Non-financial Risk Management in the Financial Industry
eBook - ePub

Non-financial Risk Management in the Financial Industry

A Target Operating Model for Compliance and ESG Risks

Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra

Share book
  1. 374 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Non-financial Risk Management in the Financial Industry

A Target Operating Model for Compliance and ESG Risks

Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra

Book details
Book preview
Table of contents
Citations

About This Book

Managing environment, social and governance (ESG) risk, compliance risk and non-financial risk (NFR) has become increasingly critical for businesses in the financial services industry. Furthermore, expectations by regulators are ever more demanding, while monetary sanctions are being scaled up. Accordingly, ESG, Compliance and NFR risk management requires sophistication in various aspects of a risk management system.This handbook analyses a major success factor necessary for meeting the requirements of modern risk management: an institution-specific target operating model (TOM) – integrating strategy, governance & organisation, risk management, data architecture and cultural elements to ensure maximum effectiveness. Also, institutions need to master the digital transformation for their business model to be sufficiently sustainable for the years to come. This book will offer ways on how to achieve just that.The book has been written by senior ESG, Compliance and NFR experts from key markets in Europe, the U.S. and Asia. It gives practitioners the necessary guidance to master the challenges in today's global risk environment. Each chapter covers key regulatory requirements, major implementation challenges as well as both practical solutions and examples.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Non-financial Risk Management in the Financial Industry an online PDF/ePUB?
Yes, you can access Non-financial Risk Management in the Financial Industry by Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra in PDF and/or ePUB format, as well as other popular books in Betriebswirtschaft & Finanzdienstleistungen. We have over one million books available in our catalogue for you to explore.

Information

Year
2022
ISBN
9783956471896
Ebene1 titel="1  Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG"

1 Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG

Prof. Dr. Douglas Arner, Dr. Bernhard Gehra, Jannik Leiendecker, Dr. Georg Lienke
Historically, financial institutions have focused many of their risk management efforts on financial exposures directly attributed to core business activities. However, in recent times, non-financial risk (NFR) management with an emphasis on compliance and environment, social and governance (ESG) risks has moved up the policy and executive agendas, amid new regulations, a range of compliance issues (some leading to significant fines) and an increasing pressure to act as change agents in the transition towards a decarbonised economy. A robust NFR framework is indispensable in case of crises, so that necessary quick and effective reaction measures can be taken. This became unmistakably clear in the conflict between Russia and the Ukraine, with unprecedented sanctions being imposed on Russia that heavily affect the global financial industry and non-financial sectors.
This handbook analyses the major success factors for meeting the requirements of modern non-financial risk management: an institution-specific target operating model (TOM) integrating all critical components – strategy, governance, risk management, information technology and data architecture including digitisation and artificial intelligence as well as ethics. The handbook has been written by senior NFR, compliance and ESG experts from key markets in Europe, the US and Asia, and it gives practitioners the necessary guidance to master the key challenges in today’s global risk environment. Each chapter includes key regulatory requirements, major implementation challenges, practical solutions and industry examples.

1.1 New risks and challenges

Institutions face non-financial risks across a range of activities: from onboarding clients to running IT systems and carrying out daily operations. Amid a continuous flow of new risks, failures in these areas can have significant economic and reputational consequences, both for the institutions as well as their executives. Globally, compliance issues led to 394 billion in fines during the years 2011 to 2020, including 50 billion in 2018, 2019 and 2020 alone.[1] In response, financial institutions have dramatically enhanced their oversight capabilities, leading to a proliferation of risk managers, internal auditors, control specialists and compliance officers, each with their own unique backgrounds, perspectives and skill sets.
These teams of experts have tended to focus on specific areas, leading to the evolution of siloed and fragmented processes, the disjointed nature of which has itself become an operational risk. A lack of coordination has created gaps, overlaps and mismatches in the three lines of defence (3LoD) framework at most institutions. Risk functions today often produce different risk reports that apply different methodologies to analyse and quantify risk, making it difficult for executives to put risk categories into proportion and arrive at accurate implications for overall risk management. This comes on top of existing complexity: global financial organisations need to orchestrate separate product divisions, infrastructure functions (including risk management) and geographical regions, representing a range of legal entities in local jurisdictions as well as regulators and regulatory systems and requirements in multiple jurisdictions. At the same time, they need to weave in effective and efficient measures to manage non-financial risks. The challenges are significant, suggesting that a holistic, structured approach is critical.

1.2 A forward-looking solution for non-financial risk management in the financial industry

To continue to thrive in an increasingly challenging risk environment, financial institutions need to develop a sophisticated approach to non-financial risk management. This can be done by establishing an institution-specific non-financial risk TOM, which will subsequently allow for a proper definition of risks, creating an integrated view of the 3LoD and building an effective internal control system – informing a sensible executive decision-making that can prevent inevitable risks getting out of control.
This handbook outlines the key ingredients of a non-financial risk TOM for financial institutions. The book sections follow a consistent structure: chapters start with an individual introduction to the topic at hand, followed by a summary of key regulatory expectations across the EU, the US and Asia. Each chapter assesses operational challenges and complexities, and it delivers approaches to define solutions based on industry success factors. Chapters are augmented by practical, hands-on examples from seasoned practitioners. They conclude with the summaries of key takeaways.

1.3 Defining and aligning non-financial risk categories

Risks are inherent to every business model, so that a zero-risk tolerance approach is in fact counter-intuitive. Historically, financial institutions have focused their attention on financial risks, including credit risk, market risk, liquidity risk and funding risks, aggregating the remainder under a category most often labelled as operational risk. Recently, non-financial risks have evolved as an independent category for risk management, allowing for a more tailored approach to management of individual non-financial risks. Chapter 2 provides a general definition of non-financial risk, delineates non-financial risk from financial risk, and provides definitions for categories and types of non-financial risk for financial institutions.

1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking

Following the definition of non-financial risk, chapter 3 provides a holistic approach to defining a non-financial risk appetite framework for financial institutions across three levels. This includes qualitative risk appetite statements for individual non-financial risk categories, outlining the level and types of risk that the financial institution is willing to take on in order to achieve its strategic objectives and business plan (level 1). Qualitative risk appetite statements are broken down into risk appetite metrics and corresponding thresholds, enabling institutions to set quantifiable tolerance levels for non-financial risk and underlying operational activities (level 2). Level 3 cascades the risk appetite framework to business lines and entity levels via pre-defined key risk indicators, facilitating the early detection of potential deviations from risk appetite objectives and potentially triggering timely interventions. The chapter also draws an outline of the corresponding governance that is required to operate a risk appetite framework.

1.5 Building key governance and organisational pillars for non-financial risk management

Three chapters outline the governance and organisational structures required for sustainable non-financial risk management, standing on three major pillars. The three lines of defence (LoD) model (chapter 4) defines the roles and responsibilities of the first LoD (front, middle and back office), the second LoD (risk control functions) and the third LoD (internal audit). The chapter focuses on the independence of second-LoD control functions and describes the concept of risk coordinating functions in the first LoD as a regulatory competence centre, coordination unit and interface to the second LoD.
‘Global functional lead’ (chapter 5) stands for a combination of strategic, governance and risk management elements defined by an institution that aim to enable a consistent execution of risk management activities across complex organisations. It comprises the central setting of global risk management standards by horizontal risk management functions and their execution by vertical product- or region-focused functions, with direct or indirect reporting lines into horizontal functions. A policy and procedure framework (chapter 6) intends to ensure that standards are met in the execution of an institution’s business and operational activities. It builds a structural policy hierarchy, allocating the financial institution’s documents including board directives, policies and procedures to different hierarchical levels. It structures them by risk types, business segments and relevant geographies.

1.6 Generating excellence in the non-financial risk management lifecycle

Three chapters describe the most essential components of a financial institution’s non-financial risk management lifecycle.
Sophisticated institutions apply a top-down approach to non-financial risk assessment, using risk-type agnostic criteria to evaluate their exposure to non-financial risks and derive the proper implications for bank-wide risk management. Chapter 7 elaborates on the methodology for a top-down non-financial risk assessment.
A key element of effective risk mitigation is the underlying internal control framework. Controls can take a variety of forms, ranging from automated/manual process controls to the conduct of training sessions and the definition of internal policies and requirements. A comprehensive internal control framework needs to combine a top-down approach (focusing on controls addressing the most relevant risk types) with a bottom-up approach (whereby individual risks and controls are identified based on a detailed review of the underlying processes). Chapter 7 comprises a deep dive on the top-down approach for the creation of an internal control framework.
Financial institutions are confronted with non-financial risks that are increasing both in number and severity, and they face non-financial risk exposure in almost every area of activity. In many institutions, this has resulted in a heterogenous reporting landscape for non-financial risks, with a variety of bottom-up, risk-specific reports from different functions and often diverging criteria for the measurement of risk. Hence, financial institutions are in an ever-stronger need of an overall non-financial risk reporting approach, spanning across risk types and consolidating the measurement of risk and the adequacy assessment of risk-mitigating controls. Only such a top-down report can give executive management the fact base and insights necessary to steer an institution effectively. Chapter 8 describes an approach to risk-agnostic non-financial risk reporting.
Chapter 9 is a deep dive into investigation capabilities, combined with root cause analysis. Alongside the on-going harmonisation of European corporate law, individual jurisdictions are increasingly requesting the strengthening of investigative capabilities to better understand root causes of corporate misconduct. This includes the establishment of risk oversight and reporting capabilities, the establishment of a dedicated organisational unit as well as of processes and methods, alongside communication with stakeholders. Particular emphasis is put on the root cause analysis to determine the underlying reasons for misconduct. These insights are then used to identify corresponding lessons learned.

1.7 Using data, IT and artificial intelligence

Today, excellent non-financial risk management is heavily supported by an adequate data and IT architecture. Chapter 10 starts with an outline of the associated challenges, ranging from heterogeneous (and partially unavailable) non-financial risk data and fragmented responsibilities to partially-integrated IT applications. These challenges can be addressed by defining a comprehensive strategy, creating full transparency of the IT architecture and aligning with the required data architecture. This can subsequently be translated into a short- and long-term roadmap towards a more public cloud-based or on-premises data platform.
Chapter 11 describes the data governance required to facilitate an effective NFR management. Historically, data governance has focused on “financial risk” thereby often leaving non-financial risk aside. Yet, an effective non-financial risk data governance system can be established by leveraging existing data governance frameworks. This will entail a clear assignment of roles and responsibilities (including non-financial risk data officers, data owners, stewards and custodians), implementing concrete use cases, scaling-up as well as defining a comprehensive data catalogue and supporting technologies. The resulting data governance should subsequently be integrated into existing governance structures on both entity and group levels.
Accelerated by COVID-19, the financial sector is experiencing a substantial digital transformation of business and operating models, mainly to cater for changing customer expectations and behaviour and to optimise the efficiency of financial operations. Digitisation multiplies the volume of available data and opens opportunities for the use of artificial intelligence (AI) and other forms of sophisticated analytics in non-financial risk management. Concurrently, regulatory expectations on the financial sector’s uses of AI are increasingly demanding and must be managed to withstand regulatory scrutiny. Chapter 12 examines how AI can help improve non-financial risk management and contains two use cases for AI usage: financial crime prevention and the prevention of market abuse.

1.8 Putting conduct and ethics at the centre of sustainable non-financial risk management

Recent scandals in the corporate world have demonstrated that a lack of ethical values is often at the root of corporate misconduct. Hence, the role of conduct and ethics cannot be emphasised enough.
Chapter 13 describes the subtle interplay between ethics, conduct and integrity in the context of the financial industry, and it outlines the implications for managers who must learn to navigate today’s complex regulatory landscape. Most business ethicists agree that, in general, financial institutions’ ethical taxonomies could be divided into two categories: conduct/compliance-based ethics and integrity-based ethics. While the former constitute principles and codes born from government regulations, the latter are based on the establishment of core principles to which all empl...

Table of contents