Non-financial risk management in the financial industry : a target operating model for compliance and ESG risks / Norbert Gittfried [and four others].

Format:

Book

Author/Creator:

Gittfried, Norbert, author.

Language:

English

Subjects (All):

Risk management--Social aspects.

Risk management.

Risk management--Standards.

Physical Description:

1 online resource (374 pages)

Edition:

1st ed.

Place of Publication:

Frankfurt am Main : Frankfurt School Verlag, [2022]

Summary:

Managing environment, social and governance (ESG) risk, compliance risk and non-financial risk (NFR) has become increasingly critical for businesses in the financial services industry. Furthermore, expectations by regulators are ever more demanding, while monetary sanctions are being scaled up. Accordingly, ESG, Compliance and NFR risk management requires sophistication in various aspects of a risk management system.This handbook analyses a major success factor necessary for meeting the requirements of modern risk management: an institution-specific target operating model (TOM) integrating strategy, governance & organisation, risk management, data architecture and cultural elements to ensure maximum effectiveness. Also, institutions need to master the digital transformation for their business model to be sufficiently sustainable for the years to come. This book will offer ways on how to achieve just that.The book has been written by senior ESG, Compliance and NFR experts from key markets in Europe, the U.S. and Asia. It gives practitioners the necessary guidance to master the challenges in today's global risk environment. Each chapter covers key regulatory requirements, major implementation challenges as well as both practical solutions and examples.

Contents:

Title

Table of contents

Editors

Contributors

Foreword

1 Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG

1.1 New risks and challenges

1.2 A forward-looking solution for non-financial risk management in the financial industry

1.3 Defining and aligning non-financial risk categories

1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking

1.5 Building key governance and organisational pillars for non- financial risk management

1.6 Generating excellence in the non-financial risk management lifecycle

1.7 Using data, IT and artificial intelligence

1.8 Putting conduct and ethics at the centre of sustainable non- financial risk management

1.9 Environment, social and governance: Implications for effective risk management

2 Definition of Non-Financial Risk in Financial Institutions

2.1 Introduction

2.2 History of non-financial risk and specifications by key regulators

2.2.1 A short history of non-financial risk

2.2.2 Existing non-financial risk specifications by key global and regional regulators and associations

2.3 Differentiation of financial and non-financial risk

2.3.1 Financial risk definition

2.3.2 Non-financial risk definition

2.4 Specific clusters of non-financial risk

2.4.1 Operational risk

2.4.1.1 Financial crime risk

2.4.1.1.1 Money-laundering/terrorist financing risk

2.4.1.1.2 Sanctions and embargoes risk

2.4.1.1.3 Bribery and corruption risk

2.4.1.1.4 Facilitation of tax evasion

2.4.1.2 Conduct risk

2.4.1.2.1 Market conduct risk

2.4.1.2.2 Client conduct risk

2.4.1.2.3 Employee conduct risk

2.4.1.3 Regulatory compliance risk

2.4.1.4 Fraud risk

2.4.1.4.1 Account-opening fraud risk

2.4.1.4.2 Debt/credit card fraud risk.

2.4.1.4.3 Fraudulent paper-based payment transactions risk

2.4.1.4.4 Online banking fraud risk

2.4.1.4.5 Credit fraud risk

2.4.1.4.6 Theft risk

2.4.1.4.7 Embezzlement/breach of trust risk

2.4.1.4.8 Antitrust violation risk

2.4.1.4.9 Balance sheet manipulation

2.4.1.5 Information, Communication &amp

Technology (ICT) and Cyber risk

2.4.1.5.1 Data confidentiality risk

2.4.1.5.2 Data availability risk

2.4.1.5.3 Data integrity risk

2.4.1.5.4 Information security risk

2.4.1.6 Data privacy and bank secrecy risk

2.4.1.6.1 Data privacy risk

2.4.1.6.2 Bank secrecy risk

2.4.1.7 Resilience risk

2.4.1.8 Outsourcing and vendor risk

2.4.1.8.1 Intragroup outsourcing risk

2.4.1.8.2 External outsourcing risk

2.4.1.8.3 Vendor risk

2.4.1.9 Tax reporting risk

2.4.1.10 Other operational risk

2.4.1.10.1 Human resources risk

2.4.1.10.2 Legal risk

2.4.1.10.3 Physical damage risk

2.4.1.10.4 Execution, delivery and process risk

2.4.1.10.5 Reporting risk

2.4.1.10.6 Accounting risk

2.4.1.10.7 Project risk

2.4.1.10.8 Competition law risk

2.4.1.10.9 Model risk

2.4.2 Strategic risk

2.4.2.1 Reputational risk

2.4.2.2 Sustainability risk

2.4.2.2.1 Climate change risk

2.4.2.2.2 Human rights risk

2.4.2.3 Business risk

2.4.2.3.1 Forecasting risk

2.4.2.3.2 Inorganic growth risk

2.4.2.3.3 New business risk

2.4.2.3.4 Investor relations risk

2.5 Conclusion and outlook

3 Risk Boundaries - Setting an Analytical Risk Appetite Framework for Non-Financial Risks

3.1 Introduction

3.1.1 Regulatory requirements

3.1.2 RAF in practice

3.2 RAF Level 1: Overall Risk Appetite Statement

3.2.1 Overall statement

3.2.2 Prohibited activities

3.3 RAF Level 2: Risk Appetite metrics

3.3.1 Defining appropriate metrics

3.3.2 Metrics: setting the thresholds.

3.3.2.1 Thresholds based on benchmark and historical internal loss data for a metric based on operational losses

3.3.2.2 Thresholds based on residual risk levels for a metric based on risk assessment

3.4 RAF Level 3: Key Risk Indicators

3.4.1 Selecting key risk indicators

3.4.1.1 Candidate indicators identification

3.4.1.2 Appetite tracking suitability

3.4.1.3 Expert judgement

3.4.2 KRIs: setting and calibrating the thresholds

3.4.2.1 Threshold calibration based on historical data analysis and percentiles

3.4.2.2 Threshold fine-tuning based on benchmarking and backtesting

3.5 RAF Governance

3.5.1 RAF design and update

3.5.2 RAF monitoring and reporting

3.5.3 RAF threshold breaches and escalation

3.5.4 Action plan definition

4 The Three Lines of Defence Model: Key Success Factors for Effective Risk Management

4.1 Introduction

4.2 Regulatory framework in selected key jurisdictions

4.2.1 European Union

4.2.2 United States of America

4.2.3 Hong Kong

4.2.4 Singapore

4.2.5 Risk-type-specific qualifications of the 3LoD model: financial crime prevention

4.2.5.1 EU: remaining country-specific variation in 1st and 2nd LoD mandate

4.2.5.2 United States of America: BSA Compliance officer

4.2.5.3 Hong Kong: Money Laundering Reporting Officer and Compliance Officer

4.3 Key roles and responsibilities of 1st, 2nd and 3rd LoD

4.3.1 The first line of defence: risk owner

4.3.1.1 Scope of 1st LoD mandate

4.3.1.1.1 Risk ownership

4.3.1.1.2 Implementation and execution of 1st LoD controls

4.3.1.2 Allocation of 1st LoD responsibility

4.3.1.3 1st LoD risk-coordinating function (1.5th LoD)

4.3.1.3.1 Coordination of risk management activities

4.3.1.3.2 Interface to 2nd LoD

4.3.1.3.3 Regulatory advisor

4.3.2 The second line of defence: internal control functions.

4.3.2.1 Scope of 2nd LoD mandate

4.3.2.1.1 Standard setting

4.3.2.1.2 Testing of 1st LoD controls

4.3.2.1.3 Risk assessment

4.3.2.1.4 Training and advisory

4.3.2.2 Risk materiality and corresponding intensity of 2nd LoD risk oversight

4.3.2.3 Independence of 2nd LoD risk oversight

4.3.2.3.1 Organisational independence

4.3.2.3.2 Functional independence

4.3.2.3.3 Internal control functions performing 1st LoD activities

4.3.2.4 Key success factors for effective 2nd LoD risk oversight

4.3.2.4.1 Methodology consistency across 2nd LoD functions

4.3.2.4.2 Bodies and committees: adequate 2nd LoD participation and information sharing

4.3.2.4.3 Appointment of primus inter pares non-financial risk governance function

4.3.3 The third line of defence: internal audit as provider of independent assurance

4.3.3.1 Independent assurance

4.3.3.1.1 Adequacy of risk management framework

4.3.3.1.2 Design and operating effectiveness

4.3.3.1.3 Compliance with regulatory requirements and internal standards

4.3.3.2 Advising the board of directors

4.4 Common pitfalls of the 3LoD model and precautionary measures

4.4.1 Insufficient risk ownership by 1st LoD

4.4.2 Lack of 2nd LoD expertise

4.4.3 Inadequate assurance by 3rd LoD

4.5 Conclusion

5 Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and Integration in Complex Organisations

5.1 Introduction

5.2 Regulatory framework in select key markets

5.2.1 European Union

5.2.2 United States of America

5.2.3 Hong Kong

5.2.4 Singapore

5.3 Global functional lead: individual corporate parameters to consider

5.3.1 Corporate culture

5.3.2 Organisation's complexity

5.3.3 IT landscape

5.3.4 Geographical footprint

5.4 Major components of global functional lead in non-financial risk management.

5.4.1 Operating model: striking a balance between global standards and regional execution

5.4.1.1 Regulatory horizon screening

5.4.1.2 Setting of risk-specific standards

5.4.1.3 Training and advisory

5.4.1.4 Controls by the 1st and 2nd line of defence

5.4.1.5 Non-financial risk assessment

5.4.1.6 Non-financial risk reporting

5.4.1.7 Group risk oversight

5.4.2 Reporting lines: establishing implementation accountability in vertical functions

5.4.2.1 Solid reporting lines into local legal entity and branch

5.4.2.2 Dotted reporting lines into global risk management organisation

5.4.3 Meeting governance: supporting effective management of a global risk function

5.5 Conclusion

6 Policies and Procedures: Framework and Governance Requirements in the Financial Sector

6.1 Introduction

6.2 Regulatory framework in selected key jurisdictions

6.2.1 European Banking Authority (EBA)

6.2.2 US regulators

6.2.2.1 The Federal Reserve

6.2.2.2 Office of the Comptroller of the Currency

6.2.3 Hong Kong Monetary Authority

6.2.4 Monetary Authority of Singapore

6.3 Policy framework: key implications for a target concept

6.3.1 Status quo: need for structured approach

6.3.1.1 Lack of a harmonised approach

6.3.1.2 Policy gaps and redundancies

6.3.2 Policy framework: design concept and hierarchies

6.3.2.1 Design concept: key hypotheses for an effective policy framework

6.3.2.1.1 Harmonised design approach

6.3.2.1.2 Completeness

6.3.2.1.3 Uniform naming convention

6.3.2.1.4 Precise wording

6.3.2.1.5 Assignment of responsibilities

6.3.2.1.6 Governance rules

6.3.2.1.7 Linkage to internal processes and controls

6.2.2.2 Suggested hierarchy levels: key criteria and examples

6.3.2.3 Level one: overarching risk strategies, policies and documents - risk and business segment agnostic.

6.2.2.3.1 Key criteria.

Notes:

Description based on print version record.

Other Format:

Print version: Gittfried, Norbert Non-financial Risk Management in the Financial Industry

ISBN:

3-95647-190-3