Why people risk has become a top risk for most firms and how to respond
By Adrian Burbanks, Deputy General Manager, London Branch, Agriculture Bank of China
How can institutions work towards incorporating non-financial risk within their risk appetite framework?
There is no such thing as a non-financial risk – all events that involve failure of people, systems or processes can have profound financial implications. Indeed, in recent years operational risk incidents, including regulatory breaches, system failures and unauthorised trading activity have had far more severe financial impact on organizations than either credit or market risk events. I would go further to suggest that even credit or market risk losses in many instances have resulted from weaknesses in decision-making or control processes.
Most Risk Appetite Frameworks already incorporate a well-developed and tested definition of Credit and Market risk, including clear governance arrangements, acceptable parameters for risk taking, and defined tools for measuring and reporting risk. The same thinking should apply to liquidity risk, compliance risk, conduct risk and operational risks.
The key requirements for incorporating other risks into the overall risk appetite framework therefore begin with clear ownership at a senior management level, a well-defined governance framework including explicit statements of departmental and committee responsibilities, and transparent policies that include definitions and appropriate taxonomies. Organizations need to have documented risk acceptance criteria and tools that measure and track risk effectively.