Community
A Difficult Task, But a Necessary One
The Challenges of Gauging Effective Risk Appetite
Managing a bank’s risk appetite strategy is unique to each organization. Unlike some areas that are more clearly regulated — for example, FDIC-insured deposit accounts — the level of risk an institution is willing to incorporate into its overall management portfolio must be customized.
The crucial step in doing so is creating an accurate and durable Risk Appetite Statement, which is considered one of the most challenging aspects of risk management. It is a high-level document that outlines the broad parameters of risk levels that management finds acceptable.
The first task in defining risk appetite is choosing the basis on which to build enterprise risk management (ERM). This will be the basis for the institution processing and defining the balance between risk and profit goals. There are two organizations that have developed the most widely used benchmarks for assessing risk:
Some institutions choose to develop customized, in-house benchmarks. But a thorough understanding and inclusion of the risk factors contained in COSO and ISO 31000 should be part of any such internal standards. Given the complexity of both documents, research about hiring outside consultants to be part of developing the Risk Appetite Statement should also be part of the early decision-making process.
No matter the technical basis on which the Risk Appetite Statement is built, the real work is building consensus within the organization about risk management. It is not uncommon for early sessions with stakeholders to lay bare a wide divergence about both the level of risk that is considered appropriate and the nature of external risk factors at play.
Much of the work will be the give-and-take of melding those opinions into a strategic document that the organization can depend on in making decisions. In a nutshell, much of the syntheses will be based on agreeing on how to model “known unknowns,” an always challenging task. For example:
Once benchmarks have been chosen and models accepted by all parties, the process can continue. The institution’s desired level of risk appetite should be categorized into specific metrics — risk tolerances, which are more focused benchmarks for acceptable risk levels regarding specific objectives — and methodologies with which to monitor the risk taken on by the organization.
By establishing risk tolerances, the implementation of the Risk Appetite Statement can be managed with greater specificity and transparency. This, in turn, provides a more confident environment for achieving the institution’s overall strategic objectives.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Ben Parker CEO at eflow uk ltd
23 December
Pratheepan Raju Advisory Enterprise Architect at TCS
Kuldeep Shrimali Consulting Partner at Tata Consultancy Services
Jitender Balhara Manager at TCS
22 December
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.