Risk Appetite and Risk Management Framework
Download MP3www.marktreichel.com
https://www.linkedin.com/in/mark-treichel/
https://www.linkedin.com/in/mark-treichel/
1. Risk Management Framework Components:
- Risk Culture - Established by board and management, sets tone from top
- Risk Appetite - Formal statements and limits that define acceptable risk levels
- Risk Management System - Including the three lines of defense
2. Risk Appetite:
- Should be commensurate with institution's size and complexity
- Must be supported by capital levels
- Requires clear metrics and reporting systems
- Needs documented processes for when limits are approached or breached
- Should be consistently communicated throughout organization
3. Three Lines of Defense:
- First Line: Front-line business units conducting transactions and operations
- Second Line: Risk management department (in larger institutions) led by Chief Risk Officer
- Third Line: Internal audit function testing controls and verification
4. Key Risk Management Principles:
- Risk management culture is foundational to effectiveness
- Smaller institutions can accomplish goals without full three lines structure
- Need to avoid managing risks in silos
- Importance of aggregating risks across organization
- Chief Risk Officer role should support but not have veto power
5. Best Practices:
- Document and communicate risk appetite clearly
- Establish appropriate metrics and reporting
- Have action plans for when limits are approached
- Ensure staff feels comfortable raising risk concerns
- Maintain independence of risk oversight functions
6. Resources Available:
- OCC Director's Reference Guide contains useful guidance on risk governance
- Includes questions to consider and potential red flags
- Contains comprehensive references on risk and corporate governance
The episode emphasized that while sophistication levels vary by institution size, core risk management concepts remain consistent and should be applied appropriately based on each credit union's specific circumstances.