Skip to main content

Risk Function Strategy Documents: How can they help demonstrate value?

Why should I create a Risk Function Strategy Document and how does it compare to a traditional Risk Strategy?

As Investment and Wealth Managers continue to face challenging market conditions leading to pressures on AUM and subsequently fees this has led to an inevitable pressure on firms to reduce their cost base.

Risk and Compliance Functions are not immune from this pressure and historically tend to be one of the early areas of focus for firms when looking to cut costs. At a time when business models are evolving, expanding the risk and regulatory perimeter within Investment and Wealth Managers, CROs are having to continuously evolve and support the delivery of the strategy whilst demonstrating their value to the business.

Whilst CROs and CCOs have traditionally focused on developing a risk strategy to support the delivery of the firms strategy, a Risk Function Strategy document can be an additional helpful tool in helping CRO’s and CCOs to combat these conflicting (cost pressures vs. evolving regulatory and risk perimeter) priorities and demonstrate their value through repositioning their functions as the “key function in enabling the delivery of the business’ strategy in a manner that doesn’t expose it to unidentified or unquantified risk.”

What does a Risk Function Strategy Document achieve?

The image below sets some of the success measures for a risk strategy document:

How to Structure a Risk Function Strategy Document?

When considering creating a Risk Function Strategy Document there are a number of components that should be considered, building on the content of a traditional Risk Strategy:


What should be included

Firm Strategy and Associated Risks

This section of the document will cover the firm's strategy and what risks this drives and will focus on:

  • Which aspects of the strategy materially change the risk profile
  • Of these risks which are existing risks within the universe and which ones are emerging because of the strategy

Risk Orientation

This section will cover how the firm will approach the management of the risks identified in the Firm Strategy section as well as the evolving regulatory agenda (see below) and should cover:

  • Updates to Risk Appetite and associated thresholds because of the new strategy
  • Changes to Risk Universe because of the strategy e.g. Taxonomy and Inherent Risk Profile

Risk Operating Model

This section will set out any changes to the Risk Target Operating model in line with the Risk Orientation, including:

  • Alignment to new value centres/business functions
  • Additional specialist resources required to meet the emerging risk profile because of the strategy
  • Proposed 3rd party support

Risk Function Strategy (and activities)

This section will set out the how the Risk Function supports the firm’s Risk Strategy, its short- and medium-term objectives and how it will evolve to continually add value to the business.

It can include assurance, monitoring and thematic work to be undertaken by the risk management team in support of the strategy, the sections will be:

  • Compliance Monitoring Programme
  • Risk Assurance activities
  • Thematic Deep Dive activities
  • Alignment to key change and strategic initiatives

Objectives and activities supported by Key Performance metrics to track and demonstrate value delivered

Appendix: Regulatory Horizon Scanning

This section will set out the upcoming regulatory horizon for senior management and those areas of regulation that could impact significantly on the strategy it should include:

  • Upcoming regulatory change with impact scores
  • Regulatory engagement plans

How often should I review my Risk Function Strategy and who should input into it?

CRO’s and CCO’s should review their Risk Function Strategy, as a component part of the firm’s Risk Strategy document on an annual basis to ensure that it remains aligned to the overall firm’s strategy, reflecting any updates in strategy, any external emerging risks that require focus and any internal operating model changes that require an update to the strategy.

Once the strategy is defined CROs and CCOs should ensure they engage with the appropriate stakeholders to get buy in both from a governance perspective and senior management perspective, most notably the Risk Committee Chair, CRO and associated C-Suite members.

How can Deloitte help you in formulating the Risk Strategy and the associated functional strategy?

Our Investment Management & Wealth Risk Advisory team have large in-depth experience in helping CRO’s and CCO’s to deliver a Risk Function Strategy, with the help of our accelerator template we are able to support the development of a Risk Strategy and the associated functional strategy or challenge the approach of a Risk Strategy against our maturity assessment framework.

If you would like support in this regard, please reach out to the authors of this blog.