Independent Risk Management is, in the context of banking regulation, a function within the financial firm that operates (relatively) independently from the remainder of the firm (usually denoted the business). Organizationally it falls under the direction of a Chief Risk Officer (CRO), a senior position with sufficient stature, independence, resources and access to the management board.
The Risk Management Function should be sufficiently independent of the business units and should not be involved in revenue generation. Such independence is an essential component of an effective risk management function, as is having access to all business lines that have the potential to generate material risk to the bank as well as to relevant risk-bearing subsidiaries and affiliates.
In the popular Three Lines of Defense paradigm of Risk Management the independent risk function is a key component of the bank’s second line of defence. The function is responsible for overseeing risk-taking activities across the enterprise and should have authority within the organisation to do so.
Effective CROs are concerned with what the institution’s leaders may not know and, therefore, must occasionally offer a contrarian point of view; otherwise, the decision-making process may end up flawed with “group think.” In today’s environment, decision-making processes should be driven by objective assessments of the risk/reward balance, rather than by the emotional investment, management bias and short-termism that underlie dangerous organizational blind spots.
- Identifying material individual, aggregate and emerging risks (a process known as Risk Identification
- Assessing these risks and measuring the bank’s exposure to them (a process known as Risk Measurement
- Subject to the review and approval of the board, developing and implementing the enterprise-wide risk governance framework, which includes the bank’s Risk Culture, Risk Appetite and risk limits;
- Ongoing monitoring of the risk-taking activities and risk exposures in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs (ie Capital Planning);
- Establishing an early warning or trigger system for breaches of the bank’s risk appetite or limits;
- Influencing and, when necessary, challenging decisions that give rise to Material Risk;
- Reporting to senior management and the board or Risk Committee on all these items, including but not limited to proposing appropriate risk-mitigating actions.