Risk appetite frameworks
The regulatory landscape for organisations – be it speeches, working papers and draft or final regulation – is full of references to risk appetite, its benefits, uses, applications and case studies of failed organisations whose weak risk appetite frameworks played a part in their downfall.
When organisations are criticised for shortcomings in their risk governance and management, an appetite framework is commonly prescribed as a cure by regulators. And yet, there remains a surprising variety of opinion about what it actually means to establish and embed a proper risk appetite framework.
While the concepts and themes discussed in this paper will be of interest to all financial institutions, this paper is particularly focused on the banking sector. Our goals in this paper are five-fold:
- To summarise the arguments in favour of risk appetite frameworks
- To highlight the emerging consensus on the core concepts of risk appetite between regulators and organisations
- To illustrate what we think ‘good’ looks like for a risk appetite framework
- To suggest ways to spot a ‘genuine’ risk appetite framework, by giving examples of the sorts of hard headed questions we would expect regulators
- To suggest what risk appetite might look like in three to five years’ time, based on the trajectory of regulation and trends.