Regulatory Affairs

IIF Releases Two New Reports on Risk Appetite and Risk IT

June 17, 2011

The Institute of International Finance publicly released today at an Open Program and Press Conference in London two important new reports prepared under the auspices of the IIF Steering Committee on Implementation:

Implementing Robust Risk Appetite Frameworks to Strengthen Financial Institutions, prepared by the Working Group on Risk Appetite; and Risk IT and Operations: Strengthening Capabilities, produced by McKinsey & Co. with input from the Risk IT Working Group.

The report Implementing Robust Risk Appetite Frameworks to Strengthen Financial Institutions addresses a topic that has increasingly come to be seen as central to post-crisis governance and supervision of firms. Putting in place an effective risk appetite framework is of fundamental importance to the management of risk, but many firms encounter difficulties in doing this. The main purpose of the report is to provide practical insights on how to overcome the main challenges involved, drawing on the experiences of firms that have made progress in this difficult area. The report includes a set of recommendations for boards of directors, senior management, the risk management function, as well as setting out some implications for supervisors. However, it does not propose any one particular approach to risk appetite. Financial services firms come in many shapes and forms and there is no one size fits all when it comes to designing an effective risk appetite framework.

The report Risk IT and Operations: Strengthening Capabilities addresses issues related to the technology used to collect, store, calculate, manage, and report risk data (the risk IT), together with the set of processes used to manage risk (the risk operations) – hence the term risk IT/Ops. Risk IT/Ops is a topic of considerable importance in part because it is essential to improving firms’ internal risk management capabilities in accordance with prior IIF recommendations. In addition, the Senior Supervisors Group has expressed a number of concerns in this area, particularly regarding firms’ ability to aggregate their risk exposures. The report provides a point of reference to firms as they continue to upgrade their risk management capabilities. It is also intended to provide assurance to the authorities that the industry takes very seriously the criticisms on the state of firms’ risk IT/Ops, that progress is being made, and that the commitment to improvement will be sustained.