Non-Financial Risk Management Framework

Since the financial crisis commenced in 2008, banks have spent considerable time and resources implementing stronger risk management frameworks and controls, such as COSO’s Three Lines of defence (“3LOD”) model.

Those efforts covered, mostly, well-established BCBS risks.

In recent years, however, most losses occurred in risk spaces that were either not fully identified or not backed up by corresponding models and capital.

As a result there are strong indications that these, apparent, Non Financial Risk related (NFR) blind spots will soon start showing up on the regulatory / supervisory agenda. The new agenda is expected to address NFR categories such Conduct Risk, Reputation Risk, Compliance Risk (incl. Financial Crime Risk and Legal Risk) and Integrity Risk.

The expectation is that the requirements will go beyond than just creating new policies or implementing structural tweaks and quick fixes to avoid additional fines or penalties. Personal liability to senior management (similar to the UK’s Senior Manager Regime) for corporate incidents may also play an ever bigger role.

Without improved capabilities, institutions might be able to remain compliant, but the costs of compliance may eventually increase unnecessarily. The balance between regulatory needs and associated costs has to be found.

Should NFR’s profile be elevated on the regulatory and supervisory agenda, banks will require more integrated capabilities (e.g. common taxonomy, language, division of responsibilities). It will be complex and costly for financial institutions to provide evidence of their full and appropriate organizational understanding of risk and its management.

Our White Paper provides further details about the nascent NFR discipline focusing on the need for both NFR-methodology and NFR-risk taxonomy.