Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 89
Table 1: Examples of risk appetite statements for non-financial risks (focus: compliance risks)
Оглавление1 – Large international banking group “The Group is firmly committed to complying with all applicable sanctions regulations in every jurisdiction in which it operates; it may also decide to introduce further restrictions on business activities involving certain countries, organisations, persons, entities or goods, irrespective of whether they are the subject of a particular sanction imposed by a country or international organisation. The Group requires all employees to be vigilant in identifying any business activity that potentially involves a sanctioned country, organisation, person, entity or good.” 2 – Turkish commercial bank “The Bank’s Risk Committee is responsible for the board complying with formal regulatory rules and laws in order to avoid sanctions and legal fines. The members of the Risk Committee aim to collectively monitor and report compliance related sanctions and losses, and it takes corrective actions together with the regulatory and supervisory authorities.” 3 – Italian commercial bank “The Group considers compliance with the regulations and fairness in business to be fundamental to the conduct of banking operations, which by nature is founded on trust. The Group aims for formal and substantive compliance with rules in order to avoid penalties and maintain a solid relationship of trust with all of its stakeholders; in this regard, it aims to minimise the potential impact of negative events that jeopardise the Group’s economic stability and image.” 4 – Large international banking group “The Bank is committed to complying to all applicable regulation and legislation throughout its operations, and to cooperating with authorities in order to identify, prevent and eliminate activities, practices and behaviours leading to violations. The Bank continuously monitors its compliance performance and initiates remedial action as required according to the standards set on the country’s, the European and an international level.” |
Considering example 4, the statement can be translated into concrete guidelines on risk tolerance, since it conveys the message that escalation must be triggered whenever non-compliance to applicable regulatory requirements is detected. In turn, such a provision can be transformed into actionable indications concerning metrics to be measured and their according escalation paths. As an example, it can be defined that if a risk category reaches a high-risk level, it will be escalated to the board, while risk categories reaching a medium risk level will be escalated to the respective nominated person, such as the chief compliance officer (CCO) or the head of operational risk.
Similarly, the statement, “The Bank continuously monitors its compliance performance and initiates remedial actions as required” might entail that all risk categories with residual risk higher than ‘low’ will be subject to continuous monitoring and will be addressed by specific action plans, whose extent will vary depending on the severity of the residual risk observed.