What Are Risk Appetite Measures?
Risk appetite metrics facilitate the evaluation of a firm’s risk position compared to its attitude for risk. Typically, firms categorise these metrics into three tiers within the risk appetite hierarchy: Board, Executive, and MLRO (local) levels. Benchmarks are established for each metric. Monthly oversight of the firm’s performance of these metrics and benchmarks takes place at the appropriate level of the governance structure as stipulated by its hierarchy level.
Why Are Risk Appetite Measures Important?
Risk appetite measures are important because they provide a framework for guiding and managing the level of risk the firm is willing to take on in pursuit of its strategic objectives. These measures help ensure that the firm’s risk exposure remains within acceptable limits. Risk appetite measures supports the firm with:
- Strategic Alignment – Risk appetite measures provide a clear understanding of the types and levels of risk that are considered acceptable in the pursuit of these objectives. This alignment ensures that risk management efforts are in line with the firm’s overarching goals.
- Risk Management - Firms operate in complex and dynamic environments where risks are inherent. By defining risk appetite measures, firms can establish a systematic and structured approach to identifying, assessing, and mitigating risks.
- Governance and Accountability - Risk appetite measures establish a framework for accountability within the firm. Decision-makers, executives, and employees can be held responsible for adhering to these measures. This promotes better risk awareness, more informed decision-making, and a culture of responsible risk management.
- Regulatory Compliance – Financial Institutions are subject to regulatory requirements that mandate firms to have effective risk management practices. Defining risk appetite measures helps firms demonstrate their commitment to compliance and responsible risk management.
- Stakeholder Confidence - Investors, shareholders, customers, and other stakeholders expect firms to have a clear understanding of the risks they are exposed to and how they are managed. Transparent communication about risk appetite measures enhances stakeholder confidence and trust in the firm’s ability to navigate uncertainties.
- Informed Decision-Making - When everyone within the firm is aware of the established risk appetite measures, they can make more informed decisions. This ensures that individuals at all levels of the firm consider risk factors before embarking on new projects, investments, or initiatives.
Principles For Creating Risk Appetite Metrics
Designing effective risk appetite measures involves careful consideration and a systematic approach. Beyond MI typically recommend the following when devising risk appetite metrics:
- Metrics must reflect the key risks identified by the firm, including business and strategic risks.
- Metrics must be measurable, clear, understandable and actionable.
- There is a mix of lead, current, and lag indicators maintained.
- Lead indicators anticipate trends and signal potential risks that might arise in the future. They empower management to take action before risks materialise.
- Current indicators display the firm’s present risk exposure levels.
- Lag indicators analyse historical data to pinpoint shifts in risk patterns and trends. Monitoring trends helps identify areas requiring action to avert breaches of the firm’s risk appetite.
- The interconnections between metrics should be acknowledged and comprehended. For instance, the correlation between risk and reward, or how metrics flow through the risk appetite hierarchy.
Board Risk Appetite Metrics
Board risk appetite measures play a critical role in enhancing the Board’s oversight of risk management. They encompass metrics that demand the Board’s particular attention due to their regulatory-driven nature and their alignment with medium-to-long-term strategy execution.
By monitoring these measures, the board ensures that the firm’s risk-taking activities are in line with its strategic goals and risk tolerance, thereby promoting responsible risk management and long-term sustainability.
The following principles guide Board Metrics:
- Primarily strategic, focused on the medium-to-long term.
- Mandate regular Board review.
- Support Board decision-making.
- Breaches necessitate Board intervention.
Executive Risk Appetite Metrics
Executive risk appetite measures provide a practical and actionable framework for the executive leadership team to monitor and manage risk. By aligning decisions with the firm’s risk tolerance, executives contribute to effective risk management, improved decision-making, and working towards the achievement of strategic objectives. Executive risk appetite metrics complement the firm’s Board metrics and are overseen by the Executive level risk committees.
The following principles guide Executive Metrics:
- Aligned with short and medium-term strategy execution and the firm’s strategic risks.
- Demand Board review on an exceptional basis.
- Support executive decision-making.
- Breaches require Executive Committee attention.
MLRO Risk Appetite Metrics
MLRO risk appetite measures refer to specific indicators or metrics that are established at the local or business unit level. These measures help individual departments, divisions, or units assess and manage their own level of risk within the context of the firm’s overall risk appetite framework. MLRO risk appetite measures provide a more granular perspective on risk management and decision-making within different parts of the firm.
These metrics offer management a more granular understanding of the firm’s Board and Executive risk appetite.
MLRO Metrics should adhere to these principles:
- Clear alignment with Board and Executive metrics.
- Alignment, where relevant, with the firm’s business risks and control environment.
- Oversight lies with first-line business functions.
Thresholds For Triggers and Limits
To facilitate meaningful measurement and monitoring of risk appetite, each risk appetite metric should be accompanied by thresholds - often categorised as red, amber, and green (RAG). These thresholds delineate the desired risk levels for each metric and the level of risk the firm is willing to accept. Breaching the firm’s risk limits necessitates corrective action to restore risk to the desired level.
- Trigger - Triggers are established at a level that allows the firm time to take corrective measures to prevent a limit breach. Reaching a trigger does not constitute a breach of risk appetite. However, a decision must be made regarding whether corrective action is necessary to avert a potential limit breach. Trigger breaches are denoted as “amber.”
- Limit - A limit breach implies that the firm is operating beyond its risk appetite, jeopardising the realisation of strategic objectives. Swift investigation, corrective action, and escalation in line with established governance are required in the event of a breach. Consistent with common UK practice and PRA feedback, limit breaches are highlighted as “red” to underscore the severity of straying beyond the firm’s risk appetite.
Principles For Setting Appropriate Thresholds
Setting appropriate thresholds for risk appetite metrics requires careful consideration to ensure that they accurately reflect the firm’s risk tolerance and objectives. Key design principles to help establish effective RAG thresholds are:
- Trigger thresholds should be set at an appropriate level to allow management the time to detect and rectify a trigger breach before it evolves into a limit breach.
- When calibrating thresholds, both historical and anticipated future metric performance should be considered. Future performance should be based on the latest Medium-Term Plan (MTP) in support of strategic objectives where feasible. Limits and triggers are set at the desired risk level plus normal volatility.
- Take into account industry standards and regulatory requirements when setting risk appetite thresholds. Ensure that the thresholds align with external expectations and compliance obligations.
- Refer to the firm’s risk appetite statement to ensure that the risk appetite thresholds reflect the principles and limits articulated in the statement.
- Risk appetite thresholds should not be static. Regularly review and calibrate them based on changing business conditions, industry dynamics, and the firm’s risk landscape.
- Where there is a relationship between measures, the implications of their relative thresholds must be fully considered.
How Beyond MI Can Help
Beyond MI’s expertise offers a comprehensive solution to the challenge of establishing and refining appropriate financial crime risk appetite measures and thresholds for firms. Through our specialised approach, firms can effectively evaluate their risk management strategies, bolstering their overall resilience against potential financial crime risk threats and enhancing their financial crime control environment.
Contact us today to see how we can support you with your risk appetite reporting needs.