Risk Management Framework
An effective risk management framework is an essential component of capital and liquidity management in any financial services business, and an essential safeguard in the second line of defence for any business.
Risk management is most effective when the essential components are aligned and supportive: the Risk Appetite is consistent with overall strategy, the EWRA/BWRA clearly indicates compliance with the Risk Appetite and areas for Board attention, the EWRA/BWRA is supported by detailed and consistent detailed assessments such as the RCSA.
We can help internal risk teams align these essential risk framework components and inject best practice thinking into risk function activities.
Enterprise or Business Wide Risk Assessment (EWRA/BWRA)
The EWRA/BWRA is the primary tool (together with related and aligned KRIs) for the Board and Executives of an organisation to monitor and manage overall business risk against the risk appetite.
It is important that the risk appetite and EWRA/BWRA structures and definitions are aligned (then ensure effective monitoring) and cover all risks, financial and non-financial. These are the most common areas that can be enhanced for better risk management and oversight.
Our team has experience of:
- EWRA/BWRA scope and definition
- Alignment of risk appetite and EWRA/BWRA
- Governance and process for monitoring (executive management) and oversight (Board and Board Risk Committee, NEDs) of EWRA/BWRA against risk appetite
- Governance and process for assessment and event driven / periodic update of EWRA/BWRA
The Risk Appetite Statement is a key governance document setting out the organisational risk appetite consistent with and supporting the overall strategy.
We can help:
- Assess the RAS for for alignment with strategy, suitability as both a Board / NED information source and executive risk function reference, and alignment with EWRA/BWRA
- Facilitate risk appetite setting discussions at Board and Executive Committee levels in line with strategy
- Assess risk appetite against peers based on our industry knowledge and experience
Financial Crime Customer Risk Assessment (CRA)
Financial crime legislation and regulation in the UK, EU and generally requires a risk-based response to financial crime risk, and for financial services business this necessitates performing a Customer Risk Assessment (e.g. in accordance with JMLSG and the FCA FCG in the UK).
We can assist with the development and enhancement of CRA policy and procedures as part of the overall customer lifecycle, including CRA models for various customer types including all relevant risk areas (customer risk, geography risk, product risk, transaction risk, channel risk).
Risk and Control Self Assessment (RCSA)
A robust Risk and Control Self Assessment key is a powerful component of the overall EWRA/BWRA, obtaining granular detail on inherent and residual risks, key controls, and potential risk management enhancements, from process and risk owners. It can also be a powerful tool for educating and informing the first line of defence teams about risk.