Overview RMF and risk appetite
The Risk Management Framework (“RMF”) sets out a high level view of the tools, techniques and governance in place at the bank to ensure all material risks facing the bank are correctly identified, understood and managed. This ensures a skilled “Risk Culture” being built into the organisation with all staff members having a clear articulation of risks applicable to the bank.
Risk culture may be described as "what people do when they are not being watched." Fostering behaviours that reinforce the bank's strong risk culture should be considered integral to the successful implementation of the bank’s risk management framework.
A simplified view of the various elements of the RMF is given below
The Risk Appetite Statement (RAS) sets out risk strategies of the bank with defined types and levels of risks that the bank is willing to accept in order to achieve its business objectives. The RAS sets the tone for consistent risk management across the business. It forms an integral part of the bank’s risk policies and risk management frameworks which collate the overall approach for managing risk within the bank. The RAS acts as a reference point to assist all staff within the bank to understand the appetite for risk acceptance across all the major risk types.
Risk appetite can be defined as the collective type and level of risk the bank is willing to assume within its ‘Risk Capacity’ to achieve its strategic objectives and business plan. A ‘Risk Tolerance’^^ range consists of maximum / minimum qualitative and quantitative limits showing Business-as-Usual (“BAU”) (Green), Early Warning Indicators (“EWI”) (Amber) and Triggers (Red) giving the business the ability to optimize its risk positioning and provides management with early warning ahead of any potential issue which may require invocation of recovery action.
The Risk Appetite “Trigger” is the maximum level of risk (Red RAG status) the bank can assume before breaching any Capital or Liquidity regulatory requirements and, from a conduct perspective, breaching its obligations to depositors, other customers and shareholders.
^^ Risk appetite is the amount and type of risk that the bank is willing to pursue or retain; risk tolerance is the bank’s readiness to bear the risk after treatment in order to achieve its objectives (ISO Guide: 73:2009). In setting metrics, EWIs and triggers these may be used interchangeably to facilitate specific limits monitoring.