E-Book, Englisch, 374 Seiten
A Target Operating Model for Compliance and ESG Risks
E-Book, Englisch, 374 Seiten
ISBN: 978-3-95647-189-6
Verlag: Frankfurt School Verlag
Format: EPUB
Kopierschutz: Wasserzeichen (»Systemvoraussetzungen)
Norbert Gittfried is a Partner and Director at Boston Consulting Group. As topic coordinator for Compliance & Regulation, he advises large financial institutions worldwide on complex compliance transformations and the development of overarching non-financial risk steering approaches. His focus lies both in establishing effective Compliance and NFR Management systems, in digitising those functions and making them more efficient. Prior to joining BCG 11 years ago, he was Senior Manager at a Big 4 Company. He is a lecturer at Goethe Business School and a permanent representative in various industry bodies for FI. Georg Lienke is a lawyer and Associate Director at Boston Consulting Group focusing on non-financial risk management and Compliance. In his work for financial institutions and corporate clients over the last 15 years, his focus was on the design and implementation of target operating models for non-financial risk management. Georg regularly publishes on non-financial risk topic. He holds a Ph.D. in law from the Technical University Dresden and a Master of Laws in Corporate and Financial Law from the University of Hong Kong. Prior to joining BCG, Georg worked at a Big 4 Company and a global bank. Florian Seiferlein is an Associate Director at Boston Consulting Group. For over a decade, he advised leading companies on Compliance & Non-Financial Risks (NFR). He managed large-scale Compliance & NFR transformations, investigations and regulatory assessments in Europe, North America and Africa, and he was also a part of US Monitor teams. Prior to joining BCG, he worked for Big 4 and management consulting firms. Florian holds a Master of Science in business engineering (Karlsruhe Institute of Technology). Jannik Leiendecker is a Partner and an Associate Director at Boston Consulting Group. Over the last 11 years, his focus has been on Non-Financial Risk (incl. Compliance) and ESG. He has advised numerous clients especially within the Financial Services industry on the set-up and optimisation of their respective operating model. He has also co-authored various corresponding publications. Jannik holds a Master of Science in Economic History from the London School of Economics and a Bachelor of Science in Business from the Ludwig-Maximilians-University in Munich. Bernhard Gehra is a Senior Partner and Managing Director at Boston Consulting Group. His focus has been on Risk, Compliance and Technology for more than 20 years. During the last of those, he has led large worldwide projects focused on Risk and Non-Financial Risk. Furthermore, Bernhard recently managed ESG Compliance issues for large companies. Prior to joining BCG, he worked for a global securities service provider. Bernhard holds a Ph.D. in information science.
Autoren/Hrsg.
Weitere Infos & Material
Editors
Contributors
Foreword
Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG
Prof. Dr. Douglas Arner, Dr. Bernhard Gehra, Jannik Leiendecker, Dr. Georg Lienke
Definition of Non-Financial Risk in Financial Institutions
Martina Mietzner, Dr. Julia Gebhardt, Dr. Katharina Hefter, Jennifer Rabener, Dr. Carsten Wiegand
Risk Boundaries – Setting an Analytical Risk Appetite Framework for Non-Financial Risks
Federico Truffelli, Dr. Ulrich Göres, Lorenzo Fantini, Michele Rigoni, Luca Rancan
The Three Lines of Defence Model: Key Success Factors for Effective Risk Management
Dr. Oliver Engels, Marc Peter Klein, Peter Gürtlschmidt, Dr. Georg Lienke, Rei Tanaka
Global Functional Lead in Non-Financial Risk Management: Ensuring Consistency and Integration in Complex Organisations
Ulrike Brouzi, Dr. Michael Lange, P. Robert Mieszkowski, Jannik Leiendecker, Dr. Georg Lienke, Florian Seiferlein, Norbert Gittfried, Rei Tanaka
Policies and Procedures: Framework and Governance Requirements in the Financial Sector
Dr. Erasmus Faber, Björn Stauber, Dr. Georg Lienke
Top-Down Risk and Control Assessment: A Forward-Looking Approach to Evaluate Company-Wide Non-Financial Risk Exposure
Hurdogan Irmak, Burcu Nasuhoglu, Dr. Erasmus Faber, Lorenzo Fantini, Benedetta Testino, Jannik Leiendecker, Barbara Fojcik, Dr. Georg Lienke
A Top-Down Approach to Non-Financial Risk Reporting: Collaboration Across Risk Types for Sustainable Risk Steering
Valérie Villafranca, Dr. Georg Lienke, Florian Seiferlein, Kai Gammelin, Dr. Katharina Hefter, Norbert Gittfried
Internal Investigations into Corporate Misconduct: Applying an Investigative Approach to Enable Proactive Risk Oversight
Lora von Ploetz, Florian Seiferlein
Technical Application and Data Architecture for Non-Financial Risk Management
Kai Gammelin, Björn Stauber, Dr. Christian N. Schmid, Dr. Jan-Oliver Fröhlich, Annika Melchert, Daniel Wagner
Data Governance in Non-Financial Risk Management
Björn Stauber, Dr. Christian N. Schmid, Dr. Jan-Oliver Fröhlich, Annika Melchert, Daniel Wagner
Optimising Effectiveness and Efficiency: Deployment of Artificial Intelligence in Non-Financial Risk Management
Dr. Jochen Papenbrock, Dr. John Ashley, Dr. Georg Lienke, Florian Seiferlein, Norbert Gittfried
Core Elements of Conduct and Ethics in the Context of Non-Financial Risk
Dr. Barbara Roth, Dr. Erasmus Faber, Dr. Julia Gebhardt, Dr. Katharina Hefter
Managing Conduct Risk: Framework and Perspectives
Prof. Dr. Martin Schulz, Dr. Julia Gebhardt, Dr. Katharina Hefter, Rene Bystron
Successful ESG Transition: Implications and Challenges for Effective Risk Management
Anita Varshney, Jannik Leiendecker, Aytech Pseunokov
Bibliography
1 Introduction: Rising to the Challenges of Non-Financial Risk Management, Compliance and ESG
Prof. Dr. Douglas Arner, Dr. Bernhard Gehra, Jannik Leiendecker, Dr. Georg Lienke Historically, financial institutions have focused many of their risk management efforts on financial exposures directly attributed to core business activities. However, in recent times, non-financial risk (NFR) management with an emphasis on compliance and environment, social and governance (ESG) risks has moved up the policy and executive agendas, amid new regulations, a range of compliance issues (some leading to significant fines) and an increasing pressure to act as change agents in the transition towards a decarbonised economy. A robust NFR framework is indispensable in case of crises, so that necessary quick and effective reaction measures can be taken. This became unmistakably clear in the conflict between Russia and the Ukraine, with unprecedented sanctions being imposed on Russia that heavily affect the global financial industry and non-financial sectors. This handbook analyses the major success factors for meeting the requirements of modern non-financial risk management: an institution-specific target operating model (TOM) integrating all critical components – strategy, governance, risk management, information technology and data architecture including digitisation and artificial intelligence as well as ethics. The handbook has been written by senior NFR, compliance and ESG experts from key markets in Europe, the US and Asia, and it gives practitioners the necessary guidance to master the key challenges in today’s global risk environment. Each chapter includes key regulatory requirements, major implementation challenges, practical solutions and industry examples. 1.1 New risks and challenges
Institutions face non-financial risks across a range of activities: from onboarding clients to running IT systems and carrying out daily operations. Amid a continuous flow of new risks, failures in these areas can have significant economic and reputational consequences, both for the institutions as well as their executives. Globally, compliance issues led to 394 billion in fines during the years 2011 to 2020, including 50 billion in 2018, 2019 and 2020 alone.[1] In response, financial institutions have dramatically enhanced their oversight capabilities, leading to a proliferation of risk managers, internal auditors, control specialists and compliance officers, each with their own unique backgrounds, perspectives and skill sets. These teams of experts have tended to focus on specific areas, leading to the evolution of siloed and fragmented processes, the disjointed nature of which has itself become an operational risk. A lack of coordination has created gaps, overlaps and mismatches in the three lines of defence (3LoD) framework at most institutions. Risk functions today often produce different risk reports that apply different methodologies to analyse and quantify risk, making it difficult for executives to put risk categories into proportion and arrive at accurate implications for overall risk management. This comes on top of existing complexity: global financial organisations need to orchestrate separate product divisions, infrastructure functions (including risk management) and geographical regions, representing a range of legal entities in local jurisdictions as well as regulators and regulatory systems and requirements in multiple jurisdictions. At the same time, they need to weave in effective and efficient measures to manage non-financial risks. The challenges are significant, suggesting that a holistic, structured approach is critical. 1.2 A forward-looking solution for non-financial risk management in the financial industry
To continue to thrive in an increasingly challenging risk environment, financial institutions need to develop a sophisticated approach to non-financial risk management. This can be done by establishing an institution-specific non-financial risk TOM, which will subsequently allow for a proper definition of risks, creating an integrated view of the 3LoD and building an effective internal control system – informing a sensible executive decision-making that can prevent inevitable risks getting out of control. This handbook outlines the key ingredients of a non-financial risk TOM for financial institutions. The book sections follow a consistent structure: chapters start with an individual introduction to the topic at hand, followed by a summary of key regulatory expectations across the EU, the US and Asia. Each chapter assesses operational challenges and complexities, and it delivers approaches to define solutions based on industry success factors. Chapters are augmented by practical, hands-on examples from seasoned practitioners. They conclude with the summaries of key takeaways. 1.3 Defining and aligning non-financial risk categories
Risks are inherent to every business model, so that a zero-risk tolerance approach is in fact counter-intuitive. Historically, financial institutions have focused their attention on financial risks, including credit risk, market risk, liquidity risk and funding risks, aggregating the remainder under a category most often labelled as operational risk. Recently, non-financial risks have evolved as an independent category for risk management, allowing for a more tailored approach to management of individual non-financial risks. Chapter 2 provides a general definition of non-financial risk, delineates non-financial risk from financial risk, and provides definitions for categories and types of non-financial risk for financial institutions. 1.4 Establishing a non-financial risk appetite framework to prevent an undesirable risk-taking
Following the definition of non-financial risk, chapter 3 provides a holistic approach to defining a non-financial risk appetite framework for financial institutions across three levels. This includes qualitative risk appetite statements for individual non-financial risk categories, outlining the level and types of risk that the financial institution is willing to take on in order to achieve its strategic objectives and business plan (level 1). Qualitative risk appetite statements are broken down into risk appetite metrics and corresponding thresholds, enabling institutions to set quantifiable tolerance levels for non-financial risk and underlying operational activities (level 2). Level 3 cascades the risk appetite framework to business lines and entity levels via pre-defined key risk indicators, facilitating the early detection of potential deviations from risk appetite objectives and potentially triggering timely interventions. The chapter also draws an outline of the corresponding governance that is required to operate a risk appetite framework. 1.5 Building key governance and organisational pillars for non-financial risk management
Three chapters outline the governance and organisational structures required for sustainable non-financial risk management, standing on three major pillars. The three lines of defence (LoD) model (chapter 4) defines the roles and responsibilities of the first LoD (front, middle and back office), the second LoD (risk control functions) and the third LoD (internal audit). The chapter focuses on the independence of second-LoD control functions and describes the concept of risk coordinating functions in the first LoD as a regulatory competence centre, coordination unit and interface to the second LoD. ‘Global functional lead’ (chapter 5) stands for a combination of strategic, governance and risk management elements defined by an institution that aim to enable a consistent execution of risk management activities across complex organisations. It comprises the central setting of global risk management standards by horizontal risk management functions and their execution by vertical product- or region-focused functions, with direct or indirect reporting lines into horizontal functions. A policy and procedure framework (chapter 6) intends to ensure that standards are met in the execution of an institution’s business and operational activities. It builds a structural policy hierarchy, allocating the financial institution’s documents including board directives, policies and procedures to different hierarchical levels. It structures them by risk types, business segments and relevant geographies. 1.6 Generating excellence in the non-financial risk management lifecycle
Three chapters describe the most essential components of a financial institution’s non-financial risk management lifecycle. Sophisticated institutions apply a top-down approach to non-financial risk assessment, using risk-type agnostic criteria to evaluate their exposure to non-financial risks and derive the proper implications for bank-wide risk management. Chapter 7 elaborates on the methodology for a top-down non-financial risk assessment. A key element of effective risk mitigation is the underlying internal control framework. Controls can take a variety of forms, ranging from automated/manual process controls to the conduct of training sessions and the definition of internal policies and requirements. A comprehensive internal control framework needs to combine a top-down approach (focusing on controls addressing the most...
