Large Bank Supervision Forum eBook

Internal Use Only Risk Management ultimately determines residual risk in banks . . .

Board and Sr. Mgmt Oversight

Policies, Procedures, and Limits

Risk Monitoring and MIS

Internal Controls

Lines of authority and responsibility for risk management and policy adherence

Must identify, measure, monitor, and control significant risks

Establish Risk Appetite

Must address all material risks

Must establish accountability and lines of authority

Key assumptions must be reasonable and documented

Must have independence and objectivity

Skills, Knowledge and experience

Reports to the Board and Senior Mgmt must be accurate, timely, and comprehensive

Must address new products/services and modifications to existing

Ensure mgmt. is capable

Must be adequately tested and reviewed

69

© 2023 – FinPro, Inc.

Internal Use Only

Risk Mgmt Practices & Controls

Inherent Risk

Composite Risk

Trend

Moderate

Strong

Low Low

Neutral Neutral Neutral Neutral Neutral Neutral Neutral Neutral

Credit Risk Market Risk Liquidity Risk

Low

Acceptable Acceptable

Moderate Moderate

Moderate Moderate

Strong

Operational Risk

Low Low

Acceptable

Low Low Low Low

Legal Risk

Strong Strong Strong

Reputational Risk Strategic Risk Compliance Risk

Moderate Moderate

Notes: Inherent Risk

Low - Moderate - High

Risk Mgmt Practices & Controls

Weak - Acceptable - Strong

Composite Risk

Low - Moderate - High

Trend

Decreasing - Neutral - Increasing

70

© 2023 – FinPro, Inc.