Abstract
Heightened risk governance standards have become increasingly prevalent in financial institutions following the global financial crisis, apportioning greater responsibilities upon board directors. One such responsibility of the board is the requirement to formally articulate and monitor firm-wide risk appetite. For the first time, this study probes the risk appetite practices of global financial institutions, collected through a series of semi-structured interviews with risk governance actors. We find that the practice of establishing firm-wide risk appetite has a profound impact upon firms’ activities. Before the crisis, many boards lacked a clear understanding of risk profiles, limiting effective internal monitoring. Following the adoption of risk appetite, firms appear to improve monitoring and take into account aggregate risk levels. Moreover, there are signs that the cascading of risk appetite may contribute to improved risk conduct levels. This research is relevant to academics, providing insight for research into this emerging board-level practice. For practitioners, this study offers a unique lens to benchmark their monitoring activities for the first time.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
Introduction
The financial crisis has been attributed in part to shortfalls in risk management and corporate governance at financial institutions [1, 2]. There was a significant disparity between the risk-taking perceptions by bank directors and the actual risk profiles undertaken by their firms, weakening internal monitoring capabilities [3, 4].
Accordingly post-financial crisis, policy-makers and regulators responded with a suite of heightened risk governance practices to enhance board oversight. One such risk governance practice relates to the adoption of risk appetite statements by the board of directors, defined as the written articulation of the aggregate level and types of risks that a firm will accept or avoid in order to achieve its business objectives [5, p. 10].
Prior to the crisis, heightened risk governance practices were not required by supervisors; corporate governance activities often focused on oversight of strategic objectives and apportioning risk responsibilities [6]. One such emerging risk governance practice, adopted by leading financial institutions following regulatory intervention, is the articulation and active monitoring of the firm’s risk appetite by the board of directors. Risk management experts note this practice as representing a fundamental paradigm shift in banking [7, 8].
Directors are expected to understand and monitor the risks of the firm [9]. However, little is known about the processes that board directors follow to satisfy these obligations. If regulators expect enhanced risk oversight in the boardroom, directors require tools to identify acceptable risk profiles, actively measure and monitor risk levels, and allocate risk limits to the business units. Risk appetite statements now contribute materially to that risk governance process.
Historically, earlier versions of the Basel corporate governance guidelines made little or no reference to risk appetite [10]. However, the more recent Basel (2015) corporate governance principles mention the role of risk appetite-related processes over 40 times, demonstrating the importance regulators now attach to this emerging practice [5]. The “Annex” to this paper sets out further supervisory publications relating to risk appetite, indicating the growing reach of this regulatory-driven change.
The aim of this study is to develop a better understanding of how this newly emerging risk governance process is being adopted by global financial institutions. Given there has been little previous research on the actual use of risk appetite statements, our research is distinctive in its focus on a regulatory-driven emerging boardroom practice and provides unique insight into development, implementation, and benchmarking of this practice. Interviews with board directors and other executive senior risk professionals provide a unique lens to facilitate our examination of how financial institutions are embracing regulatory-driven changes to their governance processes.
These practitioners revealed their risk appetite-setting processes, explained the cascading of the risk appetite statement to business units, and shared early signs of impact upon their firms’ operating performance. They provided information on the battery of metrics that boards now regularly review as part of their risk governance responsibilities, highlighting the challenging nature of developing a suite of risk measures, and the growing imperative to improve measurement of operational risks such as the incidence of fraud, cyber losses, or reputational risks, also notoriously difficult to measure. The research also noted early signs of improvements in risk culture and conduct since the adoption of risk appetite arrangements, a key aim of supervisors [11].
Regulatory-driven changes to governance practice can have an enormous practical impact upon financial institutions, increasing monitoring costs, and potentially realising certain benefits. The key findings of this study validate the use of risk appetite statements by financial institutions as an emerging risk governance practice and unearth a rich battery of metrics and practices for benchmarking by practitioners.
Following this introduction, our paper scopes the literature domains related to risk appetite. Next, the methodology for this research is presented, including research approach and data collection procedures. After the key research findings are explored, a discussion of the implications of the research upon academic and practitioner communities is provided.
Literature review—risk appetite
Given that risk appetite arrangements are associated with board oversight of firm-wide risk taking, we view this activity through an agency theory lens. Effective internal monitoring, consistent with agency theory, requires robust mechanisms to overcome the unique set of challenges associated with financial institutions, such as informational asymmetries, opaqueness of risk profiles and asset quality, and exposure to a broad set of firm stakeholders.
There are various unique challenges present in banking which make it distinctive and necessitate strong risk management processes. Take for example information asymmetries. Although fixed claimants and depositors provide most of funding to a bank’s capital structure, they rarely appreciate the actual realised level of risk taking [12]. This conflict is further exacerbated by bank deposit insurance schemes, which reduce external monitoring incentives and hinder market discipline [13]. Owners with diversified holdings have incentives to take greater risks than managers, whose shareholdings are tied up in the firm [14]. Other issues can arise with management incentives as overly generous incentive structures and option-based schemes may encourage greater short-term risk taking, in terms of overall leverage levels or credit risk profiles [15].
In addition, the opacity of a financial institution’s risk profiles (given loan extensions and bespoke product-level complexities) obscure true asset quality profiles, thus hindering internal monitoring effectiveness [16]. Boards failed to manage risk prior to the financial crisis in part because they lacked the relevant risk-based information [17]. Further, given their access to the capital markets, financial institutions can alter their risk profiles with ease, thus making actual risk profiles difficult to monitor in real time [18].
Well-executed risk appetite processes at the board level mitigate these issues, create effective limits for unsanctioned risks, and aggregate the accumulation of risk across all business lines.
The Senior Supervisors Group identified an insufficient level of board-level monitoring of risk appetite levels in the pre-financial crisis period [19]. In effect, they found a disparity in the perception of risk taking by the board versus actual risk levels. There are notable examples of ineffective setting of the firm’s risk appetite in the practitioner literature. One such episode was when the board of directors at Merrill Lynch were for the first time advised of a $30 billion exposure to subprime CDOs, a clear breach of establishing, cascading, and monitoring risk appetite levels from the top of the firm [20].
A further example relates to the risk governance failings of HBOS Plc. The regulator’s report on this episode concluded that one of the key factors in its demise was the board’s failure to enforce a group-wide risk appetite, evidenced by the discovery of a £9 billion portfolio of illiquid assets falling essentially outside of its group board-approved risk appetite framework [21]. Experts also highlight here that there was an absence of an effective risk appetite strategy as well as a failure to allocate and aggregate risk appetite across business units [22].
Global regulators responded to these shortcomings by requiring the larger and systemic banks and financial institutions to adopt risk appetite statements as a risk governance practice [5, 23]. The boards of directors of financial institutions are now responsible for overseeing a strong risk governance framework, including risk culture, clear roles for risk management/control functions, and risk appetite [24]. Other risk governance mechanisms included empowering chief risk officers [25], establishing board-level risk committees with experienced members [26], and assigning greater duties upon board directors in establishing an effective risk culture [10].
Regulatory expectations for greater board engagement and oversight of risk are on the rise. Policy-makers and observers now call for greater board director accountability and argue that directors face heightened monitoring obligations to stakeholders [27]. However, meeting these higher standards requires more-than-enhanced effort norms or larger boards, and it also calls for structural changes relating to the process and activities relating to risk governance. Improvements in risk management practices will be limited until a thorough understanding of portfolio risk profiles become well embedded into risk management and oversight activities [28].
The board’s discussion on risk appetite ideally caters for issues such as strategy (i.e. which risks must be taken), stakeholder’s interests (i.e. how risk taking is perceived), risk capacity (i.e. which capital or human resources are required to accept these risks, including technical capabilities) as well as prevailing business conditions and the overall competitive environment [29].
Related to the risk appetite statement is the risk appetite framework, which is defined as the broader set of the policies, controls, and systems, and limits through which risk appetite is established and monitored [30]. Other concepts related to risk appetite include firm-wide risk profile, the assessment of the firm’s actual risk exposures at a point in time and risk capacity, which is the maximum level of risk that firm can assume before it breaches a regulatory or rating constraint [31]. Risk capacity is the outer limit that defines a serious consequence to the firm, such as a material impact to capitalisation or a ratings downgrade that could hinder the business model [30].
The board of directors is expected to approve the risk appetite framework and also to hold management accountable for its effective implementation and allocation of the firm’s risk appetite. For example, in order to meet growth or return targets, the firm may pursue riskier lending strategies or services, but the board-approved risk appetite then can guide the firm back towards a more natural footing within that risk appetite [32]. Consistent with its internal monitoring role, the board is expected to question activities that fall outside its articulated risk appetite, examine all breaches, and obtain a regular independent assessment of the risk appetite process design and its overall effectiveness [30].
Risk appetite translates board-established risk metrics into day-to-day business decision-making in risk-taking environments [33]. This practice may be cascaded to business heads, line management, lending and underwriting professionals, trading desks, and operations staff. Financial institutions are risk-taking businesses, and the trade-off relating to risk and return may be guided by risk appetite [34]. Accountability for articulating and monitoring the firm’s risk appetite is one means to demonstrate that it provides an effective challenge to the CEO [32]. Risk appetite arrangements are increasingly seen as a means to hold boards to account for strategic considerations as well as providing internal monitoring over day-to-day activities [35, 36].
A board’s responsibilities not only include approval and monitoring of the risk appetite framework, but also ensure its linkage to the firm’s technology, capital planning, incentive programs, and strategic decision-making processes [32]. From an operational risk perspective, risk appetite is the so-called glue that holds together a framework for risk identification, assessment, escalation, and overall effective governance [37].
Historically, compensation at banks was often tied to revenue generation and thus insensitive to the levels of risk taking, so a greater alignment between risk appetite and compensation (i.e. compensation vesting periods, claw backs, and CRO involvement in compensation philosophies) is an important step forward for financial institutions [19].
Improving risk culture and conduct levels are at the cutting edge for supervisors and practitioners alike. Experts have labelled risk appetite and risk culture as two sides of the same coin [38]. That is, firms with effective organisation-wide risk governance are encouraged to take risks as long as it respected their allocated risk appetite, unlike other firms that seek compliance to an unwieldy or ineffective limit structure. In essence, this suggests that risk appetite triggers a constant dialogue amongst the board, CEO, CRO, and the business line, encouraging, and embedding an improved firm-wide risk culture over time.
Much of the aforementioned literature applies to banking, but other financial institutions also adopt risk appetite arrangements. Recently, nearly 50 insurer risk appetite frameworks were reviewed by a leading market player with a clear linkage noted between strategy, risk management, and overall surplus levels to risk appetite [39]. Experts expect that risk appetite arrangements in the insurance industry to set out a holistic framework for risk taking [40]. Central banks and regulators are now publishing their own risk appetite statements, providing an unambiguous example to industries they supervise [41].
Some experts argue that improved ethical behaviour, rather than heighted risk governance, is the missing element in financial institutions and is, at least in part, responsible for the intellectual failure that occurred during the period before the global financial crisis [42]. However, others argue that risk appetite is a management tool providing a learning curve for the board of directors and executives, not to be confused with a fixed formulaic approach [43]. From a practical aspect, allocating risk appetite across various business and geographic units, data limitations and development of a risk culture are all challenging activities relating to risk appetite [44]. Aggregating at the top firm-wide risk appetite can also be testing for risk governance actors [45].
Consultants and advisors acknowledge that banks struggle to embed risk appetite across the enterprise and specifically experience difficulty in translating firm-wide risk appetite into day-to-day planning and business operations [46]. However, these difficulties only underscore the fact that risk appetite may be more a journey of constant development than a one-time quick fix in complex institutions.
Notwithstanding these initial efforts to disseminate conceptual research and a suite of practitioner articles on risk appetite, field-collected empirical data relating to the use of risk appetite frameworks is largely non-existent, underscoring the gap that presently exists in this literature domain.
Research methodology
Few financial firms provide a detailed risk appetite statement to the public, perhaps because of the high potential commercial value of this information to competitors. Given the absence of empirical data, a qualitative approach is employed to facilitate a better understanding of the social interactions, factors of organisational structure, and activities relating to risk governance [47]. Given the aims of our research question, an inductive approach employing semi-structured interviews has been adopted.
Semi-structured interviews have been used elsewhere to peer into corporate governance processes of financial institutions and related internal monitoring matters. For example, Mikes (2008) chronicles the role of CROs in over a dozen international banks to report material stakeholder interests at work [48]. Ashby et al. (2013) interviewed senior risk governance staff to find evidence of the role incentives in extreme risk taking in the business unit while risk management staff limit their role to passive risk assessors [47].
Data collection and sample
Consistent with prior research, the data collection technique included a series of semi-structured interviews with senior risk and corporate governance professionals. All but one of the firms represented within the sample are large financial institutions. They represent together over $9 trillion of assets and include several institutions labelled as Systemic Important Financial Institutions (i.e. SIFIs) by regulatory authorities. The sample comprised of 12 senior governance professionals at the board and C-Suite levels.
Table 1 presents selected information on the study participants. These professionals were contacted via email, social media, or via professional industry contacts. The interviews, all conducted by the lead researcher, typically took up to 1 hour each and were recorded. The interview agenda covered the five subject areas outlined in Table 2, namely organisational ownership of risk appetite, risk appetite measurement, cascading of the risk appetite framework down to the line of business, signs of impact to risk culture, and impact to firm external stakeholders.
Research findings
The interviews generated a rich data set into the practice of board-determined risk appetite. All the financial institutions within the sample have adopted risk appetite statements, and boards of directors have formally approved and monitor the risk appetite framework.
Our headline findings include evidence of clear ownership of the risk appetite process by risk governance professionals; identification of a battery of risk appetite measurement metrics used by the board of directors; preliminary evidence of cascading of risk appetite to the business unit; and early signs of potential impact upon risk culture and conduct levels. Each of the question responses are presented in Table 3 below, in the words of the study participants. Institutional ownership of risk appetite is considered first in the interview series. As an indicator of the scope of change underway, 100% of the sample validated that the board reviews, approves, and monitors the risk appetite statement at least annually. Almost half of the sample stated that the CEO, CRO, and/or risk management staff prepared the risk appetite statement for review, consideration, and debate with the board of directors.
One-third of interviewees indicated that risk appetite frameworks are a new concept and have only recently been applied to the firm in a serious manner. Several quotes from the interviews support this finding. One interviewee noted: “2 or 3 years ago, the concept of risk appetite statements would have drawn a blank look by the board, even in our risk management team. But now that has changed”. Another said: “The risk appetite statement is a genuine document. The board approves the risk appetite statement and any amendments… the board can veto it too”.
One firm used a colour-coding system at the board level to indicate variable risk levels over time as market or risk profiles change and approach limits. When a business activity or transaction migrates from green to amber indicating growing risk taking, a broader set of risk governance players gets involved to debate the rationale for the change or alternatively a recommendation to cut the position. At another institution, a matrix approach is being implemented to allocate risk appetite for each of the three relevant categories (i.e. credit, market, and operational risk) down to the business unit.
Measurement metrics is the second aspect of the interview agenda. Effectively implementing risk appetite demands clear metrics that the firm can agree and monitor. These metrics are observable relative to an upper bound that can be taken given the firm’s capacity to absorb losses. Regulators recommend that risk appetite reflect a mix of qualitative and quantitative considerations [5].
One participating firm in the sample indicated that it preferred a single risk appetite metric, volatility of its profit and loss, as a simple measure of risk appetite by both the board of directs and the business. The participant argued that an advantage of having a single metric was that it was well appreciated by the board and risk management: “Because you are dealing with the board, they may not have a very good sense for the Greeks, value-at-risk and so on, so a single measure is a good starting point for us”. This approach resonates with conceptual literature indicating single key risk appetite metric can be applied across all risk types and business lines alike [38].
Earnings volatility over a given time period was identified by one-third of the study participants. Participants often referred to credit (or losses) as well as market risk metrics risks as the so-called hard measures compared to softer metrics, such as operational metrics including client switches (switching to another bank), regulatory misreporting, and incidence of fraud. Multiple metrics for risk appetite was adopted in all but one global firm. Table 4 describes the suite of risk appetite metrics collected from this study.
Single client, geographical sector, industry concentration or other aggregate limits were referenced by 50% of the sample, with risk capital and liquidity-related metrics also identified in 42 and 50% of the sample, respectively. Participants VII and XII, both unique in being insurance companies, bucketed their risks according to the underlying risks underwritten, for example health and life, non-life, premium, or weather risks whereas operational risks where often categorised in a similar way as banks.
Risk appetite metrics for the so-called soft risks noticeably generated more challenges for the interviewees and their firms. Board risk appetite for these risk metrics can be notoriously difficult to define and measure [49].
Study participants identified there were a multitude of qualitative measures for soft risks, and several firms relied upon different metrics depending upon their business model. Examples of different measures employed include customer complaints received, the occurrence of fraud, the use of ghost shoppers, tracking negative social media hits, episodes of erroneous reporting, regulatory sanctions, and IT/systems lapses.
In one insight, interviewees identified the challenge of tabulating different units of measure for operational risk categories (i.e. some measured in days of an occurrence, others in frequency of the occurrence, yet others measured by a dollar sum of estimated losses incurred). One interviewee explained that a probability of the occurrence of the event, multiplied by a loss quantum framework, perhaps could be developed over time but challenges remained in fitting different soft risk metrics into one unit of measure.
Cascading of risk appetite is a third interview agenda item. In this study, 83% of the participants confirmed cascading of risk appetite had been occurring for some time. Individual business line executive or risk committees often played a role with one senior executive adding: “Each line of business has its own executive committee and its own risk appetite statement, which flows up to the board to aggregate within the firm-wide risk appetite statement”. This is also insightful given research discussed earlier concerning the failures to aggregate and cascade downwards risk appetite in pre-financial crisis episodes.
This study identified further findings related to cascading of risk appetite. First, cascading requires exceptional communication between the board, senior management, and the business lines. One of the participants added: “We cascade down from one group board to several business divisions and then further down to over 50 individual business units; this is a journey for us. It goes all the way down the business, new business proposals must include a reference to risk appetite”. Another participant added: “Yeah, it touches the account manager to remind them it is there”.
Some participants indicated that cascading of risk appetite was limited to the business heads while others suggested risk appetite statement goes right down to trading staff and credit underwriting staff. Two firms in this study require all professionals to take annual online exams and case studies on the firm’s risk appetite, in an effort to distil key principles across to the business unit.
The concept of cascading opened up issues of allocation of risk appetite across competing business units and subsidiaries. There was also a growing sense of the need to actively manage risk appetite as a limited resource. One commented: “Where do we want to spend our risk appetite?”
Another participant chimed in: “We need to allocate risk appetite where we have the right earnings potential per unit of capital, not conduct this as a passive exercise”. Such dynamics suggest a portfolio management approach to risk appetite, with active aggregation, allocation, and re-allocation developing over time as this practice matures.
Impact upon culture and conduct is the forth interview agenda item with 58% of the firms felt that risk appetite processes were beginning to positively impact their risk culture. “Risk appetite discussions between the chief executive and business heads, exclusive of risk management, are now taking place that rarely occurred before”. Another executive added: “Few crazy requests come in here anymore…. risk appetite has absolutely has had an influence on risk culture”.
One interviewee explained: “Risk appetite frameworks can send a clear signal about what works and what doesn’t work here”. Another firm, which implemented risk appetite statements 7 years ago following exceptional trading losses, is now observing a positive impact to its risk culture levels, which it credits in part to risk appetite and in part to incentives to adhere to trading limits.
A further insight which emerged in the course of the study was the identification of evidence of a substantial decline in trading breaches during the time period in which risk appetite statements were implemented. One study participant explains: “4 or 5 years ago, we observed around 60 risk appetite breaches of which five or six traders were repeat offenders. These traders felt the impact to their compensation and that shocked people… This is an example of living and breathing it”.
The above episode illustrates another emerging issue, which is the linkage of risk appetite and risk culture to incentive schemes in financial institutions. Several firms also confirmed that repeat limit offenders who breach the board-determined risk appetite framework would suffer with reduced compensation levels.
In response to a question whether failure to comply with the firm’s risk appetite framework could impact compensation, one participant said: “Yes, that’s the message. It bites”. Another participant added that compensation was at the top of the list impacting culture. “Compensation is no longer top line driven, and risk culture is at the heart of this change.”, he added. One non-executive director of a global insurance firm put it this way: “If someone exceeds the risk appetite limit repeatedly, the chief risk officer is informed and she sends a report to the board. It is recorded in the minutes and the regulator sees the minutes… essentially their pocketbook will likely feel the pain”.
Certain structural organisational arrangements may facilitate the building of a robust risk culture in conjunction with risk appetite. One study participant explained that regular training programs on risk culture, values, and ethics dovetailed well with their risk appetite efforts. Another participant from a North American bank added: “We have on-line training for all employees on risk appetite, including the existence of relevant metrics and desired behaviours.”, she explained.
One final area of the interview agenda is to identify any signs of impact of risk appetite arrangements to external parties. One interviewee explained: “Regulators are the most impacted outside the board and the risk committee… they conduct a gap analysis on your actual risk profile and risk appetite and ask lots of questions… regulators have assumed an obtrusive role in a way that did not exist beforehand”.
One governance professional said: “The regulator reads the risk appetite statement, absolutely. We might increase risk appetite say in property and they would question that change and what is driving it”. Some of the governance players involved in risk appetite believe shareholders are at best an indirect beneficiary of the process, with one study participant explaining: “Shareholders… have a sense for risk appetite and want to know the company is compliant with this process”. Another interviewee, however, had a somewhat different perspective: “We are not really trying to score any goals with shareholders per se on this front”. A third agreed with this position: “Risk appetite and our equity investors? They haven’t seen it yet”.
Discussion
This study was shaped by inductive design in order to understand more about the use of risk appetite statements by risk governance actors in large global financial institutions.
We now discuss these findings and make several observations to frame future research in this area.
We start with identifying how risk appetite may be theoretically positioned within theory and practice. Practically speaking, two tasks dominate boards: monitoring and advice [50]. Board monitoring, positioned within agency theory, ensures ultimate oversight of firm activities as opposed to providing advice.
However, monitoring within financial institutions is a particularly challenging endeavour given the complexity and opaque risk profiles of many financial institutions [16]. Articulating the firm’s risk appetite is a practice that is consistent with internal monitoring. In all data collected within our sample, the board or its risk committee review and formally approves the risk appetite statement following input from risk management.
This study has unearthed several key findings associated with the adoption of risk appetite arrangements by global financial institutions. We find that risk appetite appears to be a well-used tool to ensure enhanced risk governance and internal monitoring objectives. We have observed that global financial institutions are establishing clear risk appetite boundaries across credit, market, and operational risk limits. The metrics employed are precise and often driven down to single obligor and industry exposures. Although earnings volatility is used in 30% of the sample and has the obvious benefit of simplicity, we observed the remaining firms apply a more diverse set of metrics.
While more traditional risks such as credit and market risk may have access to traditional metrics that can be employed in the setting of risk appetite, operational risk profiles appear to be more troublesome for firms. This may reflect not the risk appetite process per se, but more the challenges for designing metrics to measure the operational risk of large financial institutions.
Regulators and supervisors seek the development of improved conduct levels and risk culture in global financial institutions. Large financial institutions continue to face serious risk culture and conduct issues resulting in serious fines and growing legal expenses linked to capital markets [51], retail banking [52], and transactional banking businesses [53]. Risk appetite frameworks may contribute to an improved risk culture if combined with staff incentives and other corporate governance mechanisms to promote better staff conduct.
In summary, risk appetite frameworks have emerged as an important tool for boards and executives to assess the risk-return trade-off faced in everyday banking, leading to improved and informed internal monitoring processes.
Conclusion and further study
There are growing calls for an overhaul of the recently adopted regulation of financial institutions [54]. Such regulation can benefit all stakeholders but can also have a detrimental impact upon lending volumes, reduce incentives for market discipline, and introduce significant financial costs relative to its benefits [55]. Thus, evidence regulatory-driven practices which contribute towards mitigating excessive and unsanctioned risk taking is a welcome development given the re-assessment of supervisory changes ushered in since the financial crisis [47].
Risk appetite arrangements have recently appeared on the boardroom scene as an increasingly important aspect of overall firm-wide risk governance. As chronicled in this study, they are a worthy addition to the suite of financial regulation introduced since the global financial crisis. Evidence has been presented that the adoption of risk appetite arrangements has had a material consequence to the daily activities of the board of directors, C-suite executives and establish acceptable risk boundaries and monitoring processes.
Investors, depositors and other creditors of financial institutions could use data distilled from these risk governance processes to provide more effective external monitoring. For example, subtle changes in risk appetite can be detected by business sector in firm annual reports, supplemental information embedded in Pillar Three processes, or via disclosure within the BHC FR Y-9C reporting collected and disseminated by the Board of Governors of the Federal Reserve System in the USA to collect such data.
Regulators also now have a new tool to better assess the relative safety and soundness of financial institutions. The potential wealth of data from assessing both relative and time period changes in risk appetite statements materially augments the regulator’s arsenal of prudential tools—in fact one expert has suggested that regulators may in fact mandate firms to reduce their risk appetite if justified based on systemic considerations [22]. Further study of risk appetite arrangements may include a deeper look into operational risk profiles given the challenges it appears to pose to practitioners and the growing relevance of cyber and reputational risks. Also, empirical examination of the linkage and relation between these risk governance activities and improved conduct measures would be a welcomed addition to this literature domain, given the growing importance attached to risk culture in financial institutions in today’s supervisory framework.
References
Branson, B. 2010. The role of the board of directors and senior management in enterprise risk management. In Enterprise risk management, ed. J. Fraser and B. Simkins, 51–67. London: Wiley.
Ellul, A. 2015. The role of risk management in corporate governance. Annual Review of Financial Economics 7: 1–37.
Senior Supervisors Group. 2009. Risk Management Lessons from the Global Banking Crisis of 2008. https://www.sec.gov/news/press/2009/report102109.pdf. Accessed January 15, 2015.
Financial Crisis Inquiry Report. 2011. The Final Report of the National Commission on the Causes of the Financial and Economic Crisis in the US. http://www.gpo.gov/fdsys/pkg/GPO-FCIC/pdf/GPO-FCIC.pdf. Accessed August 16, 2015.
Basel. 2015. Basel Committee on Banking Supervision Guidelines. Corporate Governance Principles for Banks. http://www.bis.org/bcbs/publ/d328.htm. Accessed August 25, 2015.
Charkham, J. 2003. Guidance for the Directors of Banks. The Global Corporate Governance Forum—The World Bank. http://www.ifc.org/wps/wcm/connect/bd9bc00048a7e730aa6fef6060ad5911/Focus_2_Guidance_for_Directors_of_Banks.pdf?MOD=AJPERES. Accessed June 20, 2015.
Lawrence, M. 2011. Risk appetite: the key to the new risk paradigm. How to run a bank. http://www.apec.org.au/docs/11_CON_GFC/HTRAB_040-043_Lawrence.pdf. Accessed May 4, 2016.
Alix, M. 2012. Risk governance: Appetite, culture and limits of limits. Speech to risk USA 2012 conference, New York City, 14 November.
Mehran, H., and L. Mollineaux. 2012. Corporate Governance of Financial Institutions. Federal Reserve Bank of New York Staff Reports. www.newyorkfed.org/research/staff_reports/sr539.pdf. Accessed March 2, 2015.
Gontarek, W. 2016. Risk governance of financial institutions: The growing importance of risk appetite and culture. Journal of Risk Management in Financial Institutions 9(2): 120–129.
Lui, A. 2015. Greed, recklessness or dishonesty? An investigation into the culture of five UK banks between 2004 and 2009. Journal of Banking Regulation 16(2): 106–129.
Becht, M., P. Bolton, and A. Roëll. 2011. Why bank governance is different. Oxford Review of Economic Policy 27(3): 437–463.
Barth, J., G. Caprio, and R. Levine. 2004. Bank regulation and supervision: What works best? Journal of Financial Intermediation. 13(2004): 205–248.
Laeven, L., and Levine, R. 2009. Bank Governance, regulation and risk-taking. Journal of Financial Economics. https://www.bancaditalia.it/pubblicazioni/altri-atti-seminari/2009/Laeven_bank_risk_jfe_final.pdf. Accessed January 3, 2015.
Prager, J. 2013. The financial crisis of 2007/08: Misaligned perspectives, bank mismanagement and troubling policy implications. Economics, Management and Financial Markets. 8(2): 11–56.
Levine, R. 2004. The Corporate Governance of Banks: A concise discussion of concepts and evidence. https://openknowledge.worldbank.org/bitstream/handle/10986/14239/WPS3404.pdf?sequence=1. Accessed January 3, 2015.
Pirson, M., and S. Turnbull. 2011. Corporate governance, risk management, and the financial crisis: An information processing view. Corporate Governance: An International Review 19(5): 459–470.
Dewatripont, M., and Freixas, X. 2012. The crisis aftermath: New regulatory paradigms. http://www.voxeu.org/sites/default/files/file/Crisis_Aftermath.pdf. Accessed June 5, 2015.
Senior Supervisors Group. 2010. Observations on developments in risk appetite frameworks and IT infrastructure. http://www.newyorkfed.org/newsevents/news//2010/101223.html. Accessed June 20, 2015.
Financial Crisis Inquiry Report. 2011. The Final Report of the National Commission on the Causes and the Financial and Economic Crisis in the US. http://www.gpo.gov/fdsys/pkg/GPO-FCIC/pdf/GPO-FCIC.pdf. Accessed August 16, 2015.
BOE. 2015. The failure of HBOS Plc. http://www.bankofengland.co.uk/pra/Documents/publications/reports/hbos.pdf. Accessed January 30, 2016.
McConnell, P. 2016. Strategic risk management: The failure of HBOS and its regulators. Journal of Risk Management in Financial Institutions. 9(2): 147–162.
OSFI. 2013. Canadian bank regulator: Sound Business and Financial Practices. www.Osfi.bsif.gc.ca. Accessed September 3, 2013.
Coluccia, D., S. Fontana, E. Granziano, M. Rossi, and S. Solimene. 2017. Does risk culture affect bank’s volatility? The case of the G-SIBs. Corporate Ownership & Control. 15(1): 33–43.
Ellul, A., and V. Yerramilli. 2013. Stronger risk controls, lower risk: Evidence from U.S. Bank Holding Companies. The Journal of Finance 68(5): 1757–1803.
Federal Register. 2014. OCC guidelines establishing heightened standards for certain large insured national banks and federally insured savings associations. 79(176). https://www.federalregister.gov/documents/2015/12/17/2015-31658/guidelines-establishing-standards-for-recovery-planning-by-certain-large-insured-national-banks. Accessed December 16, 2015.
Macey, J., and O’Hara, M. 2014. Bank Corporate Governance: A paradigm for the post-crisis world. https://fnce.wharton.upenn.edu/linkservid/6703E275-5056-893A-285F1F77AF3D52FF/showMeta/0/. Accessed July 17, 2015.
Claessens, S., and L. Kodres. 2014. The regulatory responses to the global financial crisis: Some uncomfortable questions. IMF Working Papers 14(46): 1–39.
PWC. 2014. Board oversight of risk: Defining risk appetite in plain English. http://www.ceolearningnetwork.com/_assets/library/2014/08/Defining-Risk-Appetite.pdf. Accessed August 15, 2015.
FSB. 2013. The financial stability board. Thematic Review on Risk Governance. http://www.financialstabilityboard.org/2013/02/r_130212. Accessed July 1, 2015.
Alix, M. 2012. Risk governance: Appetite, culture and the limits of limits. Federal Reserve Bank of New York. Speech to the Risk USA 2012 Conference. New York: November 16.
Yoost, D. 2014. Board oversight of the risk appetite framework. RMA Journal 11: 44–51.
Sabato, G. 2009. Financial crisis: Where did risk management fail? International Review of Applied Financial Issues and Economics 2(2): 315–327.
Stulz, R. 2015. Risk-taking and risk management by banks. Journal of Applied Corporate Finance 27(1): 8–16.
Davies, B. 2013. How do boards address risk management and oversight? Journal of Risk Management in Financial Institutions 6(4): 352–365.
McConnell, P. 2013. Improving risk governance: A proposal on board decision-making. Journal of Risk and Governance. 2(3): 173–198.
Girling, P. 2013. The operational risk framework. In Operational risk management, ed. P. Girling. https://doi.org/10.1002/9781118755754.ch3.
Jackson, P. 2014. Risk appetite and risk culture: A regulatory view. Risk culture and effective risk governance. London: Risk Books.
http://blog.willis.com/2017/03/top-10-ideas-insurers-include-in-their-risk-appetite/.
Shang, K., and Z. Chen 2012. Risk appetite: Linkage with strategic planning. http://actuaries.asn.au/microsites/actuaries-managing-risk/knowledge. Accessed April 29, 2015.
OCC. 2016. OCC Risk Appetite Statement. Available at: https://www.occ.treas.gov/publications/publications-by-type/other-publications-reports/risk-appetite-statement.pdf. Accessed August 1, 2017.
Power, M. 2009. The risk management of nothing. Accounting, Organizations and Society 34(2009): 849–855.
Wymeersch, E. 2012. Risk if financial institutions—Is it managed? http://ssrn.com/abstract=1988926. Accessed January 4, 2015.
IACPM/PriceWaterhouse. 2014. Risk Appetite Frameworks: Insights into evolving global practices. https://www.pwc.com/risk. Accessed January 29, 2016.
Ellul, A. 2015. The role of risk management in Corporate Governance. Annual Review of Financial Economics 7: 279–299.
Ernst & Young. 2014. Ernst and Young LLP. The Future of Global Banking. Bank Governance Leadership Network. Tapestry Networks. www.tapestrynetworks.com/initatives.financial-services/bank-govenrance-leadership-network.cfrm. Accessed March 7, 2015.
Ashby, S., L. Peters, and J. Devlin. 2014. When an irresistible force meets an unmovable object: The interplay of agency and structure in the UK financial crisis. Journal of Business Research 67(2014): 2671–2683.
Mikes, A. 2009. Risk management and calculative cultures. http://ssrn.com/absract=1138636. Accessed January 23, 2016.
Davies, H. 2014. The Dilemma of defining risk appetite in banking. The Financial Times. September 14, 2014. http://www.ft.com/cms/s/0/8363a88c-380c-11e4-a687-00144feabdc0.html#axzz3gbSy2ygG. Accessed May 29, 2015.
Hillman, A., and T. Dalziel. 2003. Boards of Directors and Firm Performance: Integrating Agency and Resource Dependence Perspectives. The Academy of Management Review 28(3): 383–396.
Understanding the LIBOR Scandal. The Council on Foreign Relations. https://www.cfr.org/backgrounder/understanding-libor-scandal. Accessed January 12, 2017.
The Wells Fargo Cross-Selling Scandal. The Harvard Law School Forum on Corporate Governance and Financial Regulation. https://corpgov.law.harvard.edu/2016/12/19/the-wells-fargo-cross-selling-scandal/. Accessed February 2, 2017.
Standard Chartered fined $300 million by financial watchdog. https://www.theguardian.com/business/2014/aug/20/standard-chartered-fined-300m-money-laundering-compliance. Accessed January 10, 2016.
The Fed weighs changes to reduce board’s regulatory role. https://www.reuters.com/article/us-usa-banks-boards/fed-weighs-changes-to-reduce-bank-boards-regulatory-role-idUSKBN1AJ2HQ. Accessed September 15, 2017.
Federal Financial Analytics. (2015) The Consequences of Systemic Regulation for US Regional Banks. Available at: http://www.fedfin.com/~fedfin/images/stories/press_center/Press_Release_PR_080615.pdf. Accessed April 28, 2016.
Acknowledgements
The authors are grateful for the feedback provided at numerous conferences including the International Corporate Governance Society (ICGS) 2016 conference held at the Harold S. Geneen Institute at Bentley University in Boston Massachusetts USA, the British Academy of Management DBA Symposiums at Cranfield School of Management in 2015 and 2016, and at the International Risk Management Conference 2017 held in Italy hosted by NYU Stern/Florence School of Banking & Finance/University of Udine. We are also grateful for informal practitioner background relating to risk appetite participated in at the Banking Conduct and Culture Conference sponsored by the Institute for Regulation and Ethics associated with the G30 report on conduct at Clothworker’s Hall in London in 2016. Thanks also to Dr Deidre A. Anderson and Dr Yacine Belghitar of Cranfield School of Management for input into earlier versions of this research. We also thank the practitioners that participated in this research.
Author information
Authors and Affiliations
Corresponding author
Annex
Annex
Some selected recent supervisory literature related to risk appetite arrangements.
Title/Year | Title |
|---|---|
Walker (2009) | A review of corporate governance in UK banks (UK) |
Senior Supervisors Group (2009) | Risk management lessons from the global banking crisis—2008 |
Senior Supervisors Group (2010) | Observations on developments in risk appetite statements and IT infrastructure |
IIF (2011) | Implementing robust risk appetite frameworks to strengthen financial institutions |
EBA (2011) | EBA Guidelines on internal governance |
CRD IV | Capital Requirements Directives (EU) |
G30 (2012) | Toward effective governance of financial institutions |
FSB (2013) | Thematic review on risk governance |
FSB (2013) | Principles for effective risk appetite framework |
OSFI (2013) | Canadian bank regulator: Sound business and financial practices (Canada) |
MAS (2013) | Guidelines on corporate governance for financial holding companies (Singapore) |
Basel (2014) | Corporate governance principles for banks (consultative) |
Federal Register (2014) | OCC guidelines establishing heightened standards for certain large insured national banks and federally insured savings associations (US) |
Ireland (2014) | Feedback statement on risk appetite: A discussion paper (Ireland) |
BOE (2015) | Corporate governance: Board responsibilities consultation paper CP18/15 (UK) |
BOE (2015) | Internal governance (UK) |
BBA (2015) | Response to consultative document on guidelines for corporate governance principles for banks (UK) |
Basel (2015) | Corporate governance principles for banks |
G30 (2015) | Banking conduct and culture |
ECB (2016) | SSM supervisory statement on governance and risk appetite |
OCC (2016) | OCC Bulletin 2016-25: New comptroller’s handbook booklet (US) |
Rights and permissions
About this article
Cite this article
Gontarek, W., Bender, R. Examining risk governance practices in global financial institutions: the adoption of risk appetite statements. J Bank Regul 20, 74–85 (2019). https://doi.org/10.1057/s41261-018-0067-2
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41261-018-0067-2