eBook - ePub
Non-financial Risk Management in the Financial Industry
A Target Operating Model for Compliance and ESG Risks
Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra
This is a test
Partager le livre
- 374 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Non-financial Risk Management in the Financial Industry
A Target Operating Model for Compliance and ESG Risks
Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Managing environment, social and governance (ESG) risk, compliance risk and non-financial risk (NFR) has become increasingly critical for businesses in the financial services industry. Furthermore, expectations by regulators are ever more demanding, while monetary sanctions are being scaled up. Accordingly, ESG, Compliance and NFR risk management requires sophistication in various aspects of a risk management system.This handbook analyses a major success factor necessary for meeting the requirements of modern risk management: an institution-specific target operating model (TOM) â integrating strategy, governance & organisation, risk management, data architecture and cultural elements to ensure maximum effectiveness. Also, institutions need to master the digital transformation for their business model to be sufficiently sustainable for the years to come. This book will offer ways on how to achieve just that.The book has been written by senior ESG, Compliance and NFR experts from key markets in Europe, the U.S. and Asia. It gives practitioners the necessary guidance to master the challenges in today's global risk environment. Each chapter covers key regulatory requirements, major implementation challenges as well as both practical solutions and examples.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Non-financial Risk Management in the Financial Industry est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Non-financial Risk Management in the Financial Industry par Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra, Norbert Gittfried, Georg Lienke, Florian Seiferlein, Jannik Leiendecker, Bernhard Gehra en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Business et Servizi finanziari. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
1 Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG
Prof. Dr. Douglas Arner, Dr. Bernhard Gehra, Jannik Leiendecker, Dr. Georg Lienke
Historically, financial institutions have focused many of their risk management efforts on financial exposures directly attributed to core business activities. However, in recent times, non-financial risk (NFR) management with an emphasis on compliance and environment, social and governance (ESG) risks has moved up the policy and executive agendas, amid new regulations, a range of compliance issues (some leading to significant fines) and an increasing pressure to act as change agents in the transition towards a decarbonised economy. A robust NFR framework is indispensable in case of crises, so that necessary quick and effective reaction measures can be taken. This became unmistakably clear in the conflict between Russia and the Ukraine, with unprecedented sanctions being imposed on Russia that heavily affect the global financial industry and non-financial sectors.
This handbook analyses the major success factors for meeting the requirements of modern non-financial risk management: an institution-specific target operating model (TOM) integrating all critical components â strategy, governance, risk management, information technology and data architecture including digitisation and artificial intelligence as well as ethics. The handbook has been written by senior NFR, compliance and ESG experts from key markets in Europe, the US and Asia, and it gives practitioners the necessary guidance to master the key challenges in todayâs global risk environment. Each chapter includes key regulatory requirements, major implementation challenges, practical solutions and industry examples.
1.1 New risks and challenges
Institutions face non-financial risks across a range of activities: from onboarding clients to running IT systems and carrying out daily operations. Amid a continuous flow of new risks, failures in these areas can have significant economic and reputational consequences, both for the institutions as well as their executives. Globally, compliance issues led to 394 billion in fines during the years 2011 to 2020, including 50 billion in 2018, 2019 and 2020 alone.[1] In response, financial institutions have dramatically enhanced their oversight capabilities, leading to a proliferation of risk managers, internal auditors, control specialists and compliance officers, each with their own unique backgrounds, perspectives and skill sets.
These teams of experts have tended to focus on specific areas, leading to the evolution of siloed and fragmented processes, the disjointed nature of which has itself become an operational risk. A lack of coordination has created gaps, overlaps and mismatches in the three lines of defence (3LoD) framework at most institutions. Risk functions today often produce different risk reports that apply different methodologies to analyse and quantify risk, making it difficult for executives to put risk categories into proportion and arrive at accurate implications for overall risk management. This comes on top of existing complexity: global financial organisations need to orchestrate separate product divisions, infrastructure functions (including risk management) and geographical regions, representing a range of legal entities in local jurisdictions as well as regulators and regulatory systems and requirements in multiple jurisdictions. At the same time, they need to weave in effective and efficient measures to manage non-financial risks. The challenges are significant, suggesting that a holistic, structured approach is critical.
1.2 A forward-looking solution for non-financial risk management in the financial industry
To continue to thrive in an increasingly challenging risk environment, financial institutions need to develop a sophisticated approach to non-financial risk management. This can be done by establishing an institution-specific non-financial risk TOM, which will subsequently allow for a proper definition of risks, creating an integrated view of the 3LoD and building an effective internal control system â informing a sensible executive decision-making that can prevent inevitable risks getting out of control.
This handbook outlines the key ingredients of a non-financial risk TOM for financial institutions. The book sections follow a consistent structure: chapters start with an individual introduction to the topic at hand, followed by a summary of key regulatory expectations across the EU, the US and Asia. Each chapter assesses operational challenges and complexities, and it delivers approaches to define solutions based on industry success factors. Chapters are augmented by practical, hands-on examples from seasoned practitioners. They conclude with the summaries of key takeaways.
1.3 Defining and aligning non-financial risk categories
Risks are inherent to every business model, so that a zero-risk tolerance approach is in fact counter-intuitive. Historically, financial institutions have focused their attention on financial risks, including credit risk, market risk, liquidity risk and funding risks, aggregating the remainder under a category most often labelled as operational risk. Recently, non-financial risks have evolved as an independent category for risk management, allowing for a more tailored approach to management of individual non-financial risks. Chapter 2 provides a general definition of non-financial risk, delineates non-financial risk from financial risk, and provides definitions for categories and types of non-financial risk for financial institutions.
1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking
Following the definition of non-financial risk, chapter 3 provides a holistic approach to defining a non-financial risk appetite framework for financial institutions across three levels. This includes qualitative risk appetite statements for individual non-financial risk categories, outlining the level and types of risk that the financial institution is willing to take on in order to achieve its strategic objectives and business plan (level 1). Qualitative risk appetite statements are broken down into risk appetite metrics and corresponding thresholds, enabling institutions to set quantifiable tolerance levels for non-financial risk and underlying operational activities (level 2). Level 3 cascades the risk appetite framework to business lines and entity levels via pre-defined key risk indicators, facilitating the early detection of potential deviations from risk appetite objectives and potentially triggering timely interventions. The chapter also draws an outline of the corresponding governance that is required to operate a risk appetite framework.
1.5 Building key governance and organisational pillars for non-financial risk management
Three chapters outline the governance and organisational structures required for sustainable non-financial risk management, standing on three major pillars. The three lines of defence (LoD) model (chapter 4) defines the roles and responsibilities of the first LoD (front, middle and back office), the second LoD (risk control functions) and the third LoD (internal audit). The chapter focuses on the independence of second-LoD control functions and describes the concept of risk coordinating functions in the first LoD as a regulatory competence centre, coordination unit and interface to the second LoD.
âGlobal functional leadâ (chapter 5) stands for a combination of strategic, governance and risk management elements defined by an institution that aim to enable a consistent execution of risk management activities across complex organisations. It comprises the central setting of global risk management standards by horizontal risk management functions and their execution by vertical product- or region-focused functions, with direct or indirect reporting lines into horizontal functions. A policy and procedure framework (chapter 6) intends to ensure that standards are met in the execution of an institutionâs business and operational activities. It builds a structural policy hierarchy, allocating the financial institutionâs documents including board directives, policies and procedures to different hierarchical levels. It structures them by risk types, business segments and relevant geographies.
1.6 Generating excellence in the non-financial risk management lifecycle
Three chapters describe the most essential components of a financial institutionâs non-financial risk management lifecycle.
Sophisticated institutions apply a top-down approach to non-financial risk assessment, using risk-type agnostic criteria to evaluate their exposure to non-financial risks and derive the proper implications for bank-wide risk management. Chapter 7 elaborates on the methodology for a top-down non-financial risk assessment.
A key element of effective risk mitigation is the underlying internal control framework. Controls can take a variety of forms, ranging from automated/manual process controls to the conduct of training sessions and the definition of internal policies and requirements. A comprehensive internal control framework needs to combine a top-down approach (focusing on controls addressing the most relevant risk types) with a bottom-up approach (whereby individual risks and controls are identified based on a detailed review of the underlying processes). Chapter 7 comprises a deep dive on the top-down approach for the creation of an internal control framework.
Financial institutions are confronted with non-financial risks that are increasing both in number and severity, and they face non-financial risk exposure in almost every area of activity. In many institutions, this has resulted in a heterogenous reporting landscape for non-financial risks, with a variety of bottom-up, risk-specific reports from different functions and often diverging criteria for the measurement of risk. Hence, financial institutions are in an ever-stronger need of an overall non-financial risk reporting approach, spanning across risk types and consolidating the measurement of risk and the adequacy assessment of risk-mitigating controls. Only such a top-down report can give executive management the fact base and insights necessary to steer an institution effectively. Chapter 8 describes an approach to risk-agnostic non-financial risk reporting.
Chapter 9 is a deep dive into investigation capabilities, combined with root cause analysis. Alongside the on-going harmonisation of European corporate law, individual jurisdictions are increasingly requesting the strengthening of investigative capabilities to better understand root causes of corporate misconduct. This includes the establishment of risk oversight and reporting capabilities, the establishment of a dedicated organisational unit as well as of processes and methods, alongside communication with stakeholders. Particular emphasis is put on the root cause analysis to determine the underlying reasons for misconduct. These insights are then used to identify corresponding lessons learned.
1.7 Using data, IT and artificial intelligence
Today, excellent non-financial risk management is heavily supported by an adequate data and IT architecture. Chapter 10 starts with an outline of the associated challenges, ranging from heterogeneous (and partially unavailable) non-financial risk data and fragmented responsibilities to partially-integrated IT applications. These challenges can be addressed by defining a comprehensive strategy, creating full transparency of the IT architecture and aligning with the required data architecture. This can subsequently be translated into a short- and long-term roadmap towards a more public cloud-based or on-premises data platform.
Chapter 11 describes the data governance required to facilitate an effective NFR management. Historically, data governance has focused on âfinancial riskâ thereby often leaving non-financial risk aside. Yet, an effective non-financial risk data governance system can be established by leveraging existing data governance frameworks. This will entail a clear assignment of roles and responsibilities (including non-financial risk data officers, data owners, stewards and custodians), implementing concrete use cases, scaling-up as well as defining a comprehensive data catalogue and supporting technologies. The resulting data governance should subsequently be integrated into existing governance structures on both entity and group levels.
Accelerated by COVID-19, the financial sector is experiencing a substantial digital transformation of business and operating models, mainly to cater for changing customer expectations and behaviour and to optimise the efficiency of financial operations. Digitisation multiplies the volume of available data and opens opportunities for the use of artificial intelligence (AI) and other forms of sophisticated analytics in non-financial risk management. Concurrently, regulatory expectations on the financial sectorâs uses of AI are increasingly demanding and must be managed to withstand regulatory scrutiny. Chapter 12 examines how AI can help improve non-financial risk management and contains two use cases for AI usage: financial crime prevention and the prevention of market abuse.
1.8 Putting conduct and ethics at the centre of sustainable non-financial risk management
Recent scandals in the corporate world have demonstrated that a lack of ethical values is often at the root of corporate misconduct. Hence, the role of conduct and ethics cannot be emphasised enough.
Chapter 13 describes the subtle interplay between ethics, conduct and integrity in the context of the financial industry, and it outlines the implications for managers who must learn to navigate todayâs complex regulatory landscape. Most business ethicists agree that, in general, financial institutionsâ ethical taxonomies could be divided into two categories: conduct/compliance-based ethics and integrity-based ethics. While the former constitute principles and codes born from government regulations, the latter are based on the establishment of core principles to which all empl...