The Risk Coalition is an association of not-for-profit professional bodies and membership organisations committed to raising the standards of risk management in the UK. In December 2019, following industry consultation, it published “Raising the bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services sector”. A key aim of this guidance is to provide a benchmark against which board risk committees and risk functions can be assessed objectively. Although written for UK firms, it is equally useful for financial services companies regulated in Ireland.
There are two separate sections to the guidance. The first section sets out principles and guidance for board risk committees. This contains eight principles on: board accountability, composition and membership, risk strategy and risk appetite, principal risks and continued viability, risk management and internal control systems, risk information and reporting, risk culture and remuneration and; chief risk officer and risk function independence and objectivity. The second section sets out principles and guidance for the risk function. This contains nine principles on: independent risk oversight and challenge, independent and objective perspective, risk governance, risk reporting, corporate strategy and objectives, risk function independence and effectiveness, risk culture, innovation and change; and group risk functions.
Each of the principles is elaborated on in further detail. The guidance is not specific to any particular type of risk profile and so can be generally applied. The introduction recognises that it should be applied proportionately depending on the size of the company. It is intended to be evolutionary rather than revolutionary in nature. Nonetheless it is likely that for most organisations there will be improvements that can be considered following reflection and discussion on this very useful paper.
Mirmam Sweeney is an actuary in Met Life and a member of the SAI ERM committee.
The views of this article do not necessarily reflect the views of the Society of Actuaries in Ireland, the Enterprise Risk Management Committee, or the author’s employer.