Healthy risk appetite framework: Key considerations

Healthy risk appetite framework: Key considerations

By Nick Mayer, Director, Compliance and Operational Risk Control and Pam McDonagh, Global Head of Operational Risk Framework from UBS.

Pam, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I have spent most of my career in audit in various management roles. More recently I led UBS’ response to the FX matter and the associated remediation efforts. My current role is Head of Compliance and Operational Risk Frameworks and in this capacity, I am currently enhancing the firm’s Risk Assessment Process (RCSA) and Risk Appetite Framework and replacing the operational risk system with a Firm-wide eGRC solution.

Nick, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

The majority of my career to-date has been with a focus on OTC Derivative processing, documentation and execution in the context of evolving regulation in the industry. I am now focused on the Operational Risk Framework implementation at UBS and the provision of Conduct Risk MI for the firm.

At the Operational Risk Post-event Masterclass, you will be helping provide an overview of the best ingradients to meet the needs of a healthy risk Appetite Framework. Can you give an insights into the importance of a healthy risk appetite framework?

This is of central importance as all risk decisions made by management daily assume a level of “appetite” (whether we realise it or not). Therefore it is fundamental that we make sure everyone within the organization understands the level of risk the firm is willing to take. This needs to be clearly articulated in a risk appetite statement, supported by metrics that are visible across the organization.

Can you give an overview of the importance of effectively communicating the risk Appetite framework at a Board Level?

The criticality of this is that the board ultimately owns all risks and therefore members need to have clear visibility of where we are running an excessive level of risk. This needs to be articulated in clearly understandable language in a manner that enables them to focus and prioritise remediation to bring the firm back to appetite where necessary.

Without giving too much away, how should financial professionals be establishing appropriate governance structures for risk appetite framework oversight?

Key is a common language, taxonomy and framework that all divisions and locations use. This enables senior managers in each location, for each division and entity and at the group-level to be viewing risks in a similar way, using the same language.

Can you please give an example of a possible breach in risk appetite? And what advice can you give to Financial Institutions to ensure it is promptly actioned?

A change in regulatory expectations can lead to a deviation from appetite. Senior leadership ownership of the breach, together with board oversight is key to ensure remediation is promptly actioned. It also helps if there are clear deadlines articulated top-down (e.g. all breaches need to be remediated within x months) and progress monitored at the most senior levels. In certain circumstances, business limits and restrictions can be considered.

What, in your opinion does the future hold for operational risk professionals, and how can they keep up with the increasing change?

As with most areas I think there will be more industry-wide standardization. For example, there are already moves to agree an industry standard OR taxonomy. While ambitious, this will likely lead to more standard industry terminology, in turn enabling improved clarity and dialogue with regulators. I think discussions over the use of utilities for common activities (where there are no anti-competitive behavior issues) may increase.

If you did not pursue your current career path, what do you believe your alternative career path would have been?

Pam: Someone once told me I would make a great traffic warden! As I like to follow rules…….good “trait” for someone who works in Compliance and Operational Risk

Nick: A role in the media might have been interesting, especially with such fascinating recent times

What is your favourite thing to do to wind down after a long week?

Pam: After a long week, I put my feet up, watch friends with the kids and have a glass of wine!

Nick: Time with family, cinema & good food…

What came first, the chicken or the egg?

Pam: Order one of each from Amazon and see which arrives first!