Financial Stability Board’s Principles for an Effective Risk Appetite Framework
To: AABD Members and Friends
From: David Baris, Executive Director, AABD
Date: December 10, 2013
Subject: Financial Stability Board’s Principles for an Effective Risk Appetite Framework
On July 17, 2013, the Financial Stability Board issued its FSB Principles for an Effective Risk Appetite Framework (“FSB Principles”), designed for systematically important financial institutions. These principles are undoubtedly relevant to members of the American Association of Bank Directors who serve on the boards of the largest banks in the U.S. and abroad.
But some observers also believe that they are or may be relevant to directors of smaller banks, even community banks. This is based on the view that eventually, a number of regulatory requirements imposed on large financial institutions will trickle down to smaller institutions.
Charles Thayer, Chairman Emeritus of AABD, wrote an article recently for Western Independent Bankers on the relevance that FSB Principles may have for directors of smaller institutions.
Page 7 of the FSB Principles sets forth recommendations as to the role of a board of directors in the adoption of an effective risk appetite framework:
- Approve the firm’s RAF, developed in collaboration with the CEO, CRO and CFO, and ensure it remains consistent with the firm’s short- and long-term strategy, business and capital plans, risk capacity as well as compensation programs;
- Hold the CEO and other senior management accountable for the integrity of the RAF, including the timely identification, management and escalation of breaches in risk limits and of material risk exposures;
- Ensure that annual business plans are in line with the approved risk appetite and incentives/disincentives are included in the compensation programmes to facilitate adherence to risk appetite;
- Include an assessment of risk appetite in their strategic discussions including decisions regarding mergers, acquisitions, and growth in business lines or products;
- Regularly review and monitor actual versus approved risk limits (e.g. by business line, legal entity, product, risk category), including qualitative measures of conduct risk;
- Discuss and determine actions to be taken, if any, regarding “breaches” in risk limits;
- Question senior management regarding activities outside the board-approved risk appetite statement, if any;
- Obtain an independent assessment (through internal assessors, third parties or both) of the design and effectiveness of the RAF and its alignment with supervisory expectations;
- Satisfy itself that there are mechanisms in place to ensure senior management can act in a timely manner to effectively manage, and where necessary mitigate, material adverse risk exposures, in particular those that are close to or exceed the approved risk appetite statement or risk limits;
- Discuss with supervisors decisions regarding the establishment and ongoing monitoring of risk appetite as well as any material changes in the elements of the RAF, current risk appetite levels, or regulatory expectations regarding risk appetite;
- Ensure adequate resources and expertise are dedicated to risk management as well as internal audit in order to provide independent assurances to the board and senior management that they are operating within the approved RAF, including the use of third parties to supplement existing resources where appropriate; and
- Ensure risk management is supported by adequate and robust IT and MIS to enable identification, measurement, assessment and reporting of risk in a timely and accurate manner.