and Data Architecture for Non-Financial Risk Management. Figure 3: An illustrative target architecture

Beitrag: 11 Data Governance in Non-Financial Risk Management. Figure 1: Key building blocks of data governance

Beitrag: 11 Data Governance in Non-Financial Risk Management. Figure 2: Scaling up NFR data governance

Beitrag: 11 Data Governance in Non-Financial Risk Management. Figure 3: High-level roles and responsibilities in data governance

Beitrag: 12 Optimising Effectiveness and Efficiency: Deployment of Artificial Intelligence in Non-Financial Risk Management. Figure 1: Volume of data/information created, captured, copied and consumed worldwide from 2010 to 2025 (in zettabytes)

Beitrag: 13 Core Elements of Conduct and Ethics in the Context of Non-Financial Risk. Figure 1: Definitions of key terms

Beitrag: 13 Core Elements of Conduct and Ethics in the Context of Non-Financial Risk. Figure 2: NFR taxonomy

Beitrag: 13 Core Elements of Conduct and Ethics in the Context of Non-Financial Risk. Figure 3: Timeline and trends in the conduct risk regulatory landscape

Beitrag: 14 Managing Conduct Risk: Framework and Perspectives. Figure 1: TCF’s six consumer outcomes

Beitrag: 14 Managing Conduct Risk: Framework and Perspectives. Figure 2: Five pillars in ESG risk management

Beitrag: 14 Managing Conduct Risk: Framework and Perspectives. Figure 3: Conduct Risk House

Beitrag: 15 Successful ESG Transition: Implications and Challenges for Effective Risk Management. Figure 1: Example ESG factors for corporate sustainability topics, defined in line with global sustainability definitions

Beitrag: 15 Successful ESG Transition: Implications and Challenges for Effective Risk Management. Figure 2: Overview of taxonomy-related document interdependencies

Beitrag: 15 Successful ESG Transition: Implications and Challenges for Effective Risk Management. Figure 3: EBA infographic showing a summary of Pillar 3 ESG disclosures (EBA 2022)

Beitrag: 15 Successful ESG Transition: Implications and Challenges for Effective Risk Management. Figure 4: ESG Compliance Target Operating Model (TOM)

Beitrag: 15 Successful ESG Transition: Implications and Challenges for Effective Risk Management. Figure 5: ESG Compliance Target Operating Model: 3. ESG risk steering

Отрывок из книги

A Target Operating Model

for Compliance and ESG Risks

.....

Business execution risk (in more detail: execution, delivery and process management risk) is the risk of unexpected financial or reputational loss as the result of poor execution of regular business tasks.[102]

This includes any risk resulting from incorrect/incomplete information about financial reporting standards and timelines, receipt of data from sources and subsequent analysis as well as the financial closing process at the end of each reporting period.

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Non-financial Risk Management in the Financial Industry
Подняться наверх