Hanif Barma explains how the Risk Coalition can help firms improve practices and avoid falling foul of the regulators
The UK Financial Conduct Authority (FCA) recently fined Standard Life Assurance £30m for annuity failures. This was on top of the £25m it paid in customer redress. Unfair treatment of customers, financial stress, IT failures, security breaches, the list of potential risks for firms is a long one.
New risks also continue to emerge (particularly relating to cyber, digital data and other technology-related risks) and macro risks (such as sociopolitical risks and climate change risks) are taking on greater proportions, particularly impacting insurance businesses.
At the heart of these issues has been inadequate risk management and oversight. The big challenge for those responsible for risk oversight is the lack of clarity as to 'what good looks like'. Unlike for audit committees and internal audit functions, for example, there is currently no principles-based guidance for board risk committees or for the second line risk function.
Risk committees and risk functions can have very differing remits and capabilities across regulated firms. To address this gap, the Risk Coalition was formed.
"The guidance should challenge firms' thinking about their current risk practices and offer a real opportunity to drive improvement"
The Risk Coalition is a network of not-for-profit professional bodies and membership organisations committed to raising standards of risk governance and risk management. In 2018, it launched the Risk Guidance Initiative to raise the bar through developing principles-based guidance for risk committees and risk functions in financial services.
After 18 months' work and extensive outreach involving firms from different parts of the insurance sector, the Risk Coalition has just launched its consultation for the guidance. The CII is a valued supporter of the initiative and risk director, Becky Merritt, says: "The draft guidance is very good, easy to read and use. I can see this being very helpful for risk committees."
The guidance, designed for proportionate application, is in two parts. The first part identifies a number of key principles relating to board risk committees. The guidance helps such committees navigate thorny issues, such as clarifying the respective responsibilities of the board and the risk committee for risk oversight. It helps the risk committee understand its relationship with the two other key committees -- audit and remuneration.
It sets out important expectations of the risk committee for ensuring risk strategy is aligned to the organisation's purpose, values, corporate strategy and strategic objectives. It also makes clear the risk committee's responsibility for principal risks -- both current and emerging risks -- and for overseeing the organisation's risk culture.
Importantly, it also sets out the risk committee's responsibility to safeguard the independence and oversee the performance of the chief risk officer and the second-line risk function. The second part of the guidance sets out principles and guidance for risk functions.
The guidance aims to raise the bar in financial services firms' risk oversight activities. Some firms may find some proposals challenging and may need time to fully apply the principles, depending on the maturity of their risk function and risk framework. But at the very least, the guidance should challenge firms' thinking about their current risk practices and offer a real opportunity to drive improvement.
The consultation period runs until 20 September and final guidance is anticipated at the end of 2019. The Risk Coalition welcomes views from a wide range of stakeholders that have an interest in improving risk practices.
To read the guidance and for more information, visit: riskcoalition.org.uk/consultation
Hanif Barma is co-founder of the Risk Coalition and a director at Board Alchemy